 Question 1. Mention What Is Active Directory?

Answer :

An active directory is a directory structure used on Micro-soft Windows based servers and
computers to store data and information about networks and domains.

 Question 2. What Is Domains In Active Directory?

Answer :

In Windows 2000, a domain defines both an administrative boundary and a security boundary for
a collection of objects that are relevant to a specific group of users on a network. A domain is an
administrative boundary because administrative privileges do not extend to other domains. It is a
security boundary because each domain has a security policy that extends to all security accounts
within the domain. Active Directory stores information about objects in one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A parent domain is
the domain directly superior in the hierarchy to one or more subordinate, or child, domains. A
child domain also can be the parent of one or more child domains.

 Question 3. Mention Which Is The Default Protocol Used In Directory Services?

Answer :

The default protocol used in directory services is LDAP ( Lightweight Directory Access
Protocol).

 Question 4. What Is Mixed Mode?

Answer :

Allows domain controllers running both Windows 2000 and earlier versions of Windows NT to
co-exist in the domain. In mixed mode, the domain features from previous versions of Windows
NT Server are still enabled, while some Windows 2000 features are disabled. Windows 2000
Server domains are installed in mixed mode by default. In mixed mode the domain may have
Windows NT 4.0 backup domain controllers present. Nested groups are not supported in mixed
mode.

 Question 5. Explain The Term Forest In Ad?

Answer :
Forest is used to define an assembly of AD domains that share a single schema for the AD. All
DC’s in the forest share this schema and is replicated in a hierarchical fashion among them.

 Question 6. What Is Native Mode?

Answer :

When all the domain controllers in a given domain are running Windows 2000 Server. This
mode allows organizations to take advantage of new Active Directory features such as Universal
groups, nested group membership, and inter-domain group membership.

 Question 7. Explain What Is Sysvol?

Answer :

The SysVOL folder keeps the server’s copy of the domain’s public files. The contents such as
users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the
domain.

 Question 8. What Is Ldap?

Answer :

LDAP is the directory service protocol that is used to query and update AD. LDAP naming paths
are used to access AD objects and include the following:

 Distinguished names
 Relative Distinguished names

 Question 9. Mention What Is Kerberos?

Answer :

Kerberos is an authentication protocol for network. It is built to offer strong authentication for
server/client applications by using secret-key cryptography.

 Question 10. Minimum Requirement For Installing Ad?

Answer :

 Windows Server, Advanced Server, Datacenter Server

 Minimum Disk space of 200MB for AD and 50MB for log files
 NTFS partition
 TCP/IP Installed and Configured to use DNS
 Administrative privilege for creating a domain in existing network
 Question 11. Mention What Are Lingering Objects?

Answer :

Lingering objects can exists if a domain controller does not replicate for an interval of time that
is longer than the tombstone lifetime (TSL).

 Question 12. What Is Domain Controller?

Answer :

In an Active directory forest, the domain controller is a server that contains a writable copy of
the Active Directory Database participates in Active directory replication and controls access to
network resource.

 Question 13. Mention What Is Tombstone Lifetime?

Answer :

Tombstone lifetime in an Active Directory determines how long a deleted object is retained in
Active Directory. The deleted objects in Active Directory is stored in a special object referred as
TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time is not set in the
forest configuration.

 Question 14. Why We Need Netlogon?

Answer :

Maintains a secure channel between this computer and the domain controller for authenticating
users and services. If this service is stopped, the computer may not authenticate users and
services, and the domain controller cannot register DNS records."

 Question 15. Explain What Is Active Directory Schema?

Answer :

Schema is an active directory component describes all the attributes and objects that the directory
service uses to store data.

 Question 16. What Is Dns Scavenging?

Answer :

Scavenging will help you clean up old unused records in DNS.

 Question 17. Explain What Is A Child Dc?

Answer :

CDC or child DC is a sub domain controller under root domain controller which share name
space

 Question 18. What Is New In Windows Server 2008 Active Directory Domain Services?

