Which three GPOs should you identify in sequence?

DRAG DROP

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named user1.

User1 is the member of a group named Group1. Group1 is in the Users container.

You create five Group Policy objects (GPO).

The GPOs are configured as shown in the following table.

The Authenticated Users group is assigned the default permissions to all of the GPOs.

There are no site-level GPOs.

You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.

Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.

View Answer

Answer:

Explanation:

Note:

* First at the domain level (GPO2), then at the highest OU level GPO4, and finally at the OU level containing user1 GPO5.

Incorrect:

* Read and Apply group policy are both needed in order for the user or computer to receive and process the policy

Not GPO1: Group1 has Deny Apply Group Policy permissions on GPO1.

Not GPO3: Group1 has Deny Read permissions on GPO3.

GPO2 and GPO4 are disabled.

* When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO).

* Group Policy settings are processed in the following order:

1 Local Group Policy object

2 Site.

3 Domain

4 Organizational units

GPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed.