Day 10

Question 1

DSQuery.exe

Answer 1

an extremely powerful command-line tool that allows you to query and manage Active Directory objects

Question 2

LDIFDE.exe

LDAP Data Interchange Format Directory Exchange

Answer 2

used for object creation, queries, and modification of Active Directory objects.

pulls report of active directory database

Question 3

Group policy

Answer 3

the primary purpose of Group policy is to apply policy settings to computers and users in an active directory domain

Question 4

Group Policy Objects (GPOs)

Answer 4

a collection of settings that efficiently apply user and computer configurations for the domain.

Question 5

GPO’s can be linked to:

Answer 5

sites
domain’s
OU’s

Question 6

Two default GPO’s

Answer 6

Default domain policy–policy for the domain an dis linked to the domain

default domain controllers policy–domain controller policy and is linked to the domain controller’s OU

Question 7

SYSVOL (System Volume)

Answer 7

a collection of folders that exist on each domain controller to store elements of GPOs and domain public files

Question 8

SYSVOL subfolders

Answer 8

machine–contains registry settings to be applied to computer HKEY_Local_Machine settings

User–contains registry settings to be applied to the user’s HKEY_Current_USER settings

user and machine folders are created at install time and other folders are created as needed when policy is set

Question 9

Group policy has two settings:

Answer 9

computer configuration–group policies can be applied during the computer’s startup/shutdown and affect all users who log into the computer

user configuration- user configuration settings customize the user’s environment at the user level

Question 10

group policy processing order

Answer 10

1. local policies
2. Site GPO’s
3. Domain GPO’s
4. OU GPO’s

Question 11

Exception to processing order

Answer 11

#no override- previously processed policies are not overwritten
#block policy inheritance- policy settings will not inherit from above
#GPO disabled
#Permissions

Question 12

security templates

Answer 12

a collection of predefined policy settings in a single file. predefined templates provide a policy starting point and may be customized to meet organizational requirements

Question 13

User accounts

Answer 13

local-user account that can only be authenticated by the local machine. These accounts exist in local system’s SAM

#Built in-automatically created.  There are local and domain built in accounts
###administrator
###guest

Question 14

user profiles

Answer 14

HKU registry key contains the user environment settings for the user that has interactively logged on to the system.

HKCU registry key is used for configuration settings and changes while the user is logged on.

ntuser.dat is the user profile file.

changes are saved to profile at logoff

Question 15

ntuser.man

Answer 15

changing ntuser.dat to ntuser.man will make the profile mandatory and does not save changes at logoff

Question 16

local user profile

Answer 16

stored on the local system

Question 17

roaming user profile

Answer 17

roaming profiles are stored on a network share

Question 18

group accounts

Answer 18

used to manage account permissions more efficiently by adding user, computer, and even other group accounts into a single group

Question 19

two types of domain groups

Answer 19

security groups– used for assigning permissions

distribution groups–used for email distribution lists

Question 20

domain local groups and domain global groups

Answer 20

#Domain local groups---assigned to resources within a domain
#Domain Global Group-used anywhere in the forest.

Question 21

best practise for managing group membership

Answer 21

1 add user accounts as members of global groups
2 add global groups as members of domain local groups
3. assign permissions to domain local groups
A->GG->DLG

Question 22

the following groups are of a global scope.

They are located in Users container by default

Answer 22

Domain Admins
Domain Guests
Domain Users
Enterprise Admins

Question 23

The following groups are of a domain local scope.

They are located in the Built-in container by default

Answer 23

Account operators
administrators
backup operators
Users

Question 24

Special identity groups

Answer 24

conditional groups whose memberships cannot be manually assigned.
Authenticated users
Creator Owner
Everyone