ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 8 discussion

Actual exam question from Microsoft's AZ-800
Question #: 8
Topic #: 1
[All AZ-800 Questions]

Your network contains an Active Directory Domain Services (AD DS) domain. The network also contains 20 domain controllers, 100 member servers, and 100 client computers.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.
You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group
Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?

  • A. Domain
  • B. Operating System
  • C. Security Group
  • D. Environment Variable
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kijken at Oct. 26, 2022, 10:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kijken
Highly Voted 2 years, 4 months ago
Nothing is mentioned about OS. Domain controllers can have the same OS. I would do it based on C
upvoted 11 times
kijken
2 years, 4 months ago
I want to correct this answer, I did some testing, and the operating system option has a computer role option in it. You can set that to member server. So this is a valid option. Security group is also possible, but requires more overhead. You should always choose the best option. Same for D, which would also be a possibility. Domain is rubish So B is correct
upvoted 20 times
...
boapaulo
1 year, 3 months ago
Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.
upvoted 1 times
sardonique
11 months, 1 week ago
you're in the wrong direction. it takes time to create a group with all the servers needed, especially if these server are spread around many OUs, whereas it takes only 7 objects to configure within the "Operating Systems" option: one for each major release of Windows Server: 2003,2003r2,2008,2008r2,2012,2012r2,2022, it allows you to specify "domain member"
upvoted 2 times
...
...
...
Kumar_ram_
Most Recent 2 days, 7 hours ago
Selected Answer: B
Option Description Product The product name of the operating system. Edition The edition of the product such as Enterprise, Standard, or Web. Release The release of the product. If the desired service pack does not appear in the list, type the full name of the service pack in the box (for example, Service Pack 3). Computer role The role of the computer. A computer that is running Windows has one of three roles: Workstation: A domain-joined computer that is running any release of Windows® 7, Windows Vista®, or Windows XP. Member Server: A domain-joined computer that is running any release of Windows Server® 2008 R2, Windows Server 2008, or Windows Server 2003. Domain Controller: A computer running any release of Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 that hosts Active Directory® directory service for the domain.
upvoted 1 times
...
thomasemr
1 month, 2 weeks ago
Selected Answer: B
B because is possible choice in Computer Role on Targeting Editor, if Member Server or Domain Controller
upvoted 1 times
...
Mustapha_Hadrich
2 months, 1 week ago
Selected Answer: C
I would say security groups because domain controllers and member server could have the same os
upvoted 2 times
...
aamirabbas
2 months, 1 week ago
Selected Answer: C
The best option is: C. Security Group Explanation: Using Security Group allows you to create a group specifically for domain member servers and apply the preference only to the computers in that group. This approach provides precise control, is scalable, and aligns with the requirement to apply the settings only to member servers while excluding domain controllers and client computers. It's also easier to manage over time as member servers can simply be added or removed from the group as needed.
upvoted 1 times
...
stonwall12
2 months, 1 week ago
Answer: C, Security Group. This solution allows you to target Group Policy preferences to specific computers by adding the member servers to a dedicated security group. IT IS NOT OPERATING SYSTEM: Operating System targeting isn't ideal because server environments often run a mix of Windows Server versions simultaneously (like Server 2019 and 2022). This would require creating and maintaining multiple OS-specific targeting rules, increasing complexity and administrative overhead compared to the simpler approach of using a security group.
upvoted 1 times
nonoelptirobo
3 weeks, 5 days ago
actually there is a specific role section in the item level OS targeting : https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)#operating-system-targeting The role of the computer. A computer that is running Windows has one of three roles: Workstation: A domain-joined computer that is running any release of Windows® 7, Windows Vista®, or Windows XP. Member Server: A domain-joined computer that is running any release of Windows Server® 2008 R2, Windows Server 2008, or Windows Server 2003. Domain Controller: A computer running any release of Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 that hosts Active Directory® directory service for the domain. trick question as "least complex" would be that (creating / adding computers to a sec group is being a step to do to every new server created )
upvoted 1 times
...
...
Midoria
3 months, 3 weeks ago
