InterviewFAQ

No:1 Source to prepare for job interviews.

(http://interviewfaq.co.in/)

Menu

Windows Server Group

.
Policy
Interview
Questions
(http://interviewfaq.co.in/author/ifaqadmin)
(http://interviewfaq.co.in/windows-servergroup-policy-interview-questions.html)
23. Sep / Active Directory (http://interviewfaq.co.in/windows/active-directory)
No Comments (http://interviewfaq.co.in/windows-server-group-policy-interviewquestions.html#comments)

Below is the list of Windows Server Group Policy Interview Questions Asked in Windows
System Administrator / L1/l2/l3 Support Engineer Interviews.
What is group policy in active directory ? What are Group Policy objects (GPOs)?
Group Policy objects, other than the local Group Policy object, are virtual objects. The
policy setting information of a GPO is actually stored in two locations: the Group Policy
container and the Group Policy template.
The Group Policy container is an Active Directory container that stores GPO properties,
including information on version, GPO status, and a list of components that have settings
in the GPO.

The Group Policy template is a folder structure within the

le system that stores

Administrative Template-based policies, security settings, script les, and information

regarding applications that are available for Group Policy Software Installation.
The Group Policy template is located in the system volume folder (Sysvol) in the Policies
subfolder for its domain.
What is the order in which GPOs are applied ?
Group Policy settings are processed in the following order:
1.Local Group Policy object : Each computer has exactly one Group Policy object that is
stored locally. This processes for both computer and user Group Policy processing.
2.Site : Any GPOs that have been linked to the site that the computer belongs to are
processed next. Processing is in the order that is speci ed by the administrator, on the
Linked Group Policy Objects tab for the site in Group Policy Management Console
(GPMC). The GPO with the lowest link order is processed last, and therefore has the
highest precedence.
3.Domain: Processing of multiple domain-linked GPOs is in the order speci ed by the
administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO
with the lowest link order is processed last, and therefore has the highest precedence.
4.Organizational units : GPOs that are linked to the organizational unit that is highest in
the Active Directory hierarchy are processed rst, then POs that are linked to its child
organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit
that contains the user or computer are processed.
At the level of each organizational unit in the Active Directory hierarchy, one, many, or no
GPOs can be linked. If several GPOs are linked to an organizational unit, their processing
is in the order that is speci ed by the administrator, on the Linked Group Policy Objects
tab for the organizational unit in GPMC.

The GPO with the lowest link order is processed last, and therefore has the highest
precedence.
This order means that the local GPO is processed rst, and GPOs that are linked to the
organizational unit of which the computer or user is a direct member are processed last,
which overwrites settings in the earlier GPOs if there are con icts. (If there are no
con icts, then the earlier and later settings are merely aggregated.)
How to backup/restore Group Policy objects ?
Begin the process by logging on to a Windows Server 2008 domain controller, and
opening the Group Policy Management console. Now, navigate through the console tree
to Group Policy Management | Forest: | Domains | | Group Policy Objects.
When you do, the details pane should display all of the group policy objects that are
associated with the domain. In Figure A there are only two group policy objects, but in a
production environment you may have many more. The Group Policy Objects container
stores all of the group policy objects for the domain.
Now, right-click on the Group Policy Objects container, and choose the Back Up All
command from the shortcut menu. When you do, Windows will open the Back Up Group
Policy Object dialog box.
As you can see in Figure B, this dialog box requires you to provide the path to which you
want to store the backup les. You can either store the backups in a dedicated folder on a
local drive, or you can place them in a folder on a mapped network drive. The dialog box
also contains a Description eld that you can use to provide a description of the backup
that you are creating.
You must provide the path to which you want to store your backup of the group policy
objects.
To initiate the backup process, just click the Back Up button. When the backup process

completes, you should see a dialog box that tells you how many group policy objects were
successfully backed up. Click OK to close the dialog box, and youre all done.
When it comes to restoring a backup of any Group Policy Object, you have two options.
The rst option is to right-click on the Group Policy Object, and choose the Restore From
Backup command from the shortcut menu. When you do this, Windows will remove all of
the individual settings from the Group Policy Object, and then implement the settings
found in the backup.
Your other option is to right-click on the Group Policy Object you want to restore, and
choose the Import Settings option. This option works more like a merge than a restore.
Any settings that presently reside within the Group Policy Object are retained unless
there is a contradictory settings within the le that is being imported.
You want to standardize the desktop environments (wallpaper, My Documents, Start
menu, printers etc.) on the computers in one department. How would you do that?
go to Start->programs->Administrative tools->Active Directory Users and Computers
Right Click on Domain->click on preoperties
On New windows Click on Group Policy
Select Default Policy->click on Edit
on group Policy console
go to User Con guration->Administrative Template->Start menu and Taskbar
Select each property you want to modify and do the same
What?s the difference between software publishing and assigning?
Assign Users :The software application is advertised when the user logs on. It is installed
when the user clicks on the software application icon via the start menu, or accesses a le
that has been associated with the software application.
Assign Computers :The software application is advertised and installed when it is safe to
do so, such as when the computer is next restarted.

