Which Group Policy Object (GPO) should you configure?

HOTSPOT
Your network contains an Active Directory domain named contoso.com.
Computer accounts for the marketing department are in an organizational unit (OU) named
Departments\Marketing\Computers. User accounts for the marketing department are in an
OU named Departments\Marketing\Users.
Marketing users can only log on to the client computers in the
Departments\Marketing\Computers OU.
You need to apply an application control policy to all of the marketing users.
Which Group Policy Object (GPO) should you configure?
To answer, select the appropriate GPO in the answer area.

HOTSPOT
Your network contains an Active Directory domain named contoso.com.
Computer accounts for the marketing department are in an organizational unit (OU) named
Departments\Marketing\Computers. User accounts for the marketing department are in an
OU named Departments\Marketing\Users.
Marketing users can only log on to the client computers in the
Departments\Marketing\Computers OU.
You need to apply an application control policy to all of the marketing users.
Which Group Policy Object (GPO) should you configure?
To answer, select the appropriate GPO in the answer area.

Answer:

Explanation:

References:
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/hh967461 .aspx
http://technet.microsoft.com/en-us/library/ee461050.aspx
http://technet.microsoft.com/en-us/library/ee461044.aspx



Leave a Reply 10

Your email address will not be published. Required fields are marked *

11 + twenty =


Hernan

Hernan

GPO 3 is the answer. Application control is used for machines settings, so we must change the GPO over machine OU

Andy

Andy

How about this, Hernan?

“Can AppLocker rules be applied to specific users or groups?

Yes, rules can be created for specific users or groups. However, a rule can only apply to one user or one group. You can also create AppLocker rules to apply to all users (the Everyone group) and then apply that GPO to a specific computer group.”

https://technet.microsoft.com/library/ee619725%28v=WS.10%29.aspx

no

no

You cannot apply a “computer configuraton” policy to a user group. It has to be a workstation group.

ROBBER

ROBBER

I agree with the “you can’t apply computer config to a user group, but is “application control” computer configuration?

For “software restriction policies” this is definitely true > only computers.
For AppLocker this is not true > you can assign those policies to users.

https://technet.microsoft.com/en-us/library/ee449491.aspx

No clue what is the right answer as GPO3 is for SRP and GPO4 can be used with applocker. Even GPO2 is possible as that includes both marketing users and computers.

ROBBER

ROBBER

nvm, applocker policies still are in the “machine settings” branch, so you still need to apply the policies itself at the computer level. > GPO3.

Samir A

Samir A

Hi floks
The secret why GPO3 is correct is this line:
“Marketing users can only log on to the client computers in the Departments\Marketing\Computers OU.”
This means that marketing users use only marketing computers
Marketing users cannot log into other department’s computers

So this is a question in where we have to consider efficiency, so why bother using GPO4 or GPO2 if we can simply use GPO3 on marketing computers and which make our work simple and clean

Regards

Gerard Manvussa

Gerard Manvussa

But then the sentence “You need to apply an application control policy to all of the marketing users” is misleading, because you apply it to the marketing computers. You have to remember that AppLocker configuration only applies to computer objects in a OU, but is targetted to a given group or user.

Yeah

Yeah

Welcome to Microsoft certs. It’s a fucking mindgame.

Jacky

Jacky

The answer is GP04.

The sentence “Marketing users can only log on to the client computers in the Departments\Marketing\Computers OU.” is a DISTRACTION, a tricky information.