Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1 that contains several user settings. GPO1 is linked toan
organizational unit (OU) named OU1.
The help desk reports that GPO1App1ies to only someof the users in OU1.
You open Group Policy Management as shown in the exhibit. (Refer to the Exhibit.) 
You need to configure GPO1 to App1y to all of the users in OU1.
What should you do?
A.
Modify the Security settings of GPO1.
B.
Disable Block Inheritance on OU1.
C.
Modify the GPO status of GPO1.
D.
Enforce GPO1.
Looks like D to me.
yeah you need to enforce it as there might be a Deny on a GPO above it.
i was wrong Enforce only applies to above GPOs, so it is Security as you need to make sure there are no Deny’s
what you need to know is if the users not getting the GPO are in the OU
So is it D? Other dumps say D as well.
A blue circle with an exclamation over a folder indicates an OU with inheritance blocked. Therefore the answer is ‘B. Disable Block Inheritance on OU1’.
the answer is A.
Obviously the GPO is enabled, because some of the users are getting the settings, so it isn’t B, check the status. The GPO is linked AT this OU, so the block and the inheritance cannot be the culprit. That leaves only security settings that do not allow all users access to the GPO. The dumps are wrong.
Sorry, I meant it isn’t C, the GPO status. IF any users are getting it, it’s enabled.
Also, it doesn’t need to be enforced since it is linked AT this OU. The settings apply here. And it doesn’t need to be enforced to override higher up settings BECAUSE of the block on the OU. This GPO applies to this OU, and this is the ONLY GPO that applies to this OU.
Agree with you
Answer: Enforce GPO1 (D)
Explanation:
When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit. It cannot be overruled by a Group Policy Object which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object.
Note: Left panel dont show OU below OU1
You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
• Enforce (previously known as “no override”) on a GPO link takes precedence over Block Inheritance on a domain or organizational unit.
• If you turn on Enforced and turn off Link Enabled for a GPO link, then the GPO does not apply.
http://technet.microsoft.com/en-us/library/cc782849(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/windowsserver/en-US/0453271c-bf23-461b-b001-7f353d293d08/enforced-or-not-in-group-policy-object?forum=winserversecurity
http://www.windowsnetworking.com/articles-tutorials/netgeneral/Group-Policy-Enforce-vs-Enforced-vs-Force.html
http://technet.microsoft.com/en-us/library/cc731076.aspx
http://technet.microsoft.com/en-us/library/cc736516(v=ws.10).aspx
“Enforce” simply means that CHILD OU’s can not block it, and that has nothing to do with this configuration because — the GPO is applied at the OU.
The left panel does show that there are no further OU’s beneath OU1. The only GPo applied to this OU is GPO1 therefore it has to be A: modify the security settings as security filtering doesn’t show the full details of the assignment of this GPO.
I agree with slansing, I think it is A.
Sounds like Security to me:
http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
(Since it is applying to some users already)
None of these make sense to me.
a
Modify the Security settings of GPO1.: It has authenticated users. thats everyone. So everyone has access
B.
Disable Block Inheritance on OU1.: the gpo is applied at the OU directly, not inerited No inheritance shouldnt affect a gpo at the ou level.
C.
Modify the GPO status of GPO1.: If some users are getting the settings, obviously the status is “users settings enabled”
D.
Enforce GPO1. there is nothing to enforce since the gpo is applied at the ou level!
WTF!!?!!!?!?
The Security Settings are under the Settings tab. Not the Scope tab as shown in the exhibit. It’s different than the “Security Filtering”.
totally agree. only caveat i can see is that some user are actually “guests” which aren’t contained in authenticated users. A far-stretched solution so i just guess this question/screenshot is incorrect.
Jesus Christ, its A.
If you edit a GPO then then do Right Click > Properties on the root node you can change permissions that do not show in the “Security Filtering” section. Only groups with the “Apply Group Policy” enabled show here. It is possible to set a group (or user) with the “Apply Group Policy” deny permission, which will not show in “Security Filtering”.
A
Answer: D Enforce GPO
GPO Security Filtering defaults to “Authenticated Users” so this is normal. (Tested in Lab)
Enforcing will do shit. The GPO is already linked in the damn OU.
Its definitely A however a dump i’m using says the answer is D.
If an OU has inheritance blocked, such as OU1 does here, then any policies ABOVE IT will not be inherited.. If a policy is linked to that OU then that policy will apply. I use this everyday in my work I don’t need to test it in a lab.
Enforcing this policy will not do anything. There’s no OU’s below that OU which could have inheritance blocked either.
The only option left is that some users/groups have a deny on the security settings (NOT the security filtering).
so does anyone know the real answer on the exam i think it is a myself any feed back would be greatly appreciated
Please just tell me what is the finall correct answer
Answer is “A” for discarding…
vote A
D doesn’t make sense if part of users from OU works good !!
It’s 100% A.
Correct answer is A. Not B ‘cos it doesn’t matter what it inherits or not from above – the problem is that GPO1 doesn’t apply to all users. Not C ‘cos some users are getting the settings and some not, Status would disable/enable all users/computers. And not D ‘cos it’s a bullshit answer (makes no sense – there’s nothing to enforce settings on below GPO1).