You need to provide an Administrator named Admin1 with the ability to create GPOs in thedomain

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100
Group Policy objects (GPOs). Currently, there are no enforced GPOs. You need to provide an Administrator
named Admin1 with the ability to create GPOs in thedomain. The solution must not provide Admin1 with the
ability to link GPOs. What should you use?

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100
Group Policy objects (GPOs). Currently, there are no enforced GPOs. You need to provide an Administrator
named Admin1 with the ability to create GPOs in thedomain. The solution must not provide Admin1 with the
ability to link GPOs. What should you use?

A.
dcgpofix

B.
Get-GPOReport

C.
Gpfixup

D.
Gpresult

E.
Gptedit.msc

F.
Import-GPO

G.
Restore-GPO

H.
Set-GPInheritance

I.
Set-GPLink

J.
Set-GPPermission
K.
Gpupdate
L.
Add-ADGroupMember

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

researcher

researcher

dcgpofix – Recreates the default Group Policy Objects (GPOs) for a domain.
Get-GPOReport – Generates a report either in XML or HTML format for a specified GPO or for all GPOs in a domain.
Gpfixup – Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation.
Gpresult – Displays the Resultant Set of Policy (RSoP) information for a remote user and computer.
Gptedit.msc – GPO Editor
Import-GPO – Imports the Group Policy settings from a backed-up GPO into a specified GPO.
Restore-GPO – Restores one GPO or all GPOs in a domain from one or more GPO backup files.
Set-GPInheritance – Blocks or unblocks inheritance for a specified domain or organizational unit (OU).
Set-GPLink – Sets the properties of the specified GPO link.
Set-GPPermission – Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain.
Gpupdate – Refreshes local and Active Directory-based Group Policy settings, including security settings.
Add-ADGroupMember – Adds one or more members to an Active Directory group.

Reply

researcher

researcher

“You need to provide an Administrator named Admin1 with the ability to create GPOs in thedomain. The solution must not provide Admin1 with the ability to link GPOs.”

You need to grant permissions to Admin1.
You will most likely need to add them to an AD group.
After changing Admin1 permissions, you will need to refreash the settings.

J, K, L

Reply

robber

robber

imho the correct answer is not listed. They need to create GPO’s and not link them.
Set-GPPermission sets permission on existing GPO’s…
The answer should be ADUC or GPMC

Delegating creation of GPOs

Creating GPOs is a user right of the Group Policy Creator Owners (GPCO) group by default but can be delegated to any group or user. There are two methods to grant a group or user this right:
• Add the user or group to membership of the Group Policy Creator Owners (GPCO) group. This was the only method available prior to GPMC.

• Explicitly grant the group or user permission to create GPOs. This method is newly available with GPMC.

You can manage this permission using the Delegation tab on the Group Policy Objects container for a given domain in GPMC. This tab shows the groups that have permission to create GPOs in the domain, including the GPCO group. From this tab, you can modify the membership of existing groups with this permission, or add new groups.

Reply

Saad

Saad

it is J

Reply

asdbob

asdbob

L. Add-ADGroupMember for the Group Policy Creator Owners

Reply