ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 161 discussion

Actual exam question from Microsoft's 70-742
Question #: 161
Topic #: 1
[All 70-742 Questions]

Your network contains an Active Directory domain named contoso.com.
You have three top-level organizational units (OUs) named OU1, OU2 and OU3. OU1 contains user accounts. OU2 contains the computer accounts for shared public computers. OU3 contains the computer accounts for laptops.
You have two Group Policy objects (GPOs) named GPO1 and GPO2. GPO1 is linked to OU1. GPO2 is linked to OU2.
You need to prevent the user settings in GPO1 from being applied when a user signs in to a shared public computer. If a user signs in to a laptop, the user settings in GPO1 must be applied.

  • A. Loopback processing
  • B. GPO link enforcement
  • C. Security Filtering
  • D. Inheritance blocking
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by TMW at Sept. 13, 2019, 5:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TooManyExams
4 years, 11 months ago
User policies are now retrieved using the computer context. see https://support.microsoft.com/en-us/help/3163622/ms16-072-security-update-for-group-policy-june-14-2016 So if the computer cannot read the user policy it wont apply it. Authenticated users, the default setting for GPOs includes all domain computers. So create a group of the computers where you do NOT want the user policy to apply, and add that to the security tab on the GPO with a "Deny".
upvoted 1 times
...
ShockwaveXYZ
5 years, 2 months ago
Apply loopback proccessing with the replace option on OU2
upvoted 4 times
lbs
4 years, 11 months ago
I agree with the concise answer! The link below explains the Loopback processing very well; if you have the time to read it https://docs.microsoft.com/en-us/archive/blogs/askds/circle-back-to-loopback
upvoted 1 times
...
...
coleman
5 years, 5 months ago
right.
upvoted 1 times
...
panda
5 years, 6 months ago
I think correct answer is A just like example answer. Two major premises are below. The one is that a user should be actually the user on OU1 The other is that each loopback processing should be applied to each OU. Since this question is difficult expression to understand, I arranged them as below. We have to realize two actions. The first action is to ensure that when a user signs in to the computer on OU2, GP01 linking to OU1 isn’t applied to the user. In this case by specifying loopback processing on OU2 this action could be realized. The second action is to ensure that when a user signs to the computer on OU3, GP01 linking to OU1 is applied to the user. In this case by not specifying loopback processing on OU3 this action could be realized.
upvoted 1 times
...
panda
5 years, 7 months ago
A is correct. I should say that B,C,D is not correct. Since three organaizational units are top-level OU, all of them are can't be used. From the above if I don't know Loopback processing, I can determine that A is correct.
upvoted 1 times
panda
5 years, 6 months ago
I don't remember why since three organaizational units are top-level OU, all of them can't be used. I drop my comment.
upvoted 1 times
...
...
psycho202
5 years, 8 months ago
This question confuses me, because none of the options completely prevent the user settings from being applied. This solution, loopback processing, only overwrites the user settings if they are also specified in GPO2. The true solution to this would be item level targeting, where you deny processing for computers in OU2
upvoted 2 times
...
TMW
5 years, 8 months ago
I was a little confused by the computer vs user settings regarding loopback processing, I found this in the official guide to help add some clarity: NOTE DESKTOP SETTINGS Remember that desktop settings are stored in the User Configuration node of a GPO, and that it is therefore logical, in most situations, that the GPO that applies the User Configuration be the GPO(s) linked to the user’s location in AD DS. The GPO connected to OU2 should have loopback processing enabled.
upvoted 1 times
VeiN
4 years, 8 months ago
It`s not possible to handle by item-level targeting because you can`t use it on user objects and target for computer object. If you want users I-LT for users you need to link GPO to Ou with users. The same for computers. The only possibility is to use loopback replace mode on computers Ou. Then if applied correctly any user that logs to that computer will have every user policy overwritten and replaced with what is configured on that computer Ou.
upvoted 1 times
...
...
TMW
5 years, 8 months ago
This one is correct. The user signs into a shared public computer, and the loopback processing will apply the computer settings one last time at the tail end of the group policies applying, overwriting the user settings that were applied to it.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel