Group Policy

DojiscalperDojiscalper Member Posts: 266 ■■■□□□□□□□
Ok, I have a couple weeks before I try the 70-410 again. On the exam results I totally suck at Group Policy. I really need to improve this area, it might even be enough to get me a passing score. Anyone got any tips? The practice tests online aren't very accurate, on them Group Policy is my best knowledge area, LOL.

I need to improve my score overall as well, but that will just take more study, more labbing etc.

Comments

  • AndersonSmithAndersonSmith Member Posts: 471 ■■■□□□□□□□
    What are you using for study right now? When I was studying for the MCSA exams I was never able to find good free practice tests. The Transcender Practice Tests for the 410 are excellent though. They're expensive but well worth it for the 410. Group Policy is difficult because it encompasses so much stuff. Really though, beyond that, labbing is what helps a lot with that. I thought I knew quite a bit about Group Policy because of my work experience but when I started studying for the 410 earlier this year I realized there was a ton more I had no clue about. Are you using any kind of training videos? I found the Pluralsight videos to be great for Group Policy coverage as well.
    All the best,
    Anderson

    "Everything that has a beginning has an end"
  • poolmanjimpoolmanjim Member Posts: 285 ■■■□□□□□□□
    Microsoft will go out of their way to trick you with Group Policies. Some will say this is cruel. Having supported Group Policy in the workplace, at a very large company, I'll tell you that the way Microsoft is testing you is similar to things you will find in the real world.

    Remember how GPO Precedence works. Pay attention to the differences between user policy and computer policy. They are going to throw you curveballs. Things like "We've applied this policy to this OU. We have security filtering for this group of users. Who actually gets the policy?" Remember that GPOs only apply to the OUs they are attached to and OUs beneath that OU. Remember that User Policy only affects users and computer policy only affects computers (normally).

    For the software restriction policies and AppLocker rules, I made note cards and drilled myself over and over on what the different types were and how they interacted. That is more rote memorization than anything else it seems.

    For firewalls, understand the basic ports and the quirks that Windows Firewall throws at you.

    Above all else, lab the crap out of this stuff. Just as soon as you understand GPOs lab them more. Group Policy is a deep topic with a lot of breadth.
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    poolmanjim wrote: »
    Microsoft will go out of their way to trick you with Group Policies. Some will say this is cruel. Having supported Group Policy in the workplace, at a very large company, I'll tell you that the way Microsoft is testing you is similar to things you will find in the real world.

    Remember how GPO Precedence works. Pay attention to the differences between user policy and computer policy. They are going to throw you curveballs. Things like "We've applied this policy to this OU. We have security filtering for this group of users. Who actually gets the policy?" Remember that GPOs only apply to the OUs they are attached to and OUs beneath that OU. Remember that User Policy only affects users and computer policy only affects computers (normally).

    For the software restriction policies and AppLocker rules, I made note cards and drilled myself over and over on what the different types were and how they interacted. That is more rote memorization than anything else it seems.

    For firewalls, understand the basic ports and the quirks that Windows Firewall throws at you.

    Above all else, lab the crap out of this stuff. Just as soon as you understand GPOs lab them more. Group Policy is a deep topic with a lot of breadth.
    All good tips. Definitely remember the order of precedence and order of inheritance.

    Check out ITPro.tv for training videos, virtual labs, and Transcender tests. It's actually a pretty good value if you use a coupon code.
  • Louie1277Louie1277 Member Posts: 505 ■■■□□□□□□□
    GPO's and permissions are one of my weak points .. Right now i'm just going over everything to make sure I don't forget it. Haven't gotten to that gPO's yet but hopefully by next week I should.
    2018 Goals: 70-410 [X], 70-411 [],70-412 [] :bow: 410- Passed!!!!!!