Answer :

AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain

Controllers,Restartable Active Directory Domain Services

 Question 19. Explain What Is Rid Master?

Answer :

RID master stands for Relative Identifier for assigning unique IDs to the object created in AD.

 Question 20. Explain What Are Rodcs? And What Are The Major Benefits Of Using
Rodcs?

Answer :

Read only Domain Controller, organizations can easily deploy a domain controller in locations
where physical security cannot be guaranteed.

 Question 21. Mention What Are The Components Of Ad?

Answer :

Components of AD includes
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.

 Question 22. What Is The Number Of Permitted Unsuccessful Log Ons On

Administrator Account?

Answer :

Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of
the Administrators group.

 Question 23. Explain What Is Infrastructure Master?

Answer :
Infrastructure Master is accountable for updating information about the user and group and
global catalogue.

 Question 24. What Hidden Shares Exist On Windows Server 2003 Installation?

Answer :

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

 Question 25. Can You Connect Active Directory To Other 3rd-party Directory Services?
Name A Few Options?

Answer :

Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictionaries
used by SAP, Domino etc with the help of MIIS (Microsoft Identity Integration Server).

 Question 26. What Is The List Folder Contents Permission On The Folder In Ntfs?

Answer :

Same as Read & Execute, but not inherited by files within a folder. However, newly created
subfolders will inherit this permission.

 Question 27. How Do I Set Up Dns For Other Dcs In The Domain That Are Running
Dns?

Answer :

For each additional DC that is running DNS, the preferred DNS setting is the parent DNS server
(first DC in the domain), and the alternate DNS setting is the actual IP address of network
interface.

 Question 28. Where Is Gpt Stored?

Answer :

%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID

 Question 29. Tell Me What Should I Do If The Dc Points To Itself For Dns, But The Srv
Records Still Do Not Appear In The Zone?

Answer :

Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support Tools
from the Windows 2000 Server CD-ROM to run Netdiag.exe.
 Question 30. Abbreviate Gpt And Gpc?

Answer :

GPT : Group policy template.

GPC : Group policy container.

 Question 31. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns Server Is
Behind A Proxy Server Or Firewall?

Answer :

If you are able to query the ISP's DNS servers from behind the proxy server or firewall,
Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers.
UDP and TCP Port 53 should be open on the proxy server or firewall.

 Question 32. Explain What Is The Difference Between Local, Global And Universal
Groups?

Answer :

Domain local groups assign access permissions to global domain groups for local domain
resources. Global groups provide access to resources in other trusted domains. Universal groups
grant access to resources in all trusted domains.

 Question 33. Do You Know What Is The "." Zone In My Forward Lookup Zone?

Answer :

This setting designates the Windows 2000 DNS server to be a root hint server and is usually
deleted. If you do not delete this setting, you may not be able to perform external name
resolution to the root hint servers on the Internet.

 Question 34. Define Lsdou?

Answer :

It’s group policy inheritance model, where the policies are applied to Local machines, Sites,
Domains and Organizational Units

 Question 35. Define Attribute Value?

Answer :

An object's attribute is set concurrently to one value at one master, and another value at a second
master.
 Question 36. What Is Netdom?

Answer :

NETDOM is a command-line tool that allows management of Windows domains and trust
relationships

 Question 37. Do You Know How Kerberos V5 Works?

Answer :

The Kerberos V5 authentication mechanism issues tickets (A set of identification data for a
security principle, issued by a DC for purposes of user authentication. Two forms of tickets in
Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network
services. These tickets contain encrypted data, including an encrypted password, which confirms
the user's identity to the requested service.

 Question 38. What Is Adsiedit?

Answer :

ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory
tool lets you view objects and attributes that are not exposed in the Active Directory
Management Console.

 Question 39. What Is Kerberos V5 Authentication Process?

Answer :

Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos
V5 protocol verifies both the identity of the user and network services. This dual verification is
known as mutual authentication.

 Question 40. Define The Schema Master Failure?

