MCS WK2 (Server Pro:Manage and Administer)2021/2022 study guide

MCS WK2 (Server Pro:Manage and Administer)2021/2022 study guide You are the administrator of the Active Directory domain. You delegate administration of the Sales OU and Research OU to other administrators. You want to prevent the administrators of those OUs from creating any other Group Policy objects with settings that conflict with those you have configured for the domain. What should you do? In Group Policy objects linked to the domain, set the Enforced option. You are the administrator for a network with a single Active Directory domain named . The domain has an Organizational Unit object for each major department in the company, including the Information Systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the On the Group Policy object's access control list, deny the Apply Group Policy permission for members of the Domain Admins group. 00:29 01:21 organizational units (OUs) representing each department in the organization. You have delegated complete administration for each OU to appropriate users in each department. You have made these users members of the Group Policy Creator Owners group. You create a Group Policy object (GPO) named Corporate Desktop that configures the desktop environment for users in the company. You link the GPO to the domain. Later, you discover that some of the settings are not being applied to users in the Development department. How can you make sure that all settings in the Corporate Desktop GPO get applied to all users in the company? Configure the Enforced option for the Corporate Desktop GPO. Your network has a single Active Directory forest with two domains: te and HQ.te. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in the te domain. No other OUs exist in the HQ domain. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. • You create a GPO called AutoEnroll that automatically enrolls user certificates. This GPO should apply to all users in both domains. • You create a GPO called MyDoc Redirect that redirects the My Documents folder. This GPO should apply to all users in the Accounting department. • You create a GPO called CustomApp that distributes a custom application. This GPO should apply to all users in the Marketing and Sales departments. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes. te AutoEnroll GPO (leave blank) HQ.te AutoEnroll GPO CustomApp GPO Accounting MyDoc Redirect GPO No Override Marketing (leave blank) (leave blank) Sales (leave blank) (leave blank) Your network has a single Active Directory forest with two domains: te and HQ.te. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the te and HQ.te domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: • You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. • The Accounting department has a custom software application that needs to be installed on computers in that department. • Computers in the Marketing and Sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes. te Password Settings (leave blank) (leave blank) HQ.te Password Settings (leave blank) (leave blank) Accounting Accounting App (leave blank) Marketing Desktop Settings (leave blank) Sales Desktop Settings (leave blank) You are the administrator for WestSim Corporation. The network has a single domain, , running at Windows Server 2008 functional level. Five domain controllers, all running Windows Server 2012 R2, are located on the network. Users in the Shipping department have a special software program that helps them keep track of incoming products and match the SKU number with items in the order database. You have created an OU called Shipping and have placed all computers and users for that department into the OU. You create a software GPO called SKUWare that publishes the software to all users in the department. All manager user objects have been placed in an OU called Managers. The shipping manager logs on to one of the computers in the shipping department. He calls you because the software package is not available to install on the workstation. You need to make the software package available so he can install it. You want to make sure that anyone else who logs on to any workstation in the shipping department can install the software. What should you do? Enable loopback processing in the SKUWare GPO. consists of a parent OU named HQ_West, and child OUs of Research, HR, Finance, Sales, and Operations. You also want to ensure that all client computers have strong password policies applied, and that an administrator is required to unlock locked user accounts for the Research and Human Resources departments. You create a Group Policy Object named DefaultSec, which applies security setting that are required for all users and computers. You create a second GPO named HiSec, which has the security settings that are required by the HR and the Research departments. Both GPOs use custom security templates. How should you link the GPOs to the OUs? (Select three.) Link HiSec to the HR and Research OUs. Configure password policies on a GPO linked to the domain. Link DefaultSec to the HQ_West OU. domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. There is a main office located in New York and a branch office located in Los Angeles. You have been directed to set up wireless access for clients in the New York office. You create a new Group Policy Object (GPO) that specifies the wireless network settings for the New York office and link it to the New York site. Users from the Los Angeles office complain that when they travel to New York they are unable to connect to the wireless network in New York. You need to enable the traveling users to connect to the wireless network. What should you do? Direct the visiting users to first connect to the New York network using a wired connection to receive the wireless network settings. To speed up the boot process for hosts in your domain, you want to reconfigure Group Policy processing so that computers download the latest version of your policies and store them locally. This way, domain hosts can read and process the local copy of the policy settings instead of downloading them from the network when they boot. Click the policy in Group Policy Management that you must enable to configure this functionality. Enable group policy caching for servers You have enabled Group Policy caching in your domain. Using this feature, Group Policy settings are saved locally on each domain-joined host. In which folder are these settings stored? C:WindowsSystem32GroupPolicydatastore You are the administrator for the domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom Administrative Template settings are not shown. What should you do? Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.