Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows
Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an
organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from
OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)
A.
The managed Administrative Template settings
B.
The unmanaged Administrative Template settings
C.
The System Services security settings
D.
The Event Log security settings
E.
The Restricted Groups security settings
Explanation:
http: //technet. microsoft. com/en-us/library/cc778402(v=ws. 10). aspx
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy
service governs Managed policy settings and removes a policy setting when it is no longer within scope of the
user or computer
http: //technet. microsoft. com/en-us/library/bb964258. aspx
can someone verify this answer?
I just verified the following in lab:
– set up a GPO containing security settings for system services, eventlog and restricted groups
– applied to testcomputer
– verified settings applied as defined in GPO
– removed GPO link
– gpupdate/force on testcomputer
-> all settings were reset to default!
so I somehow miss the point of above answer as A, C, D and E would be correct!
I think there’s some information missing here like what settings in detail were configured in GPO1, maybe a screenshot or something…?!
I would say A and B. Your asked to identify settings that will be removed. Using either of these two filters will assist you with that. C, D or E will give you nothing.
I agree, B will give you part of the answer (settings that will NOT be removed).
Otherwise you will not be complete.
If D is part of the answer, so are C and E.
So maybe this question is not complete, or something is missing in the answers.
I could imagine that M$ has answers to separate user and computer settings….
Or that user-settings will be removed immediately and computer-settings after a reboot….
I say A and E.
A: because managed settings are always removed by the Policy Manager service when policy goes out of scope or removed.
E: Confirmed in Lab and also makes the most sense that these settings should be removed when out of scope otherwise it would result in a large security risk.
Did you pass exam?
has to be A and B. these are filters used to identify what settings applied. i am just concerned that this is a filter for admin templates not all group policy settings
Several on version 6 of this say A & E
Question says: “You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.”
so sure not B
Tested in lab and can confirm that C, D and E all revert to the original values when the GPO is unlinked from the OU. So C, D and E could all be right answers.
https://sdmsoftware.com/group-policy-blog/group-policy/cleaning-group-policy-when-removing-a-machine-from-the-domain/
https://technet.microsoft.com/en-us/library/cc736484(v=ws.10).aspx
https://www.petri.com/manage-local-active-directory-groups-using-group-policy-restricted-groups
Hi Guys not sure if this helps or not as I was trying to get a concrete answer on this myself. So we have all decided that A is definitely going to be changed due to the fact that they are “managed” settings but the next one was the stumper, I agree like the rest that C D and E all make sense BUT I always leaned to E and I have found proof to that avail now.
As you will see form the Microosft MVP Restricted Groups are designed to be applied in GPO and removed once the link to the GPO is removed
Hope this helps
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3de0d395-4d99-42f1-9d37-a2ce6c24e7d8/restricted-groups?forum=winserverGP