Answer :

Temporary loss of the schema operations master will be visible only if we are trying to modify
the schema or install an application that modifies the schema during installation. A DC whose
schema master role has been seized must never be brought back online.

 Question 41. What Is Replmon?

Answer :
Replmon is the first tool you should use when troubleshooting Active Directory replication
issues

 Question 42. How To Find Fsmo Roles?

Answer :

Netdom query fsmo OR Replmon.exe

 Question 43. Describe The Infrastructure Fsmo Role?

Answer :

When an object in one domain is referenced by another object in another domain, it represents
the reference by the GUID, the SID (for references to security principals), and the DN of the
object being referenced. The infrastructure FSMO role holder is the DC responsible for updating
an object's SID and distinguished name in a cross-domain object reference.

 Question 44. What Are The Advantages Of Active Directory Sites?

Answer :

Active Directory Sites and Services allow you to specify site information. Active Directory uses
this information to determine how best to use available network resources.

 Question 45. Define Edb.chk?

Answer :

This is the checkpoint file used to track the data not yet written to database file. This indicates
the starting point from which data is to be recovered from the log file, in case of failure.

 Question 46. Define Edb.log?

Answer :

This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log.
Where nnnn is the increasing number starting from 1.

 Question 47. How To View All The Gcs In The Forest?

Answer :

repadmin.exe /options * and use IS_GC for current domain options.

nltest /dsgetdc:corp /GC
 Question 48. How To Seize Fsmo Roles?

Answer :

ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo
maintenance prompt - type seize rid master

 Question 49. How To Transfer Fsmo Roles?

Answer :

ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo
maintenance prompt - type trasfer rid master

 Question 50. What Is The Kcc (knowledge Consistency Checker)?

Answer :

The KCC generates and maintains the replication topology for replication within sites and
between sites. KCC runs every 15 minutes.

 Question 51. What Is Schema Information In Active Directory?

Answer :

Definitional details about objects and attributes that one CAN store in the AD. Replicates to all
DCs. Static in nature.

 Question 52. What Is Online Defragmentation In Active Directory?

Answer :

Online Defragmentation method that runs as part of the garbage collection process. The only
advantage to this method is that the server does not need to be taken offline for it to run.
However, this method does not shrink the Active Directory database file (Ntds.dit).

 Question 53. What Is Ads Database Garbage Collection Process?

Answer :

Garbage Collection is a process that is designed to free space within the Active Directory
database. This process runs independently on every DC with a default lifetime interval of 12
hours.
 Question 54. Define Res1.log And Res2.log?

Answer :

This is reserved transaction log files of 20 MB (10 MB each) which provides the transaction log
files enough room to shutdown if the other spaces are being used.

 Question 55. What Is Domain Information In Active Directory?

Answer :

Object information for a domain. Replicates to all DCs within a domain. The object portion
becomes part of GC. The attribute values only replicates within the domain.

 Question 56. What Is Lightweight Directory Access Protocol?

Answer :

LDAP is the directory service protocol that is used to query and update AD. LDAP naming paths
are used to access AD objects and include the following:

 Distinguished names
 Relative Distinguished names

 Question 57. How Will You Verify Whether The Ad Installation Is Proper With Srv
Resource Records?

Answer :

Verify SRV Resource Records: After AD is installed, the DC will register SRV records in DNS
when it restarts. We can check this using DNS MMC or nslookup command.

 Question 58. What Is Ntds.dit?

Answer :

This is the AD database and stores all AD objects. Default location is

SystemRoot%ntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine which is based on the Jet
database and can grow up to 16 TB.

 Question 59. What Is Ntds.dit Schema Table?

Answer :
The types of objects that can be created in the Active Directory, relationships between them, and
the attributes on each type of object. This table is fairly static and much smaller than the data
table.

 Question 60. Mention What Is The Difference Between Domain Admin Groups And
Enterprise Admins Group In Ad?

