单项选择题
You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. All client computers run Windows Vista. The computers in the sales department are located in an organizational unit (OU) named Sales. You use a Default Domain Policy to configure company user and computer settings. You configure a software restriction policy for the domain. The policy prevents users from running software that is not approved. You need to allow computers in the Sales OU to run software that is not approved while maintaining other required settings.
What should you do?()
A. Configure the Sales OU to block inheritance.
B. Create a new software restriction policy that reverses the settings in the Default Domain Policy. Link the new software restriction policy to the Sales OU.
C. Link the software restriction policy to the Sales OU. Disable the user configuration settings of this policy.
D. Link the software restriction policy to the Sales OU. Disable the computer configuration settings of this policy.
相关考题
-
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain with three sites. There is a domain controller at each site. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. The IT staff is organized into four groups. The IT staff works at the three different sites. The computers for the IT staff must be configured by using scripts. The script or scripts must run differently based on which site the IT staff user is logging on to and which of the four groups the IT staff user is a member of. You need toensure that the correct logon script is applied to the IT staff users based on group membership and site location. What should you do?()
A. Create four Group Policy objects (GPOs). Create a script in each GPO that corresponds to one of the four groups. Link the four new GPOs to all three sites. Grant each group permissions to apply only the GPO that was created for the group.
B. Create a single script that performs the appropriate configuration based on the user’s group membership. Place the script in the Netlogon shared folders on the domain controllers.
C. Configure a Group Policy object (GPO) with a startup script that configures computers based on IT staff group. Link the GPO to the three sites.
D. Create a script that configures the computers based on IT staff group membership and site. Create and link a GPO to the Domain Controllers OU to run the script. -
多项选择题
You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal?()
A. Create a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoComputers OU.
B. Create a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoComputers OU.
C. Create a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoUsers OU.
D. Create a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoUsers OU. -
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named Processing. There are 100 computer accounts in the Processing OU. You create a Group Policy object (GPO) named NetworkSecurity and link it to the domain. You configure NetworkSecurity to enable security settings through the Computer Configuration section of the Group Policy settings. You need to ensure that NetworkSecurity will apply only to the computers in the Processing OU. You need to minimize the number of GPO links. What should you do?()
A. Link NetworkSecurity to the Processing OU. Disable the User Configuration section of NetworkSecurity.
B. Link NetworkSecurity to the Processing OU. Remove the link from NetworkSecurity to the domain.
C. Modify the discretionary access control list (DACL) for NetworkSecurity to assign all computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.
D. Modify the discretionary access control list (DACL) for NetworkSecurity to assign the Authenticated Users group the Deny - Apply Group Policy permission and to assign all of the computer accounts in the Processing OU the Allow - Read and the Allow - Apply Group Policy permissions.
