Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1 contains custom security settings.
You need to design a Group Policy strategy to meet the following requirements:
The security settings in GPO1 must be applied to all client computers.
Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
A.
Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
B.
Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
C.
Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
D.
Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.
Explanation:
* You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains,or organizational units from being automatically inherited by the child-level.
* GPO links that are enforced cannot be blocked from the parent container.
If you enforce GPO1, it will be applied to the domain controllers OU which inheritance is blocked by default. The questions states, “The security settings in GPO1 must be applied to all client computers.”. The answer should be B since the GPO1 is already link to the domain.
Junior is not correct on his comment. The given answer of D is correct. One of the requirements is that all clients have GPO1 applied. If you only linked GPO1 to OU1, no other computers would get the GPO applied to them.