Operating System Targeting includes a Computer Role option, which allows you to specify whether the preference applies to Domain Controllers, Member Servers, or Workstations. By selecting Member Server, you can easily apply the preference to only member servers, avoiding the need to manually manage security groups. Why this works better: It avoids the additional step of creating or maintaining a security group. It minimizes administrative effort by leveraging built-in functionality. B
upvoted 2 times
...
AB164
4 months ago
This is not a clear answer, who can explain please ?
upvoted 1 times
...
Ksk08
4 months, 3 weeks ago
Answer is c
upvoted 1 times
...
TTC000
5 months, 1 week ago
Selected Answer: C
Explanation: You need to apply the Group Policy Object (GPO) only to member servers, while excluding domain controllers and client computers. The most efficient way to do this with minimal administrative effort is by using Security Group targeting. You can place all the member servers into a security group, and then apply the GPO preference specifically to that group. This approach ensures that only the specified member servers receive the GPO preference, without impacting domain controllers or client computers. This method provides a granular way of controlling which machines the policy applies to.
upvoted 1 times
...
syu31svc
5 months, 3 weeks ago
Selected Answer: B
"apply only to domain member servers and NOT to domain controllers or client computers" From the link Computer role The role of the computer. A computer that is running Windows has one of three roles: Workstation: A domain-joined computer that is running any release of Windows® 7, Windows Vista®, or Windows XP. Member Server: A domain-joined computer that is running any release of Windows Server® 2008 R2, Windows Server 2008, or Windows Server 2003. Domain Controller: A computer running any release of Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 that hosts Active Directory® directory service for the domain. B is correct
upvoted 3 times
boapaulo
1 year, 3 months ago
Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.
upvoted 2 times
...
...
JPO2021
7 months, 2 weeks ago
Option B “Operating System” *An Operating System targeting item allows a preference item to be applied to computers or users only if the processing computer's operating system's product name, release, edition, or computer role matches those specified in the targeting item. If Is Not is selected, it allows the preference item to be applied only if the operating system's product name, release, edition, or computer role does not match those specified in the targeting item. *https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v=ws.11)
upvoted 2 times
...
linuxlinuxmint
10 months, 1 week ago
# Définition des rôles que vous souhaitez filtrer $roles = @("DHCP", "DNS") # Ajoutez d'autres rôles au besoin # Filtrer les serveurs ayant des rôles spécifiques $serveursAvecRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -in $roles } | Select-Object PSComputerName # Filtrer les serveurs sans rôles spécifiques $serveursSansRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -notin $roles } | Select-Object PSComputerName # Afficher les résultats Write-Host "Serveurs avec des rôles spécifiques ($roles) :" $serveursAvecRoles Write-Host "Serveurs sans des rôles spécifiques ($roles) :" $serveursSansRoles
upvoted 1 times
...
sardonique
11 months, 1 week ago
As always the question has an ambiguous interpretation. If you have a security group that already contains all the desired computer objects, this solution is the faster. however you cannot assume that. so you would need to create a group and put all the servers as members of the group. you can acheive that using powershell pretty quickly. in my opinion the "Operating System" option is the way to go since it allows to filter by role: "Any", "Member Server" and "Domain Controller", so you would need to add a few rows (7 from 2003 to 2022) such as OS is server 2003 family, OS is server 2003R2 family, OS is server 2008 family .... and for each one of these you would chose the role "Member Server".
upvoted 3 times
...
rasmart
11 months, 1 week ago
Selected Answer: C
This seems to be the most effective approach. You could create a security group that includes all the member servers and then target this group with the GPO. This method is precise and allows you to have full control over which servers are affected by the GPO. It requires some initial setup to create and populate the security group, but it minimizes ongoing administrative effort as the group membership dictates the GPO application.
upvoted 1 times
...
SanMan_NZ
1 year, 1 month ago
Selected Answer: B
OS targeting is correct only because there is an item under OS targeting called 'Computer Role' which has options to select 'Workstation', Member Srv' or 'Domain Controller.' Answer B is works and the easiest way to achieve the objective.
upvoted 3 times
Mustapha_Hadrich
2 months, 1 week ago
unless you use wmi filter like Select * from Win32_ComputerSystem where DomainRole < 4 the easiest way is by security groups
upvoted 1 times
...
...
squilly
1 year, 1 month ago
B does not make much sense, member servers and the domain controller very likely can have the same OS, security group would be much better.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago