Group Policy Object (GPO) Core
Active Directory processes GPOs in this specific four-step order.
What is Local, Site, Domain, and Organizational Unit (LSDO)?
This GPO option takes the highest precedence and will prevail over conflicting settings, applying to child containers even if they block inheritance.
What is the Enforce option?
This software component is used for the installation, maintenance, and removal of software on Windows systems.
What is the Windows Installer (MSI)?
This type of CA requires Active Directory Domain Services and is typically used to issue certificates to internal organization users and servers.
What is an Enterprise CA?
This Active Directory role allows administrators to configure Single Sign-On (SSO) for web-based applications across organizations.
What is Active Directory Federation Services (AD FS)?
Computer configuration settings are processed when this happens, while user configuration settings are processed when a user logs on.
What is when the computer starts and powers off?
This filtering method uses the WMI Query Language (WQL) to control who or what a GPO applies to based on hardware or OS properties.
What is WMI filtering?
This type of file is used by administrators to deploy customized MSI files.
What is an MSI transform file?
This file format is the only one that can be used to export a certificate along with its private key.
What is Personal Information Exchange (PKCS #12)?
In an AD FS relationship, the organization that owns the data/resources is the Resource Organization, while the one containing the user accounts is called this.
What is the Account Organization?
This command-line tool is used to manually refresh Group Policy settings
What is gpupdate?
This mechanism is used to assign user policies to computer objects, ensuring specific settings apply to anyone who logs onto that machine.
What is Group Policy loopback processing?
This feature allows an administrator to redirect the content of a user's local folder to a network location, often used alongside Offline Files.
What is Folder Redirection?
This digitally signed list contains all the certificates issued by a CA that have been invalidated before their expiration date.
What is a Certificate Revocation List (CRL)?
This Active Directory object holds the web address of the AD RMS certification cluster, and only one can exist per forest.
What is the Service Connection Point (SCP)?
Security settings are automatically reapplied to a client machine at this specific hourly interval, even if the GPO hasn't changed.
What is every 16 hours?
In Loopback processing, this mode combines the user settings defined in the computer's GPOs with the user's normal settings.
What is Merge mode?
When configuring registry-based Administrative Templates, these are the three available states.
What are Not Configured, Enabled, and Disabled?
To implement auto-enrollment for a certificate template, a user or computer must have the Auto-enroll permission plus these two other permissions.
What are Read and Enroll?
This specific AD RMS certificate is issued the first time a user attempts to access protected content and is used to identify that specific user.
What is a Rights Account Certificate (RAC)?
To run the Group Policy Results Wizard, these what must be available to access WMI on the target computer.
What is computer must be online, have administrative credentials, Windows XP or later, and WMI?
Introduced in Windows Vista and Server 2008, these XML-based files define Administrative Templates and can be stored in the Central Store.
What are ADMX files?
When editing Group Policy Preferences, pressing these two function keys will "Enable All" and "Disable All" editing states respectively.
What are F5 and F8?
This component allows routers, switches, and other non-Windows network devices to be assigned digital certificates.
What is the Network Device Enrollment Service (NDES)?
This AD RMS policy feature allows an administrator to automatically deny access to older, specific versions of client software.
What is Lockbox Version Exclusion?