HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the
Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1
exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise
select No. Each correct selection is worth one point.
Answer: 
Explanation:
Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.
Consequently, the only users in the OU are User2 and User4. Since the Security Filtering specifies
that the policy will only apply to users/computers in the OU who are members of Group1 or User3,
User4 will not have the policy applied. Since User2 is, in fact, a member of Group1, the policy will be
applied to user 2. Thus, the only user who will not be able to access the control panel is User2.
NO
NO
NO
YES
I believe MCSE Guy first response is correct as security filtering bypasses whats in OU1 and only applies to what is in Security Filtering Group1 (User1, User2) and User 3. GPOs can only apply to groups if they are in security filtering.
No
No
No
Yes
Correct me if I am wrong.
Nvm I didn’t realize the objects had to be in the OU1 and security filtering for it to apply in this scenario.
Sorry the correct answer is
Yes
No
Yes
Yes
Linked GPO only applied to Computer/User objects IN the OU1.
A Security Group in an OU is NOT enough it’s not a computer/user object. A member or computer object in the Security Group ALSO has to be in the OU1.
User 1 will have CP Access. They aren’t in the OU1.
User 2 will not have CP Access. They are in the OU1 and the Security Filter affects User 2 since they are in Group1.
User 3 will have CP Access. They are not in the OU1. Doesn’t matter what objects are in the security filter. If they aren’t in the OU1 it doesn’t matter.
User 4 will have CP Access. While that account is in the OU1 the security filter only applies to Group1 and User 3.
NOW if User 3 is moved to the OU1 then the CP will be restricted.
NOW if User 4 is added to the security filter then the CP will be restricted.
NOW if User 1 is added to the OU1 then the CP will be restricted.
y
n
y
y
No
No
Yes
No
Y
N
Y
N
sorry, I mistyped
Y
N
Y
Y
n
n
n
y
a gpo só pode ser aplicada aos grupos, usuários e computadores selecionados no filtro de segurança.
O user1 e user2 faz parte do grupo1 que está selecionado no filtro juntamente com user3. Sendo assim, somente user4 pode alterar o painel de controle
YNYY – Tested in LAB.
GPO only applies to the objects specified in the Security filter and only to the members of the OU the GPO is attached to.
Who can access Control Panel?
– User1 Yes (not a member of OU1)
– User2 No (member of OU1 and in the Security Filtering list via Group1)
– User3 Yes (not a member of OU1)
– User4 Yes (not in the Security Filtering list)
best explanation on the list. Congratulations and thxs.
@ Gerard. Also confirmed in home lab and agree
Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.
all No because all users is a member of OU1, which GPO1 is applied (prohibit control panel access).
Please Note that under security Filtering it states that the group policy will apply to the following GROUPS, users and computers.
So – NO NO NO YES.
YNYY
In order to apply GPO on user, the user account must be in the OU where GPO is applied and the user must be in the security filtering.