«
»

Microsoft 70-630 answer and question

You have created a domain local security group named IISADMINS in the single domain that is used at your organization. This group will be assigned special permissions and rights on your organization’s Web servers. You want to limit the membership of that group to four users: 70-630  Orin, Oksana, Kasia, and Shan. The computers running Windows Server 2003 that host the organization’s Web Servers have all been placed in an organizational unit named IISSERV. IISSERV is a child OU of the MEMBERSERV OU. There are three sites at your company: HQ, Branch One, and Branch Two. Two IIS servers are located at Branch One, three are located at HQ, and one is located at Branch Two. You have configured the restricted groups node of a security template as shown in the figure below. n10-003 The IISADMINS group has been assigned permissions only on the servers that are located within the IISSERV OU. Which of the following methods represents the best way of using this security template to meet your goal of limiting the membership of the IISADMINS group to the specified users?  642-524

  1. Import the Restricted-Group-IISADMINS security template into the Default Domain GPO.

  2. Import the Restricted-Group-IISADMINS security template into a GPO which you then apply to the IISSERV OU. HP0-J23

  3. Create a GPO, import the Restricted-Group-IISADMINS security template, and apply the GPO to the IISADMINS group.

  4. Log on to each IIS server locally and import the Restricted-Group-IISADMINS security template into the local Group Policy object.  642-481

    Correct Answers: B

    1. Incorrect Unless there is good reason to do otherwise, try to be as specific as possible when importing security templates. Because this template influences only servers in the IISSERV OU, this OU is the best place to apply a GPO that has had this template imported.  n10-003

    2. Correct This answer follows the principle of applying Group Policy objects as specifically as possible. Rather than all computers in the domain having to process this policy when it isn’t relevant, only member systems in the IISSERV OU will have to process it.  000-061

    3. Incorrect Group Policy objects cannot be applied to groups. They can be applied only to organizational units, sites, and domains.  70-652

    4. Incorrect The Restricted Groups node is not available in local Group Policy objects. This security template can only be used on policies applied at the site, domain, or organizational unit level.  MB6-817

This entry was posted on Friday, February 20th, 2009 at 3:06 am and is filed under IT certification. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply