Hello,
I'm studying for my active directory certification exam, and there's a concept I just can't seem to understand. It seem so simple, but it's just not making sense. So here is a question from my testbank to illustrate the issue:
You configure a baseline security template Baseline.inf. Several operations groups are responsible for creating templates containing settings that satisfy operational requirements. You receive the templates shown in the following table:
Operations group----------Template name--------Applies to
File and Print-----------------File.inf----------------File servers
Database---------------------DB.inf----------------Database servers
Security----------------------Sec.inf---------------All resource servers
The operations groups agree that in the case of conflicting settings, the priority order listed in the following table establishes the resultants setting.
Template---------------------Priority
Sec.inf---------------------------1
Baseline.inf-----------------------2
Specific server role template-------3
You need to create one or more Group Policy objects (GPOs) to implement the
security settings. You want to minimize the amount of administrative effort
required when changes are requested by the various operations groups.
What should you do?
A. Create a GPO and import the following templates in the following order: Baseline.inf, Sec.inf.
Create a GPO for each server role and import only the specific template for that role into each respective GPO.
B. Create a GPO and import the following templates in the following order:
Sec.inf, Baseline.inf.
Create a GPO for each server role and import only the specific template for that role into each respective GPO.
ANSWER: A
Explanation: Windows Server 2003 processes GPOs from the bottom of the list to the top of the list, with the topmost GPO having the final authority. Because policies contained in GPOs will, by default, overwrite policies previously applied, we would need to import the Baseline.inf before the Sec.inf template.
-------------------------------
So what I don't get is if you import baseline.inf and then the sec.inf you would get:
baseline.inf
sec.inf
Now when the GPos are applied it will process sec.inf, and then baseline.inf. This means baseline.inf has the final authority... but according to the table sec.inf should have a priority of 1???
Which means it should be on the top? huh? what? Blue dragons?!!??!
Bookmarks