OU's and GP's

Hi, some of you may have seen me popping in and out for the past few months, I keep studying on and off for 270 but it's difficult finding the time

Anyhow, to cut a story short, I don't administrate the domain at work, so I don't really get much experience using and working with Orginizational Units and Group Policies.
My question is how did you all gain your experience\understanding of it? I have a VM lab but I just don't know how to really implement it into experience without a scenario requirement. I obviously understand their purpose and how to use them, I keep getting questions like this pop up, although I don't know such policies exist:

You administer a Windows 2000 network for a company that manufactures and distributes small appliances. Company policy dictates that all user logon events be authenticated by domain controllers. You must ensure that this policy is carried out. All client computers are running Windows XP Professional.

Which of the following should you perform?

Implement a Group Policy Object that requires domain controller authentication before a workstation can be unlocked.

Implement a GPO that prevents anty previous logon events from being cached.

Grant the Full Control permission for the Domain Controllers container in Active Directory to all users.

Apply the Basicwk.inf security template to all client computers.

Not just this question, group polcies and OU's in general.

Any help is appreciated. Thanks

Find more posts tagged with

Comments

mrhaun03

Well if the previous logon events were cached, the user doesn't' have to authenticate with the domain because his/her credentials are locally cached. If the domain were down, he/she would still be able to login using those cached credentials.

BTW, you probably wanted to ask this question in the server 2003 forum. GPO's will be configured on the server side and pushed out to the XP clients. Although I did see a question similar to this in one of my practice exams for the 70-270.

undomiel

Look through the forums here and you should get a number of ideas for scenarios. Then start implementing things in your VM lab. Take ideas from the questions in your practice exams and so forth. Just keep practicing and you'll get it all down!

amp2030

Unfortunately many practice questions I used when studying for 270 also had 'implement a GPO to...' as correct answer. All I can advise, if you have no experience with the server side, is to go by elimination: if all other answers wouldn't solve the problem... maybe there's a GPO that does it. Pretty weak advice, but short of actually playing around with GPOs in a domain, at least to see what the options are, it's the best you can do.

bwcarty

If you don't have access to a domain controller, focus on familiarizing yourself with the settings under Local Security Policy. As you go through them, you'll see explanations for what the setting will do when enabled/disabled, and GPO's generally just set those policies consistently across groups of computers.

dynamik

undomiel wrote:

Then start implementing things in your VM lab.

Yea, you just have to dig in. Go through everything one by one and play around with them. You'll familiarize yourself with them in time. Also, don't think any of us could name every setting off the top of our head. As you gain experience, you'll start to see which ones are more common than others.