You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.What should you do?A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.

You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.

What should you do?

A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.

B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.

C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.

D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.


相关考题:

The network consists of a single domain named Ezonexam.com that includes 20 Windows NT workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers. You install Terminal Services on one of the Windows Server computers and Terminal Services Client on the 20 Windows NT Workstation 4.0 client computers. You create a system policy on the server that is configured as the terminal server. This system policy denies access to Network Neighborhood. You find that the users of the terminal server can still browse the network when they open My Network Places from Windows 2000 Professional computer or when they open Network Neighborhood from Windows NT Workstation 4.0 computers.You want to prevent all users from browsing the network.What should you do? (Each correct answer presents a complete solution. Choose two.)A.Create a Windows Group Policy that denies user access to My Network Places.B.Copy the Windows NT policy file to the 20 Windows NT Workstation 4.0 computers.C.Create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator.D.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the terminal server.E.Configure the terminal server to use Application server mode. Select the Permissions compatible with Terminal Server 4.0 Users option.

Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?() A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

Your network consists of numerous domains within a LAN, plus one remote location that is configured as another domain within the tree. Each domain contains several organizational units. The remote domain is connected to the main office network by using 56-Kbps connection, as shown in the Exhibit.The remote location is running a previous service pack for Windows 2000, and the LAN is running the most recent service pack.You want to configure a group policy for the remote location so that users can repair a problem with a service pack system file. You also want to reduce the traffic on the LAN and ease administration of the group policies. You want to retain the domain administrator's access to the group policy configuration.What should you do?A.Configure a group policy for each OU in the west.litware.com domain. Configure a service pack software package for each group policy.B.Configure a group policy for each OU in the litware.com domain. Configure a service pack software package for each group policy.C.Configure a group policy for west.litware.com domain. Configure a service pack software package for the group policy.D.Configure a group policy for the litware.com domain. Configure a service pack software package for the group policy.

You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.What should you do?A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.C.Create a Windows 2000 Group Policy that denies user access to My Network Places.D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.

You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()A、Add the SalesAdmins group to the Group Policy Creator Owners group.B、Configure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.C、Run the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.D、Run the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.

Your network consists of a single Active Directory domain. User accounts for engineering department  are located in an OU named Engineering.    You need to create a password policy for the engineering department that is different from your domain  password policy.    What should you do()A、Create a new GPO. Link the GPO to the Engineering OU.B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the  Engineering OU.C、Create a global security group and add all the user accounts for the engineering department to the  group. Create a new Password Policy Object (PSO) and apply it to the group.D、Create a domain local security group and add all the user accounts for the engineering department to  the group. From the Active Directory Users and Computer console, select the group and run the  Delegation of Control Wizard.

You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants, Processors, and Management are located in an organizational unit (OU) named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object (GPO) and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals: You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group, unless the user account is also  a member of the Processors group. What should you do?()A、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.B、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.C、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.D、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

Your company has an Active Directory domain that has an organizational unit named Sales. The   Sales organizational unit contains two global security groups named sales managers and sales  executives.    You need to apply desktop restrictions to the sales executives group. You must not apply these desktop  restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the  Sales organizational unit.   What should you do next()A、Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown  GPO.B、Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown  GPO.C、Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.D、Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.

Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object (GPO) and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit (OU) named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do?()A、 Move the user accounts of users in the research department to the Users container.B、 Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.C、 Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.D、 Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.

Your network consists of a single Active Directory domain. The domain contains 13 member servers. The member servers run Windows Server 2003 Service Pack 2 (SP2). The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You need to prevent remote desktop connections to the member servers. What should you do? ()A、On each server, remove all users from the Remote Desktop Users group.B、On each server, run the Terminal Services Configuration console. From the RDP-TCP connection permissions properties, set the Full Control permission for the Remote Desktop Users group to deny.C、Use a Group Policy Object (GPO) to disable the Allow users to connect remotely using Terminal Services setting.D、Use a Group Policy Object (GPO) to configure the Sets rules for remote control of Terminal Services user sessions setting to No Remote Control.

You are the network administrator for your company. Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. You add eight servers for a new application. You create an organizational unit (OU) named Application to hold the servers and other resources for the application. Users and groups in the domain will need varied permissions on the application servers. The members of a global group named Server Access Team need to be able to grant access to the servers. The Server Access Team group does not need to be able to perform any other tasks on the servers. You need to allow the Server Access Team group to grant permissions for the application servers without granting the Server Access Team group unnecessary permissions.  What should you do?()A、 Create a Group Policy object (GPO) for restricted groups. Configure the GPO to make the Server Access Team group a member of the Power Users group on each application server. Link the GPO to the Application OU.B、 Grant the Server Access Team group permissions to modify computer objects in the Application OU.C、 Move the Server Access Team group object into the Application OU.D、 Create domain local groups that grant access to the application servers. Grant the Server Access Team group permissions to modify the membership of the domain local groups.