Answer :

Enterprise Admin Group :

Members of this group have complete control of all domains in the forest By default, this group
belongs to the administrators group on all domain controllers in the forest As such this group has
full control of the forest, add users with caution

Domain Admin Group :

Members of this group have complete control of the domain By default, this group is a member
of the administrators group on all domain controllers, workstations and member servers at the
time they are linked to the domain As such the group has full control in the domain, add users
with caution

Group Policy

 Question 1. Why Should We Use Group Policy?

Answer :

 For deploying software

 We can apply security
 For controlling Users environment, settings, per computer settings
 To manage desktop environment (To standardize environment)
 To modify the registry

 Question 2. What Is Group Policy Object?

Answer :

We call the actual unit that we are creating, deleting, managing, working with is called Group
Policy object.

Group Policy objects have two components:

  Group Policy container
 Group Policy template

 Question 3. What Is Group Policy Container?

Answer :

It is the container in the Active Directory where the Group Policy can be applied. (i.e., either
Organizational unit or Domain or Site)

 Question 4. What Is Group Policy Template?

Answer :

When you create a group policy container automatically a template will be created in the hard
drive, in sysvol folder of the Domain Controller that is called Group Policy template.

 Question 5. Where Is Group Policy Template Stored?

Answer :

Group Policy template stored in sysvol folder.

 Question 6. How To Create A Group Policy?

Answer :

Start –>Programs –>Administrative tools ->Active Directory Users and computers ->Right click
on the container on which you want to apply Group Policy->Select properties-> Click on Group
Policy tab->Click on New

 Question 7. What Are The Steps Do We Have When We Are Creating Group Policy?

Answer :

There are two steps, one is creating Group policy and linking to the container. Generally we
create the group policy at container only so when you click on New it creates and links the GPO
to that container at a time. Suppose if you want to link a group policy object to a container which
is already created click on Add select the group policy.

 Question 8. What Are The Buttons Available On Group Policy Tab In Properties Of A
Container?

Answer :

 New (Creates new GPO)

  Add (links a GPO to this container which has created already)
 Edit (Edits the existing GPO)
 Delete Deletes the GPO
 Options (here you get the following check boxes): (i) No override – Prevent other GPO
from overriding policy set in this one; and(ii) Disabled – This GPO is not applicable to
this container
 Properties

Note: When you are deleting a GPO it asks two things:

 Remove the link from this list

 Remove the link and delete the GPO permanently

 Question 9. What Is No Override Option In Gpo?

Answer :

Generally the policies set at one level will be overridden in other level, so if don’t want to
override this policy under the sub levels of this one you can set this.

Ex: If you set No override at Domain level then that GPO will be applied through out the
Domain, even though you have the same policy differently at OU level.

 Question 10. What Is Block Inheritance Of Gpo And Where It Is?

Answer :

The Block inheritance GPO option blocks the group policies inheriting from the top level, and
takes effect of this present GPO.

Right click on the container –> click on Group Policy –ègo to properties >on the bottom of the
General tab you will find Block inheritance check box

Ex: If you select Block inheritance at OU level then no policy from the Domain level, or Site
level or local policy will not applied to this OU.

 Question 11. You Have Set The No Override Option At Domain Level And Block
Inheritance At Ou Level. Which Policy Will Take Effect?

Answer :

If you have set both then No override wins over the Block inheritance. So No override will take
effect.

 Question 12. What Are The Options That Are Available When You Click On Option
Button On General Tab?
Answer :

 General
 Disable computer configuration settings (The settings those are set under computer
configuration of this GPO will not take effect.)
 Disable user configuration settings (The settings those are set under User configuration of
this GPO will not take effect.)
 Links (Displays the containers which have links to this GPO)
 Security (With security option you can set level of permissions and settings to the
individual users and groups. Ex: If you want to disable this GPO to a particular user on
this container, on security tab select that user and select the deny check box for apply the
Group Policy. Then the GPO will not take effect to that user even though he is in that
container.)

 Question 13. What Will You See In The Group Policy Snap In?

