none
关于组策略应用 RRS feed

  • 问题

  • 请教该题为D,是否正确呢?特别对“Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1”不是太理解?

    Your network contains an Active Directory domain named contoso.com. The domain contains an organizational
    unit (OU) named OU1. You have a Group Policy object (GPO) named GPO1 that is linked to contoso.com. GPO1
    contains custom security settings. You need to design a Group Policy strategy to meet the following requirements:
    The security settings in GPO1 must be applied to all client computers. Only GPO1 and other GPOs that are linked to OU1
    must be applied to the client computers in OU1.
    What should you include in the design?
    More than one answer choice may achieve the goal. Select the BEST answer.
    A. Enable the Block Inheritance option at the domain level. Enable the Enforced option on GPO1.
    B. Enable the Block Inheritance option on OU1. Link GPO1 to OU1.
    C. Enable the Block Inheritance option on OU1. Enable the Enforced option on all of the GPOs linked to OU1.
    D. Enable the Block Inheritance option on OU1. Enable the Enforced option on GPO1.

    2018年7月18日 0:36

答案

  • 您好,

    “Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1”

    这句话的意思是只有GPO1和其他直接链接到OU1的GPO会被应用给OU里的计算机,也就是说OU1的上一级OU或者域级别都可能链接了很多别的GPO,但是对于OU1来说,不应用其他的那些GPO。您可以参照下面这个截图:

    正常来说,OU1里的计算机会应用GPO1,GPO2,GPO3,GPO4,而这一题的需求,则是只应用GPO1和GPO4(直接链接到OU1)。

    因此,我们需要启用Enforced 选项使GPO1始终会被应用,启用Block Inheritance选项使OU1里的计算机不应用GPO2,GPO3。

    我们可以参考下面的文章,以了解更多关于Enforced 和Block Inheritance的信息:

    https://blogs.technet.microsoft.com/grouppolicy/2009/12/18/tales-from-the-community-enforced-vs-block-inheritance/

    http://blog.chinaunix.net/uid-28400987-id-3428504.html

    请注意:由于该网站不是由微软托管的,该链接可能会改变,恕不另行通知。 Microsoft不保证此信息的准确性。

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 pjj1112 2018年7月18日 3:01
    2018年7月18日 1:35
    版主

全部回复

  • 您好,

    “Only GPO1 and other GPOs that are linked to OU1 must be applied to the client computers in OU1”

    这句话的意思是只有GPO1和其他直接链接到OU1的GPO会被应用给OU里的计算机,也就是说OU1的上一级OU或者域级别都可能链接了很多别的GPO,但是对于OU1来说,不应用其他的那些GPO。您可以参照下面这个截图:

    正常来说,OU1里的计算机会应用GPO1,GPO2,GPO3,GPO4,而这一题的需求,则是只应用GPO1和GPO4(直接链接到OU1)。

    因此,我们需要启用Enforced 选项使GPO1始终会被应用,启用Block Inheritance选项使OU1里的计算机不应用GPO2,GPO3。

    我们可以参考下面的文章,以了解更多关于Enforced 和Block Inheritance的信息:

    https://blogs.technet.microsoft.com/grouppolicy/2009/12/18/tales-from-the-community-enforced-vs-block-inheritance/

    http://blog.chinaunix.net/uid-28400987-id-3428504.html

    请注意:由于该网站不是由微软托管的,该链接可能会改变,恕不另行通知。 Microsoft不保证此信息的准确性。

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 pjj1112 2018年7月18日 3:01
    2018年7月18日 1:35
    版主
  • 非常详细的解析,谢谢!!!
    2018年7月18日 3:02