Your network contains a single Active Directory domain. You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Users store all of their files in their My Documents folders. You need to move each user’s My Document folder to Server1. You must achieve this goal by using the minimum amount of administrative effort. What should you do?()A、Configure Folder Redirection by using a Group Policy object (GPO).B、Configure the shared folder settings by using a Group Policy object (GPO).C、From the properties of each user account, assign a home folder.D、From the properties of each user’s My Documents folder, modify the target folder location.

You are a help desk technician for your company. Your company’s network includes an Active Directory domain and Windows XP Professional computers that are configured as members of the domain. Company policy prohibits users from accessing their computers unless they are authenticated by a domain controller. However, users report that they can log on to their computers, even though a network administrator has told them that a domain controller is not available. As a test, you log off of your computer and disconnect it from the network. You discover that you can log on by using your domain user account. You need to ensure that users cannot access their computers unless they are authenticated by a domain controller. How should you configure the local computer policy on these computers? () A、Enable the Require domain controller to unlock policy.B、Set the Number of previous logons to cache policy to 0.  C、Remove all user and group accounts from the Log on locally user right. D、Remove all user and group accounts from the Access this computer from the network user right.

Your network consists of a single Active Directory domain. The relevant portion of the Active Directory domain is configured as shown in the following diagram. The Staff organizational unit (OU) contains all user accounts except for the managers user accounts. The Managers OU contains the managers user accounts and the following global groups    èSales èFinance èEngineering   You create a new Group Policy object (GPO) named GPO1, and then link it to the Employees OU. Users from the Engineering global group report that they are unable to access the Run commandon the Start menu. You discover that the GPO1 settings are causing the issue.   You need to ensure that the users from the Engineering global group are able to access the Run  command on the Start menu. What should you do?()A、Configure GPO1 to use the Enforce Policy option.B、Configure Block Inheritance on the Managers OU.C、Configure Group Policy filtering on GPO1 for the Engineering global group.D、Create a new child OU named Engineering under the Employees OU. Move the Engineering global group to the new Engineering child OU.

Your company has an Active Directory domain. All consultants belong to a global group named   TempWorkers. The TempWorkers group is not nested in any other groups.   You move the computer objects of three file servers to a new organizational unit named SecureServers.   These file servers contain only confidential data in shared folders.   You need to prevent members of the TempWorkers group from accessing the confidential data on the file  servers. You must achieve this goal without affecting access to other domain resources.   What should you do()A、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this  computer from the network user right to the TempWorkers global group.B、Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network  user right to the TempWorkers global group.C、Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the  TempWorkers global group.D、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locallyuser right to the TempWorkers global group.

Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()A、Create a Group Policy object (GPO) that enabled Security Center and link the policy to the domain.B、Create a Group Policy object (GPO) that enabled Security Center and link the policy to the Domain controllers organizational unit (OU)C、Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to eabled. Link the Policy to the domain.D、Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to eabled. Link the Policy to the Domain Controllers organizational unit (OU)

Your network consists of a single Active Directory domain. An organizational unit (OU) named Servers contains all member servers in the domain. The domain contains a Group Policy object (GPO) named Policy1.  A user account named Admin1 is used to administer the member servers. You need to allow Admin1 to apply Policy1 to the member servers. You must prevent Admin1 from modifying Policy1. What should you do?()A、Add Admin1 to the Server Operators group.B、Add Admin1 to the Group Policy Creator Owners group.C、On the Servers OU, assign Admin1 the permission to link GPOs.D、On Policy1, assign Admin1 the permission to apply group policy.

You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com.All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named ABCServ, which host the computer accounts for servers in the ABC.com domain.You have been tasked with adding a group to a local group on all servers in the ABC.com domain.This group should not, however, be removed from the local group.  Which of the following actions should you take?()A、You should consider adding a restricted group.B、You should consider adding a global group.C、You should consider adding a user group.D、You should consider adding a server group.

Your network contains an Active Directory domain named contoso.com.  You have a management computer named Computer1 that runs Windows 7.   You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new  domain controllers must be dynamically added to the subscription.   What should you do()A、From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO)  linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.B、From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO)  linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.C、From Computer1, configure source-initiated event subscriptions. Install a serverauthentication  certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).D、From Computer1, configure collector-initiated event subscriptions. Install a server authentication  certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).