Answer :

You will see two major portions, and under those you have sub portions, they are:

 Computer Configuration
 Software settings
 Software installations
 Windows settings
 Administrative templates
 User configuration
 Software settings
 Software installations
 Windows settings
 Administrative templates

Note: Administrative templates are for modifying the registry of windows 2000 clients.

 Question 14. What Is The Hierarchy Of Group Policy?

Answer :

 Local policy
 Site Policy
 Domain Policy
 OU Policy
 Sub OU Policy (If any are there)

 Question 15. Who Can Create Site Level Group Policy?

Answer :
Enterprise Admin

 Question 16. Who Can Create Domain Level Group Policy?

Answer :

Domain Admin

 Question 17. Who Can Create Organizational Unit Lever Group Policy?

Answer :

Domain Admin

 Question 18. Who Can Create Local Group Policy?

Answer :

Local Administrator or Domain Administrator

 Question 19. What Is The Refresh Interval For Group Policy?

Answer :

Refresh interval for Domain Controllers is 5 minutes, and the refresh interval for all other
computers in the network is 45 minutes (this one doubt).

 Question 20. Why Do We Need To Manage And Control Desktop Environment?

Answer :

 To decrease support time

 Eliminate potential for problems
 One standard environment to support
 Eliminate distractions
 To increase productivity

 Question 21. What Is Group Policy Loop Back Process? How To Set It?

Answer :

Start –>programs –>Administrative tools –>Active Directory users and computers –>Right click
on the container –>click on Group policy tab –>Click on edit –>click on Computer settings –
>click on Administrative templates –>system –>Group policy –>click on User group policy loop
back processing mode –> click OK –> Select enable
 Question 22. What Are The Players That Are Involved In Deploying Software?

Answer :

 Group Policy: Within GP we specify that this software application gets installed to this
particular computer or to this particular user.
 Active Directory: Group Policy will be applied somewhere in Active Directory.
 Microsoft Installer service
 Windows installer packages: The type of package that can be used by Group Policy to
deploy applications is .msi packages i.e., Microsoft Installer packages.

 Question 23. What Is The Package That Can Be Used To Deploy Software Through
Group Policy?

Answer :

Windows installer packages (.msi files)

 Question 24. What Is Microsoft Installer Service?

Answer :

Microsoft Installer Service runs on the client machines in the Windows 2000 domain. It installs
the minimum amount of an application, as you extend functionality it installs the remaining part
of application. It is responsible for installing software in the client. It is also responsible for
modifying, upgrading, applying service packs.

 Question 25. What Is Local Security Policy, Domain Security Policy, And Domain
Controller Security Policy In The Administrative Tools?

Answer :

 Local Security policy: This is group policy applied to local machine

 Domain Security Policy: Group Policy applied at domain level
 Domain Controller Security Policy: Group Policy applied at domain controller level.

 Question 26. What Are The Design Considerations For Group Policy?

Answer :

The following should be considered for designing group policies:

 Minimize linking: Because there may be a chance deleting the original one with seeing
who else are using this GPO. Minimizing linking for simplicity.
 Minimum number of GPO’s: Microsoft suggests that one GPO with 100 settings will
process faster than 100 GPO’s each with one setting. This is for performance.
  Delegate
 Minimize filtering: To keep simple your environment, try to minimize filtering.

If you have more number of GPO’s for a container, whatever GPO is on top will be applied first.
If you want, you can move GPO’s up and down.

If there is conflict between two GPO’s of same container, the last applied GPO will be effective.
i.e., the bottom one will be effective.

 Question 27. What Is Group Policy In Active Directory ? What Are Group Policy
Objects (gpos)?

Answer :

Group Policy objects, other than the local Group Policy object, are virtual objects. The policy
setting information of a GPO is actually stored in two locations: the Group Policy container and
the Group Policy template.

The Group Policy container is an Active Directory container that stores GPO properties,
including information on version, GPO status, and a list of components that have settings in the
GPO.

The Group Policy template is a folder structure within the file system that stores Administrative
Template-based policies, security settings, script files, and information regarding applications
that are available for Group Policy Software Installation.

