Question 1
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named TestOU that contains test computers.
You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
Add Tech1 to the Group Policy Creator Owners group.
From Group Policy Management, modify the Delegation settings of the TestOU OU.
Add Tech1 to the Protected Users group.
From Group Policy Management, modify the Delegation settings of the contoso.com container.
Create a new universal security group and add Tech1 to the group.
Correct answer: AB
Explanation:
The Group Policy Creator Owners group lets its members create new GPOs. You can delegate the ability for users to be given the ability to link GPOs to an OU or domain via the Delegation tab of the OU/domain/site within the GPMC. References: http://www.itprotoday.com/management-mobility/what-group-policy-creator-owners-group http://www.itprotoday.com/management-mobility/how-do-i-delegate-permissions-someone-edit-gpo
The Group Policy Creator Owners group lets its members create new GPOs.
You can delegate the ability for users to be given the ability to link GPOs to an OU or domain via the Delegation tab of the OU/domain/site within the GPMC.
References:
http://www.itprotoday.com/management-mobility/what-group-policy-creator-owners-group
http://www.itprotoday.com/management-mobility/how-do-i-delegate-permissions-someone-edit-gpo