微软认证

You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but

题目

You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.

What should you do?

A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.

B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.

C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.

D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.

如果没有搜索结果,请直接 联系老师 获取答案。
如果没有搜索结果,请直接 联系老师 获取答案。
相似问题和答案

第1题:

Your network consists of numerous domains within a LAN, plus one remote location that is configured as another domain within the tree. Each domain contains several organizational units. The remote domain is connected to the main office network by using 56-Kbps connection, as shown in the Exhibit.

The remote location is running a previous service pack for Windows 2000, and the LAN is running the most recent service pack.

You want to configure a group policy for the remote location so that users can repair a problem with a service pack system file. You also want to reduce the traffic on the LAN and ease administration of the group policies. You want to retain the domain administrator's access to the group policy configuration.

What should you do?

A.Configure a group policy for each OU in the west.litware.com domain. Configure a service pack software package for each group policy.

B.Configure a group policy for each OU in the litware.com domain. Configure a service pack software package for each group policy.

C.Configure a group policy for west.litware.com domain. Configure a service pack software package for the group policy.

D.Configure a group policy for the litware.com domain. Configure a service pack software package for the group policy.


正确答案:C
解析:Explanation:Grouppolicyfortheremotelocationimpliesaremotepolicyforthewest.litware.comdomain.ThereisnorequirementtohavedifferentpackagesindifferentOUs.ThereforethebestsolutionistoconfigureaGPOatthedomain-level,nottoeachindividualOUinthewest.litware.comdomain.Incorrectanswers:A:ItwouldrequirelessadministrativeefforttoconfiguretheGroupPolicyatdomainlevelinsteadofateachOU.B:Deployingthepackageinthelitware.comdomainwouldincreasethetrafficontheslow56KbitWANlink.D:Deployingthepackageinthelitware.comdomainwouldincreasethetrafficontheslow56KbitWANlink.

第2题:

You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()

  • A、Add the SalesAdmins group to the Group Policy Creator Owners group.
  • B、Configure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.
  • C、Run the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.
  • D、Run the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.

正确答案:D

第3题:

The network consists of a single domain named Ezonexam.com that includes 20 Windows NT workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers. You install Terminal Services on one of the Windows Server computers and Terminal Services Client on the 20 Windows NT Workstation 4.0 client computers. You create a system policy on the server that is configured as the terminal server. This system policy denies access to Network Neighborhood. You find that the users of the terminal server can still browse the network when they open My Network Places from Windows 2000 Professional computer or when they open Network Neighborhood from Windows NT Workstation 4.0 computers.

You want to prevent all users from browsing the network.

What should you do? (Each correct answer presents a complete solution. Choose two.)

A.Create a Windows Group Policy that denies user access to My Network Places.

B.Copy the Windows NT policy file to the 20 Windows NT Workstation 4.0 computers.

C.Create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator.

D.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the terminal server.

E.Configure the terminal server to use Application server mode. Select the Permissions compatible with Terminal Server 4.0 Users option.


正确答案:AC
解析:Explanation: The primary domain controller (PDC) is the server that maintains the master copy of the domain's user-accounts database and that validates logon requests. Prior to Windows 2000 every Windows NT network domain was required to have one, and only one, PDC. If you want to deny users of the terminal server browsing ability of the Network Neighborhood, you should create a group policy that denies access to My Network Places. (Microsoft is colloquially stuck with Network Neighborhood for My Network Places.)

第4题:

Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object (GPO) and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit (OU) named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do?()

  • A、 Move the user accounts of users in the research department to the Users container.
  • B、 Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.
  • C、 Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.
  • D、 Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.

正确答案:D

第5题:

You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants, Processors, and Management are located in an organizational unit (OU) named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object (GPO) and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals: You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group, unless the user account is also  a member of the Processors group. What should you do?()

  • A、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
  • B、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
  • C、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
  • D、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

正确答案:C

第6题:

You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.

You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.

You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.

What should you do?

A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.

B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.

C.Create a Windows 2000 Group Policy that denies user access to My Network Places.

D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.


正确答案:C
解析:Explanation: Windows NT 4.0 system polices affect computers running Windows NT 4.0. The Windows NT computers in this scenario are being used as Terminals for the Windows 2000 Server computer that is running Terminal Services. In effect the Windows NT clients are running locally on the Windows 2000 Server. The restriction must be applied on the Windows 2000 Server. This can be done by using a group policy.

Incorrect answers:
A: System policy templates only affect Windows NT 4.0 computers. The restriction must be applied on the Windows 2000 Server.

B: Windows NT policies only affect Windows NT 4.0 computers. The restriction must be applied on the Windows 2000 Server.

D: The NT clients are running locally on the Windows 2000 Server. The restriction must be applied on the Windows 2000 Server.

第7题:

Your network consists of a single Active Directory domain. User accounts for engineering department  are located in an OU named Engineering.    You need to create a password policy for the engineering department that is different from your domain  password policy.    What should you do()

  • A、Create a new GPO. Link the GPO to the Engineering OU.
  • B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the  Engineering OU.
  • C、Create a global security group and add all the user accounts for the engineering department to the  group. Create a new Password Policy Object (PSO) and apply it to the group.
  • D、Create a domain local security group and add all the user accounts for the engineering department to  the group. From the Active Directory Users and Computer console, select the group and run the  Delegation of Control Wizard.

正确答案:C

第8题:

Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?()

A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.

B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).

C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.

D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).


参考答案:A

第9题:

Your company has an Active Directory domain that has an organizational unit named Sales. The   Sales organizational unit contains two global security groups named sales managers and sales  executives.    You need to apply desktop restrictions to the sales executives group. You must not apply these desktop  restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the  Sales organizational unit.   What should you do next()

  • A、Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown  GPO.
  • B、Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown  GPO.
  • C、Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.
  • D、Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.

正确答案:A

第10题:

Your network consists of a single Active Directory domain. The domain contains 13 member servers. The member servers run Windows Server 2003 Service Pack 2 (SP2). The computer accounts for all member servers are located in an organizational unit (OU) named Servers. You need to prevent remote desktop connections to the member servers. What should you do? ()

  • A、On each server, remove all users from the Remote Desktop Users group.
  • B、On each server, run the Terminal Services Configuration console. From the RDP-TCP connection permissions properties, set the Full Control permission for the Remote Desktop Users group to deny.
  • C、Use a Group Policy Object (GPO) to disable the Allow users to connect remotely using Terminal Services setting.
  • D、Use a Group Policy Object (GPO) to configure the Sets rules for remote control of Terminal Services user sessions setting to No Remote Control.

正确答案:C

更多相关问题
相关内容