Create and Manage Group Policy Flashcards
Which tool do you use to edit a local Group Policy on a computer?
you can open and edit a GPO by using the Group Policy Editor
How can domain administrators disable the processing of local GPOs on clients that are running Windows client and Windows Server operating systems?
by enabling the Turn Off Local Group Policy Objects Processing policy setting in a domain GPO
Which user can always change permissions on an object, even when that user is denied all access to the object?
The user or group that is the owner of the object
How do you export AppLocker rules from a GPO in one domain to another GPO in another domain?
Export the AppLocker rules from the source GPO to an XML file. Import the XML file with Group Policy Editor on the destination GPO
Which user feature protects the computer from the unauthorized installation of any software?
User Account Control (UAC)
What is the path to the central store that is used to store and replicate Windows policy files on a domain controller?
%logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions
What is the scope of the Restore-GPO cmdlet when restoring GPO backups?
It only restores GPO backups to the original domain where the GPO was saved
After creating ADMX files to define registry-based policy settings on all client computers in the domain, what should you do to ensure that the custom ADMX file for the Chinese language is automatically available to all Group Policy administrators in the domain?
Create an ADML file and copy it to the SYSVOLl\domain\policies\PolicyDefinitions[MUIculture] folder on the domain controller.
What are the two enforcement options that can be set on the enforcement of AppLocker executable rules, Windows Installer rules, script rules, and packaged app rules?
Enforce Rules and Audit
Which GPO setting manages mapped drives, scheduled tasks, environment variables, printer mappings, and Start menu settings?
Preferences
What should you do to allow AppLocker rules to test what software will be affected by the rules when they are implemented?
Set enforcement to Audit
If you have multiple local GPOs on a Windows Server 2012 server, in what order are the local GPOs processed?
- Local Group Policy
- Administrators and Non-Administrators Group Policy
- User-specific Local Group Policy
What is the term for the folder that is created in the SYSVOL folder of an Active Directory domain controller and is used to provide a centralized storage location for ADMX and ADML files for the domain?
central store
What type of AppLocker rules are available to configure in a GPO for Windows 8.1 or Windows Server 2012 R2 computers?
packaged app rules, executable rules, Windows Installer rules, and script rules
When editing a Group Policy, which Flexible Single Master Operations (FSMO) role contains the version of the Group Policy that is being edited?
PDC emulator
What type of condition would you apply to an AppLocker rule to restrict users from running a specific version number of a program?
a file hash rule
What does the Block all connections setting on a Firewall profile block?
Blocks all connections, regardless of any firewall rules that explicitly allow the connection
What does the Block setting on a Firewall profile block?
Blocks all connections that do not have firewall rules that explicitly allow the connection
Which Hyper-V features can be accessed by members of the Hyper-V Administrators group?
Members of the Hyper-V Administrators have complete and unrestricted access to all features of Hyper-V.
What path on a domain controller contains the Group Policy files?
%SystemRoot%\SYSVOL\Domain\Policies\GPOGUID path, where GPOGUID is the GUID of the Group Policy container.
What does the Allow setting on a Firewall profile allow?
Allows the connection, unless there is a firewall rule that explicitly blocks the connection
Which service, if stopped, with will prevent AppLocker policies from being enforced?
the Application Identity service
Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound L2TP connections?
UDP port 500 and 4500 as well as IP Protocol ID 50
How does an administrator repair or change permissions on a file in which the administrator has been denied permissions?
The administrator should take ownership of the file
Which firewall rules should be configured to allow ping commands to work?
the correct echo rules, such as “File and Printer Sharing (Echo Request - ICMPv4-In)”
Which command is used to configure one or many servers with an SCW-generated policy?
Scwcmd
What type of condition would you apply to an AppLocker rule to restrict users from running software from a specific software vendor?
a publisher rule
Which firewall profile is applied when a computer is connected to a network in which the computer’s domain account does not reside, such as a home network?
Private profile
To specify the Accounts:Rename Administrator account policy to rename the local Administrator account on a computer to a different name, what path in a GPO must you search for the policy?
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options
Which firewall profile is applied when a computer is connected to a domain through a public network?
Public profile
What type of AppLocker rule would you use to control an application from the Windows store?
a packaged app rule
What type of condition would you apply to an AppLocker rule to restrict users from installing software in a particular location?
a path rule
If you upgrade a computer that is using Software Restriction Policies to Windows Server 2012 R2 or Windows 8.1, and then implement AppLocker rules, which set of policies is enforced?
only the AppLocker rules are enforced
Which firewall profile is applied when a computer is connected to a network in which the computer’s domain account resides?
Domain profile
Which group can reduce the number of users that belong to the local Administrators group while providing users with access to Hyper-V?
Hyper-V Administrators
What PowerShell cmdlet would you use to display the settings that have been enabled in a particular GPO?
the Get-GPOReport cmdlet
What parameter of the Import-GPO cmdlet will create the destination GPO if the GPO does not exist?
-CreateIfNeeded
Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound PPTP connections?
TCP port 1723 and IP Protocol ID 47
Which type of GPO allows you to create a baseline from which you can build GPOs?
A Starter GPO
How can you copy AppLocker rules to another computer?
Export the AppLocker rules from a GPO or local security policy to an XML file, and import the XML file to another GPO or another local security policy
Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound SSTP connections?
TCP Port 443
Which local group(s) membership on a member server allows the user to back up and restore files and directories on the server?
Membership in the Administrators OR Backup Operators groups