|
Home > Archive > 70-210 > April 2003 > Spid's Tue (4/15) Win2k Pro QoD
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Spid's Tue (4/15) Win2k Pro QoD
|
|
|
| I know this one is a little out of scope from a normal 70-210 question, but you'll need to get an understanding of GPOs for the 215, 217, and 219 exams. I'll try to come up with a more standard 210 question tomorrow.
You are the all powerful network administrator of a Windows 2000 domain.
The domain has an OU named HelpDesk. A GPO named "Disable Regedit" is assigned to the HelpDesk OU and currently it is the only GPO applied to the HelpDesk OU and it disables the use of the registry editing tools.
Your mission is to remove the restriction on the registry editing tools for Users who live in the HelpDesk OU and minimize the number of GPOs that are processed during logon.
What should you do? (For a Tricky question Tuesday - Choose all that apply) 
A. Remove the Disable Regedit GPO from the HelpDesk OU.
B. Assign a new GPO called "Enable Regedit" to the HelpDesk OU that enables the use of registry editing tools.
C. On the computers in the HelpDesk OU, edit the registry to allow the use of registry editing tools.
D. On the computers in the HelpDesk OU, configure the local GPO to allow the use of registry editing tools.
E. On the computers in the HelpDesk OU, delete the registry.pol file from %systemroot%\System32\GroupPol
icy\Machine folder.
Good luck and see you tomorrow for the answer!! | |
| babu75 2003-04-15, 1:06 pm |
| i guess the norm is "Tricky-Tuesday"....
i go with A & B | |
| tennyson 2003-04-15, 1:59 pm |
| A & B  | |
| Forsaken 2003-04-15, 2:47 pm |
| I'll say just 'A'. This satisfies one of the 2 requirements..the other, to minimize the number of GPOs, which you are already doing..it doesnt say anything about giving them access, just removing the restriction | |
| sgirardo 2003-04-16, 8:24 am |
| I tend to agree with Forsaken on this one.
I don't know if this is a good thing or a bad thing.
Then only thing trickier than the question, is Foresaken's explanation of his answer.
quote:
I'll say just 'A'. This satisfies one of the 2 requirements..the other, to minimize the number of GPOs, which you are already doing..it doesnt say anything about giving them access, just removing the restriction
"This satisfies one of the 2 requirements"
Its hard to determine which one you are saying it meets because the next line states
"the other, to minimize the number of GPOs, which you are already doing"
huh?
".. it doesn't say anything about giving them access, just removing the restriction"
That means it meets both requirements, doesn't it?
If you remove the "Disable Regedit" GPO they have access to it, or why would you disable it in the first place.
The default is: you are able to use the regedit tools.
Answer "A" seems to be the only one that meets the requirements of minimizing GPOs and enabling access to regedit tools.
Unless you consider not adding GPOs to be minimizing? | |
| Forsaken 2003-04-16, 9:39 am |
| quote:
Originally posted by sgirardo
Answer "A" seems to be the only one that meets the requirements of minimizing GPOs and enabling access to regedit tools.
Unless you consider not adding GPOs to be minimizing?
Exactly my thought.....you are taking away a restriction, a GPO. That in itself is minimizing the amount of GPOs by 1. Now when you take away the restriction, they should have access, you shouldn't need to enable access. | |
| cramersaunders 2003-04-16, 10:12 am |
| A
Another option wich you have not given is to Place the Users from the Help Desk OU that require access to the Registry in a Lokal Domain Security Group and Deny this Group Read Access to the GPO. This way you can filter it so that only certain Users from the Help Desk OU can access the Registry without changing the GPO. | |
|
| quote:
Originally posted by Spid
I know this one is a little out of scope from a normal 70-210 question, but you'll need to get an understanding of GPOs for the 215, 217, and 219 exams. I'll try to come up with a more standard 210 question tomorrow.
You are the all powerful network administrator of a Windows 2000 domain.
The domain has an OU named HelpDesk. A GPO named "Disable Regedit" is assigned to the HelpDesk OU and currently it is the only GPO applied to the HelpDesk OU and it disables the use of the registry editing tools.
Your mission is to remove the restriction on the registry editing tools for Users who live in the HelpDesk OU and minimize the number of GPOs that are processed during logon.
What should you do? (For a Tricky question Tuesday - Choose all that apply)
A. Remove the Disable Regedit GPO from the HelpDesk OU.
B. Assign a new GPO called "Enable Regedit" to the HelpDesk OU that enables the use of registry editing tools.
C. On the computers in the HelpDesk OU, edit the registry to allow the use of registry editing tools.
D. On the computers in the HelpDesk OU, configure the local GPO to allow the use of registry editing tools.
E. On the computers in the HelpDesk OU, delete the registry.pol file from %systemroot%\System32\GroupPol
icy\Machine folder.
Good luck and see you tomorrow for the answer!!
And the answer is..... A
Answers C,D and E will not work because local policy settings will be overwritten by all higher policies. (LSDOU processing order).
Answer B - would work as long as it placed in the proper GPO processing order, but it conflicts with the objective to minimize the number of GPOs being processed.
In this scenerio with the answr provided, "A" is the only one that will remove the registry editing tools restriction and minimize the number of GPOs being proceed upon logon.
Nice job everyone!! |
|
|
|
|