The Group Policy template is located in the system volume folder (Sysvol) in the Policies
subfolder for its domain.

 Question 28. What Is The Order In Which Gpos Are Applied ?

Answer :

Group Policy settings are processed in the following order:

1. Local Group Policy object : •Each computer has exactly one Group Policy object that
is stored locally. This processes for both computer and user Group Policy processing.
2. Site : •Any GPOs that have been linked to the site that the computer belongs to are
processed next. Processing is in the order that is specified by the administrator, on the
Linked Group Policy Objects tab for the site in Group Policy Management Console
(GPMC). The GPO with the lowest link order is processed last, and therefore has the
highest precedence.
3. Domain: •Processing of multiple domain-linked GPOs is in the order specified by the
administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The
GPO with the lowest link order is processed last, and therefore has the highest
precedence.
 4. Organizational units : •GPOs that are linked to the organizational unit that is highest in
the Active Directory hierarchy are processed first, then POs that are linked to its child
organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit
that contains the user or computer are processed.

At the level of each organizational unit in the Active Directory hierarchy, one, many, or no
GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in
the order that is specified by the administrator, on the Linked Group Policy Objects tab for the
organizational unit in GPMC.

The GPO with the lowest link order is processed last, and therefore has the highest precedence.

This order means that the local GPO is processed first, and GPOs that are linked to the
organizational unit of which the computer or user is a direct member are processed last, which
overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the
earlier and later settings are merely aggregated.)

 Question 29. How To Backup/restore Group Policy Objects ?

Answer :

 Begin the process by logging on to a Windows Server 2008 domain controller, and
opening the Group Policy Management console. Now, navigate through the console tree
to Group Policy Management | Forest: | Domains | | Group Policy Objects.
 When you do, the details pane should display all of the group policy objects that are
associated with the domain. In Figure A there are only two group policy objects, but in a
production environment you may have many more. The Group Policy Objects container
stores all of the group policy objects for the domain.
 Now, right-click on the Group Policy Objects container, and choose the Back Up All
command from the shortcut menu. When you do, Windows will open the Back Up Group
Policy Object dialog box.
 As you can see in Figure B, this dialog box requires you to provide the path to which you
want to store the backup files. You can either store the backups in a dedicated folder on a
local drive, or you can place them in a folder on a mapped network drive. The dialog box
also contains a Description field that you can use to provide a description of the backup
that you are creating.
 You must provide the path to which you want to store your backup of the group policy
objects.
 To initiate the backup process, just click the Back Up button. When the backup process
completes, you should see a dialog box that tells you how many group policy objects
were successfully backed up. Click OK to close the dialog box, and you’re all done.
 When it comes to restoring a backup of any Group Policy Object, you have two options.
The first option is to right-click on the Group Policy Object, and choose the Restore From
Backup command from the shortcut menu. When you do this, Windows will remove all
of the individual settings from the Group Policy Object, and then implement the settings
found in the backup.
  Your other option is to right-click on the Group Policy Object you want to restore, and
choose the Import Settings option. This option works more like a merge than a restore.
 Any settings that presently reside within the Group Policy Object are retained unless
there is a contradictory settings within the file that is being imported.

 Question 30. You Want To Standardize The Desktop Environments (wallpaper, My

Documents, Start Menu, Printers Etc.) On The Computers In One Department. How
Would You Do That?

Answer :

 Go to Start->programs->Administrative tools->Active Directory Users and Computers

 Right Click on Domain->click on preoperties
 On New windows Click on Group Policy
 Select Default Policy->click on Edit
 on group Policy console
 go to User Configuration->Administrative Template->Start menu and Taskbar.
 Select each property you want to modify and do the same.

 Question 31. What Is The Difference Between Software Publishing And Assigning?

Answer :

Assign Users :The software application is advertised when the user logs on. It is installed when
the user clicks on the software application icon via the start menu, or accesses a file that has been
associated with the software application.

Assign Computers :The software application is advertised and installed when it is safe to do so,
such as when the computer is next restarted.

