Your network contains an Active Directory domain named contoso.com. All user accounts are in an organizational unit (OU) named Employees.
You create a Group Policy object (GPO) named GP1. You link GP1 to the Employees OU.
You need to ensure that GP1 does not apply to the members of a group named Managers.
What should you configure?
A.
The Security settings of Employees
B.
The WMI filter for GP1
C.
The Block Inheritance option for Employees
D.
The Security settings of GP1
Explanation:
A)
Wrong Group
B)
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the
target computer.
C)
Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by
the child-level.
D) Set Managers to – Members of this security group are exempt from this Group Policy object.
Security settings.
You use the Security Settings extension to set security options for computers and users within the scope of a Group Policy object. You can define local computer,
domain, and network security settings.
Figure below shows an example of the security settings that allow everyone to be affected by this GPO except the members of the Management group, who were
explicitly denied permission to the GPO by setting the Apply Group Policy ACE to Deny. Note that if a member of the Management group were also a member of a
group that had an explicit Allow setting for the Apply Group Policy ACE, the Deny would take precedence and the GPO would not affect the user.