Your network contains an Active Directory domain named contoso.com. The domain has
one Active Directory site.
The domain contains an organizational unit (OU) named OU1. OU1 contains user accounts
for 100 users and their managers.
You apply a Group Policy object (GPO) named GPO1 to OU1. GPO1 restricts several
desktop settings.
The managers request that the desktop settings not be applied to them.
You need to prevent the desktop settings in GPOl from being applied to the managers. All
other users in OU1 must have GPO1 applied to them.
What should you do?
A.
Configure the permissions on OU1.
B.
Configure the permissions on the user accounts of the managers.
C.
Link GPO1 to a WMI filter.
D.
Configure the permissions of GPOl.
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the
settings in a Group Policy object (GPO). Using security filtering, you can specify that only
certain security principals within a container where the GPO is linked apply the GPO.
Security group filtering determines whether the GPO as a whole applies to groups, users, or
computers; it cannot be used selectively on different settings within a GPO.
In order for the GPO to apply to a given user or computer, that user or computer must have
both Read and Apply Group Policy (AGP) permissions on the GPO, either explicitly, or
effectively though group membership.