Publish to users : The software application does not appear on the start menu or desktop. This
means the user may not know that the software is available. The software application is made
available via the Add/Remove Programs option in control panel, or by clicking on a file that has
been associated with the application. Published applications do not reinstall themselves in the
event of accidental deletion, and it is not possible to publish to computers.

 Question 32. What Are Administrative Templates?

Answer :

Administrative Templates are a feature of Group Policy, a Microsoft technology for centralised
management of machines and users in an Active Directory environment. Administrative
Templates facilitate the management of registry-based policy. An ADM file is used to describe
both the user interface presented to the Group Policy administrator and the registry keys that
should be updated on the target machines.
An ADM file is a text file with a specific syntax which describes both the interface and the
registry values which will be changed if the policy is enabled or disabled.

ADM files are consumed by the Group Policy Object Editor (GPEdit). Windows XP Service
Pack 2 shipped with five ADM files (system.adm, inetres.adm, wmplayer.adm, conf.adm and
wuau.adm). These are merged into a unified “namespace” in GPEdit and presented to the
administrator under the Administrative Templates node (for both machine and user policy).

 Question 33. Can I Deploy Non-msi Software With Gpo?

Answer :

create the file in.zap extension.

 Question 34. Name Some Gpo Settings In The Computer And User Parts ?

Answer :

Group Policy Object (GPO) computer=Computer Configuration, User=User ConfigurationName

some GPO settings in the computer and user parts.

 Question 35. A User Claims He Did Not Receive A Gpo, Yet His User And Computer
Accounts Are In The Right Ou, And Everyone Else There Gets The Gpo. What Will You
Look For?

Answer :

make sure user not be member of loopback policy as in loopback policy it doesn’t effect user
settings only computer policy will applicable. if he is member of gpo filter grp or not.

You may also want to check the computers event logs. If you find event ID 1085 then you may
want to download the patch to fix this and reboot the computer.

 Question 36. How Frequently Is The Client Policy Refreshed ?

Answer :

90 minutes give or take.

 Question 37. Where Is Secedit ?

Answer :

It’s now gpupdate.

 Question 38. What Can Be Restricted On Windows Server 2003 That Wasn’t There In
Previous Products ?

Answer :

Group Policy in Windows Server 2003 determines a users right to modify network and dial-up
TCP/IP properties. Users may be selectively restricted from modifying their IP address and other
network configuration parameters.

 Question 39. You Want To Create A New Group Policy But Do Not Wish To Inherit.

Answer :

Make sure you check Block inheritance among the options when creating the policy.

 Question 40. How Does The Group Policy ‘no Override’ And ‘block Inheritance’ Work ?

Answer :

Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and
multiple GP’s for each level. Obviously it may be that some policy settings conflict hence the
application order of Site – Domain – Organization Unit and within each layer you set order for
all defined policies but you may want to force some polices to never be overridden (No
Override) and you may want some containers to not inherit settings from a parent container
(Block Inheritance).

A good definition of each is as follows:

No Override – This prevents child containers from overriding policies set at higher levels

Block Inheritance – Stops containers inheriting policies from parent containers

No Override takes precedence over Block Inheritance so if a child container has Block
Inheritance set but on the parent a group policy has No Override set then it will get applied.

Also the highest No Override takes precedence over lower No Override’s set.

To block inheritance perform the following:

1. Start the Active Directory Users and Computer snap-in (Start – Programs –
Administrative Tools – Active Directory Users and Computers)
2. Right click on the container you wish to stop inheriting settings from its parent and select
3. Select the ‘Group Policy’ tab
4. Check the ‘Block Policy inheritance’ option
5. Click Apply then OK
To set a policy to never be overridden perform the following:

1. Start the Active Directory Users and Computer snap-in (Start – – Administrative Tools –
Active Directory Users and Computers)
2. Right click on the container you wish to set a Group Policy to not be overridden and
select Properties
3. Select the ‘Group Policy’ tab
4. Click Options
5. Check the ‘No Override’ option
6. Click OK
7. Click Apply then OK