    My Goal for the Future
    2012 - *MCSA*(WHO KNOWS WHEN) KEEP FAILING!!!! Not enough time to pass the last 2 exams.
    2021 - *Security+*
    2022 - * Pen Tester*
  • DojiscalperDojiscalper Member Posts: 266 ■■■□□□□□□□
    I can see that they like to be tricky on the questions, thats probably what is tripping me up because I understand whathe plurasight vids are telling me they don't go any deeper than I've already learned from other vids and books. and I understand group policy pretty well. I do know I suck at trick questions, LOL. I've been using the measure up practice tests.
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    The best advice I can give you is the path I took for the 70-640, which was all about Active Directory, and had a MASSIVE section dedicated to all things Group Policy: lab it out, play around, try things, then read up again to help you nail down the details. You'll learn the precedence, how inheritance blocking and enforcement works, you'll figure out where the little gotchas are in CSEs, how machine settings roll out differently from user settings, etc., if you really play and mess with a lab environment. The same goes for a lot of other topics, (like replication, trusts, and Certificate Services, just to name a few,) you have to play around with it. Set yourself up a DC and a member server or two*, and make sure to make a couple of user accounts with varying levels of administrative access; there's nothing worse than realizing you misunderstood how something works because you're using an account with Domain/Enterprise Admins level permissions, which may not be subject to the same rules and restrictions a regular user account is when you're setting these things.

    Videos are great, there's a lot of value in having someone show you how it's done. Reading is fantastic, you'll get a lot out of the facts and figures that are involved in these technologies. The real learning experience, though, is going to be getting your hands dirty. When you've had all kinds of odd thing thrown at you during your lab-setup, fumbled your way through incorrect configurations, and worked your way through a couple of scenarios for each topic you're struggling with, you'll be AMAZED at how much better you understand the test questions.

    *(I used evaluation copies of Windows Server, along with VMware Workstation, but Hyper-V or Virtual Box work just fine. Each machine needed only about 1GB or 2GB of RAM, with 40GB - 60GB thin disks for HDDs. A decently-powerful laptop or desktop should be able to let you run 2 -3 VMs, setting you up for your whole MCSA journey.)

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • AndersonSmithAndersonSmith Member Posts: 471 ■■■□□□□□□□
    I do know I suck at trick questions, LOL. I've been using the measure up practice tests.

    I really never felt like Microsoft was trying to give "trick questions" in any of the 3 MCSA exams I took. The questions really were very straight forward and very practical as far as things you would likely see in the real world. Some of the answers were very complex and I'm not saying the exams were easy by any means, I just didn't feel like I was being tricked. They just want to make sure you really know the technology to get certified. As long as you read every question and every possible answer choice carefully you'll be ok. Sometimes I had to read questions 3 or 4 times to really get an understanding of what they were asking. I would read the question, look at an answer choice and see if it made sense and then repeat the process again for the next answer choice. If I found 2 answers that made sense I would then REALLY take my time reading that question and see what was slightly different about each answer choice and why one made more sense than the other. This process worked very well for the multiple choice answers and even the drop-down ones. The build a list questions were a little more difficult because not only do you have to know the right answers but you have to put them in the correct order. Have you checked out the Exam Ref book for the 410? I found it really helpful for labbing with the 410 and 411 exams. Good luck!
    All the best,
    Anderson

    "Everything that has a beginning has an end"
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Labbing is by far the best way to learn this topic.
  • Ugly-051Ugly-051 Member Posts: 63 ■■■□□□□□□□
    Ok, I have a couple weeks before I try the 70-410 again. On the exam results I totally suck at Group Policy. I really need to improve this area, it might even be enough to get me a passing score. Anyone got any tips? The practice tests online aren't very accurate, on them Group Policy is my best knowledge area, LOL.

    I need to improve my score overall as well, but that will just take more study, more labbing etc.

    Main things to think about for GPOs in both the real world and the exams is the precedence order, locations and replication such as SYSVOL and types of GPOS (User/Computer) as well as links and security.


    Precedence order:


    Local GP > Site Level GPOS > Domain Level GPO > OU Level GPOs > Enfored GPOs.
Sign In or Register to comment.