Publish to users : The software application does not appear on the start menu or desktop.
This means the user may not know that the software is available. The software application
is made available via the Add/Remove Programs option in control panel, or by clicking on
a le that has been associated with the application. Published applications do not reinstall
themselves in the event of accidental deletion, and it is not possible to publish to
computers.
What are administrative templates?
Administrative Templates are a feature of Group Policy, a Microsoft technology for
centralised management of machines and users in an Active Directory environment.
Administrative Templates facilitate the management of registry-based policy. An ADM le
is used to describe both the user interface presented to the Group Policy administrator
and the registry keys that should be updated on the target machines.
An ADM le is a text le with a speci c syntax which describes both the interface and the
registry values which will be changed if the policy is enabled or disabled.
ADM les are consumed by the Group Policy Object Editor (GPEdit). Windows XP Service
Pack 2 shipped with ve ADM les (system.adm, inetres.adm, wmplayer.adm, conf.adm
and wuau.adm). These are merged into a uni ed namespace in GPEdit and presented to
the administrator under the Administrative Templates node (for both machine and user
policy).
Can I deploy non-MSI software with GPO?
create the ile in .zap extension.
Name some GPO settings in the computer and user parts ?
Group

Policy

Object

(GPO)

computer=Computer

Con guration,

Con gurationName some GPO settings in the computer and user parts.

User=User

A user claims he did not receive a GPO, yet his user and computer accounts are in the
right OU, and everyone else there gets the GPO. What will you look for?
make sure user not be member of loopback policy as in loopback policy it doesnt effect
user settings only computer policy will applicable. if he is member of gpo lter grp or not?
You may also want to check the computers event logs. If you nd event ID 1085 then you
may want to download the patch to x this and reboot the computer.
How can I override blocking of inheritance ?
What can I do to prevent inheritance from above?
Name a few bene ts of using GPMC.
How frequently is the client policy refreshed ?
90 minutes give or take.
Where issecedit ?
Its nowgpupdate.
What can be restricted on Windows Server 2003 that wasnt there in previous products
?
Group Policy in Windows Server 2003 determines a users right to modify network and
dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP
address and other network con guration parameters.
You want to create a new group policy but do not wish to inherit.
Make sure you checkBlock inheritanceamong the options when creating the policy.
How does the Group Policy No Override and Block Inheritance work ?
Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and
multiple GPs for each level. Obviously it may be that some policy settings con ict hence
the application order of Site Domain Organization Unit and within each layer you set

order for all de ned policies but you may want to force some polices to never be
overridden (No Override) and you may want some containers to not inherit settings from
a parent container (Block Inheritance).
A good de nition of each is as follows:
No Override This prevents child containers from overriding policies set at higher levels
Block Inheritance Stopscontainersinheriting policies from parent containers
No Override takes precedence over Block Inheritance so if a child container has Block
Inheritance set but on the parent a group policy has No Override set then it will get
applied.
Also the highest No Override takes precedence over lower No Overrides set.
To block inheritance perform the following:
1. Start the Active Directory Users and Computer snap-in (Start Programs
Administrative Tools Active Directory Users and Computers)
2. Right click on the container you wish to stop inheriting settings from its parent and
select
3. Select the Group Policy tab
4. Check the Block Policy inheritance option
5. Click Apply then OK
To set a policy to never be overridden perform the following:
1. Start the Active Directory Users and Computer snap-in (Start Administrative Tools
Active Directory Users and Computers)
2. Right click on the container you wish to set a Group Policy to not be overridden and
select Properties
3. Select the Group Policy tab
4. Click Options

5. Check the No Override option

6. Click OK
7. Click Apply then OK

ManualTesting
Actually

Answers
Administration

Fresher

Accounts

Active

AdministrativeAssistants

ActiveDirectory
Administratives

Previous Page (http://interviewfaq.co.in/windows/active-directory/)

(http://interviewfaq.co.in/windows/active-directory/)
1 (http://interviewfaq.co.in/windows/active-directory/)

3 (http://interviewfaq.co.in/windows/active-directory/page/3)
4 (http://interviewfaq.co.in/windows/active-directory/page/4)
(http://interviewfaq.co.in/windows/active-directory/page/3)
(http://interviewfaq.co.in/windows/active-directory/page/15)
Next Page (http://interviewfaq.co.in/windows/active-directory/page/3)

PRE-PAY FOR WP ENGINE HOSTING FOR 1 YEAR AND GET 2 MONTHS FREE! (http://www.shareasale.com/r.cfm?
b=407239&u=963842&m=41388&urllink=&afftrack=) Optimized page load times, reliability and security. Fast,
Secure and Scalable. (http://www.shareasale.com/r.cfm?b=398787&u=963842&m=41388&urllink=&afftrack=)
Optimized your page load times, reliability and security. Fast, Secure and Scalable.
(http://www.shareasale.com/r.cfm?b=398786&u=963842&m=41388&urllink=&afftrack=)

Speed up WordPress with our baked in CDN, super fast servers and amazing up-time.
(http://www.shareasale.com/r.cfm?b=398784&u=963842&m=41388&urllink=&afftrack=) Month to month
contracts and no sign-up fees! Enjoy exibility with WP Engine. (http://www.shareasale.com/r.cfm?
b=398782&u=963842&m=41388&urllink=&afftrack=) Month to month contracts and no sign-up fees! Enjoy
exibility with WPEngine. (http://www.shareasale.com/r.cfm?b=398781&u=963842&m=41388&urllink=&afftrack=)

Month to month contracts and no sign-up fees! Enjoy exibility with WPEngine. (http://www.shareasale.com/r.cfm?
b=398781&u=963842&m=41388&urllink=&afftrack=) Get 50GB of Premium Bandwidth and 10GB of storage with
WP Engine's standard hosting plan! (http://www.shareasale.com/r.cfm?
b=398777&u=963842&m=41388&urllink=&afftrack=) Speed up WordPress with our baked in CDN, super fast
servers and amazing up-time. (http://www.shareasale.com/r.cfm?
b=398776&u=963842&m=41388&urllink=&afftrack=)

Copyright 2016 Theme design by the Bluth Company www.bluth.is