You are the administrator for Company’s network.You are using Windows Installer to deploy an application to 500 Windows 2000 Professional computerson your network. The network includes an organizational unit (OU) named Marketing. A Group Policyobject (GPO) is created for the Marketing OU.The software deployment of the application is unsuccessful. During the deployment, some users in theMarketing OU report that the installation is stopping with random errors midway through theinstallation process. The remaining users in the Marketing OU report that the software is installing but itis giving them general protection fault errors.You want the installation of the application to complete successfully.What should you do?()A、Redeploy the application as a .zap file to the Marketing OU.B、Redeploy the application by using the Group Policy object (GPO) for the Marketing OU.C、Repackage and redeploy the application’s .msi file to the Marketing OU.D、Repackage and redeploy the application’s .mst file to the Marketing OU.

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional with themost recent service pack. All client computers have computer accounts in an organizational unit (OU) named CompanyComputers. The company requires all computers to be kept up-to-date with service packs and hotfixes from Microsoft. Administrators will manually update servers as required. You need to configure the network so that client computers are automatically updated as new critical updates are issued.  What are two possible ways to achieve this goal?()A、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.B、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.C、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.D、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named Processing. There are 100 computer accounts in the Processing OU. You create a Group Policy object (GPO) named NetworkSecurity and link it to the domain. You configure NetworkSecurity to enable security settings through the Computer Configuration section of the Group Policy settings. You need to ensure that NetworkSecurity will apply only to the computers in the Processing OU. You need to minimize the number of GPO links.  What should you do?()A、 Link NetworkSecurity to the Processing OU. Disable the User Configuration section of NetworkSecurity.B、 Link NetworkSecurity to the Processing OU. Remove the link from NetworkSecurity to the domain.C、 Modify the discretionary access control list (DACL) for NetworkSecurity to assign all computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.D、 Modify the discretionary access control list (DACL) for NetworkSecurity to assign the Authenticated Users group the Deny - Apply Group Policy permission and to assign all of the computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.

You need to ensure that the network administrators are able to administer the NewApp database servers. Which two actions should you perform?()A、Create an organizational unit (OU) for all users who log on to any of the NewApp servers.B、Create an organizational unit (OU) named NewApp Users for the NewApp users.C、Create an organizational unit (OU) named NewApp Servers for the NewApp servers.D、Create a Group Policy object (GPO) for the NewApp Users OU to enforce the use of IPSec.E、Create a global group for all NewApp servers. Add this group to the NewApp Servers OU.F、Create a Group Policy object (GPO) for the NewApp Servers OU to enforce the use of smart cards.

单选题Your network contains an Active Directory domain named contoso.com.  You have a management computer named Computer1 that runs Windows 7.   You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new  domain controllers must be dynamically added to the subscription.   What should you do()AFrom Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO)  linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.BFrom Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO)  linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.CFrom Computer1, configure source-initiated event subscriptions. Install a serverauthentication  certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).DFrom Computer1, configure collector-initiated event subscriptions. Install a server authentication  certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).

单选题Your network consists of a single Active Directory domain. The relevant portion of the Active Directory domain is configured as shown in the following diagram. The Staff organizational unit (OU) contains all user accounts except for the managers user accounts. The Managers OU contains the managers user accounts and the following global groups    èSales èFinance èEngineering   You create a new Group Policy object (GPO) named GPO1, and then link it to the Employees OU. Users from the Engineering global group report that they are unable to access the Run commandon the Start menu. You discover that the GPO1 settings are causing the issue.   You need to ensure that the users from the Engineering global group are able to access the Run  command on the Start menu. What should you do?()AConfigure GPO1 to use the Enforce Policy option.BConfigure Block Inheritance on the Managers OU.CConfigure Group Policy filtering on GPO1 for the Engineering global group.DCreate a new child OU named Engineering under the Employees OU. Move the Engineering global group to the new Engineering child OU.

单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named Processing. There are 100 computer accounts in the Processing OU. You create a Group Policy object (GPO) named NetworkSecurity and link it to the domain. You configure NetworkSecurity to enable security settings through the Computer Configuration section of the Group Policy settings. You need to ensure that NetworkSecurity will apply only to the computers in the Processing OU. You need to minimize the number of GPO links.  What should you do?()A Link NetworkSecurity to the Processing OU. Disable the User Configuration section of NetworkSecurity.B Link NetworkSecurity to the Processing OU. Remove the link from NetworkSecurity to the domain.C Modify the discretionary access control list (DACL) for NetworkSecurity to assign all computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.D Modify the discretionary access control list (DACL) for NetworkSecurity to assign the Authenticated Users group the Deny - Apply Group Policy permission and to assign all of the computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.

单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()AAdd the SalesAdmins group to the Group Policy Creator Owners group.BConfigure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.CRun the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.DRun the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.