ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 5 question 20 discussion

Actual exam question from Microsoft's AZ-800
Question #: 20
Topic #: 5
[All AZ-800 Questions]

HOTSPOT -
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GPO1 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GPOI to meet the following requirements:
✑ GPO1 must apply only to the users in Group1.
✑ The solution must use the principle of least privilege.
Which permissions should you grant to Group1 and the Domain Computers group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by lukiduc9625 at Sept. 22, 2022, 10:09 a.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Trupix
Highly Voted 2 years, 5 months ago
Group1 > "Apply group policy and Read" | Domain Computers > Read only"
upvoted 28 times
JPO2021
7 months, 2 weeks ago
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/cannot-apply-user-gpo-when-computer-objects-dont-have-read-permissions
upvoted 2 times
...
...
lukiduc9625
Highly Voted 2 years, 6 months ago
suggested answer is wrong: Permissions for Group1 are correct, but for Domain Computers correct permissions are "Read only". When you choose "Apply group policy only" GPO will not be applied for users - I have checked it in my lab
upvoted 5 times
lukiduc9625
2 years, 6 months ago
I'm wrong! I should write: Permissions for Group1 should be "Apply group policy and Read" and for Domain Computers correct permissions are "Read only". When you choose "Read only"for Group1 GPO will not be applied for members of Group1. You shouldn't choose "Apply group policy" specific permission for Domain Computers group, because this GPO is not designed for this group, but this group have to have Read specific permission - I have checked it in my lab
upvoted 12 times
...
...
formacaotismic
Most Recent 4 months, 3 weeks ago
Group1: Apply group policy and Read For Group1, you need to grant both "Apply group policy" and "Read" permissions to ensure the GPO is applied correctly. This combination allows the users in Group1 to read the GPO settings and have them applied. Domain Computers: Read only This configuration ensures that only the users in Group1 will have the GPO applied to them, while the Domain Computers group will have the necessary read permissions to process the GPO without applying it.
upvoted 1 times
...
SIAMIANJI
11 months, 2 weeks ago
To meet the requirements, you should configure permissions for GPO1 as follows: Grant Apply Group Policy Permission to Group1: Grant the Apply Group Policy permission to the Group1 security group. This permission allows the members of Group1 to apply the settings within GPO1. Ensure that no other permissions are granted to Group1 on the GPO. Grant Read Permission to Domain Computers: Grant the Read permission to the Domain Computers group. This permission allows the computers in the domain to read the GPO settings but not apply them. Ensure that no other permissions are granted to Domain Computers on the GPO.
upvoted 1 times
...
rknichols01
1 year, 3 months ago
this is from Co-Pilot Therefore, to meet the requirements, you should grant the following permissions: Group1: Apply Group Policy permission only. Domain Computers: Read and Apply Group Policy permissions 1.
upvoted 2 times
...
MR_Eliot
1 year, 6 months ago
Answers are as follows: Group1: Apply & Read Computer Group: Read
upvoted 3 times
MR_Eliot
1 year, 6 months ago
Group policy requires each computer account to have permission to read GPO data from a domain controller for User Group Policy settings to be successfully applied.
upvoted 1 times
...
...
amartinsalves
1 year, 8 months ago
I believe the required permission for Domain Computer is "Read Only" and maybe the explanation is in this article: https://support.microsoft.com/en-us/topic/ms16-072-security-update-for-group-policy -june-14-2016-7570425d-d460-3003-b2ac-a464c874725d
upvoted 1 times
...
syu31svc
2 years ago
https://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/ Group 1 should be read and apply Computers read only since "must apply only to the users in Group1"
upvoted 2 times
...
elmertar
2 years, 3 months ago
Group 1 => apply and read Domain computers (imho better to use authenticated users) => read
upvoted 4 times
...
johosofat
2 years, 5 months ago
I dont like this answer at all- this question says the policy must apply to the users not the computer- the computers would need to be ready and the group1 would need to be apply- that is what i am going with - https://www.freepdfdumps.com/Microsoft.AZ-800.v2022-08-15.q92.html?p=2#
upvoted 3 times
...
ProfileX
2 years, 6 months ago
This wasn't the case in the past, so on older / unpatched systems this might not be correct. But a change was made to improve security, "Prior to the update, domain joined computers used the user's security context to make the connection and retrieve the policies. After the update is applied, domain joined computers will now retrieve all policies using the computer security context" https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/who-broke-my-user-gpos/ba-p/258781
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PT0-002
Mexico City, 1 minute ago