Which of the following options would you choose to ensure that the user accounts in the ManagersOU

Exhibit:
You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers on the network run Windows Server 2008 and all client computers run Windows Vista.
The AD domain consists of a top level OU called EmployeesOU that contains three OUs called ManagesOU, StaffOU, and IntersOU to store the accounts of Managers, Staff, and Interns respectively. The relevant portion of the Active Directory domain is configured as shown in the exhibit.
Currently the EmployeeOU is configured in such a way that the users in the ManagersOU receive the Group Policy object (GPO) settings that are deployed to the EmployeesOU.
Which of the following options would you choose to ensure that the user accounts in the ManagersOU are unaffected by the GPOs that are deployed to the EmployeesOU?

Exhibit:


You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers on the network run Windows Server 2008 and all client computers run Windows Vista.

The AD domain consists of a top level OU called EmployeesOU that contains three OUs called ManagesOU, StaffOU, and IntersOU to store the accounts of Managers, Staff, and Interns respectively. The relevant portion of the Active Directory domain is configured as shown in the exhibit.

Currently the EmployeeOU is configured in such a way that the users in the ManagersOU receive the Group Policy object (GPO) settings that are deployed to the EmployeesOU.

Which of the following options would you choose to ensure that the user accounts in the ManagersOU are unaffected by the GPOs that are deployed to the EmployeesOU?

A.
On each GPO that links to the EmployeesOU, connect a Windows Management Instrumentation (WMI) filter.

B.
Move the ManagersOU to the StaffOU.

C.
On the ManagersOU, configure Block Policy Inheritance.

D.
Enforce the GPO link on the Employees OU.

E.
None of the above

Explanation:

To ensure that the user accounts in the ManagersOU are unaffected by the GPOs that are deployed to the EmployeesOU, you need to configure Block Policy Inheritance on the Managers OU.

Typically, group policies are passed down from parent to child containers within a domain, which you can view with the Active Directory Users and Computers console. Group policy is not inherited from parent to child domains, for example, from cco.com to sales.cco.com. If you assign a specific group policy setting to a high-level parent container, that setting applies to all containers beneath the parent container, including the user and computer objects in each container. However, if you explicitly specify a group policy setting for a child container, the child container’s setting overrides the one for the parent container.

The Block Policy inheritance option blocks Group Policy Objects that apply higher in the Active Directory hierarchy of sites, domains, and organizational units. It does not block GPOs whose No Override setting is enabled.

You can block policy inheritance at the domain or organizational unit level. In WS2K3 R2, you don’t use Active Directory Users and Computers for this function like you used to; you now use the Group Policy Management console.

Reference: Inheriting a Meager Comprehension of Policy Inheritance http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60



Leave a Reply 0

Your email address will not be published. Required fields are marked *