AZ-800 / Q8 / T1

kijken

Highly Voted 2 years, 1 month ago 

Nothing is mentioned about OS. Domain controllers can have the same OS. I would do it based on C

upvoted 11 times 

kijken

2 years, 1 month ago 

I want to correct this answer, I did some testing, and the operating system option has a computer role option in it. You can set that to member server. So this is a valid option. Security group is also possible, but requires more overhead. You should always choose the best option. Same for D, which would also be a possibility. Domain is rubish So B is correct

upvoted 20 times 

boapaulo

1 year ago 

Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.

upvoted 1 times 

sardonique

8 months ago 

you're in the wrong direction. it takes time to create a group with all the servers needed, especially if these server are spread around many OUs, whereas it takes only 7 objects to configure within the "Operating Systems" option: one for each major release of Windows Server: 2003,2003r2,2008,2008r2,2012,2012r2,2022, it allows you to specify "domain member"

upvoted 1 times 

Midoria

Most Recent 2 weeks, 5 days ago 

Operating System Targeting includes a Computer Role option, which allows you to specify whether the preference applies to Domain Controllers, Member Servers, or Workstations. By selecting Member Server, you can easily apply the preference to only member servers, avoiding the need to manually manage security groups. Why this works better: It avoids the additional step of creating or maintaining a security group. It minimizes administrative effort by leveraging built-in functionality. B

upvoted 1 times 

AB164

4 weeks ago 

This is not a clear answer, who can explain please ?

upvoted 1 times 

Ksk08

1 month, 1 week ago 

Answer is c

upvoted 1 times 

TTC000

2 months ago 

Selected Answer: C

Explanation: You need to apply the Group Policy Object (GPO) only to member servers, while excluding domain controllers and client computers. The most efficient way to do this with minimal administrative effort is by using Security Group targeting. You can place all the member servers into a security group, and then apply the GPO preference specifically to that group. This approach ensures that only the specified member servers receive the GPO preference, without impacting domain controllers or client computers. This method provides a granular way of controlling which machines the policy applies to.

upvoted 1 times 

syu31svc

2 months, 2 weeks ago 

Selected Answer: B

"apply only to domain member servers and NOT to domain controllers or client computers" From the link Computer role The role of the computer. A computer that is running Windows has one of three roles: Workstation: A domain-joined computer that is running any release of Windows® 7, Windows Vista®, or Windows XP. Member Server: A domain-joined computer that is running any release of Windows Server® 2008 R2, Windows Server 2008, or Windows Server 2003. Domain Controller: A computer running any release of Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 that hosts Active Directory® directory service for the domain. B is correct

upvoted 3 times 

boapaulo

1 year ago 

Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.

upvoted 2 times 

JPO2021

4 months ago 

Option B “Operating System” *An Operating System targeting item allows a preference item to be applied to computers or users only if the processing computer's operating system's product name, release, edition, or computer role matches those specified in the targeting item. If Is Not is selected, it allows the preference item to be applied only if the operating system's product name, release, edition, or computer role does not match those specified in the targeting item. *https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v=ws.11)

upvoted 1 times 

linuxlinuxmint

7 months ago 

# Définition des rôles que vous souhaitez filtrer $roles = @("DHCP", "DNS") # Ajoutez d'autres rôles au besoin # Filtrer les serveurs ayant des rôles spécifiques $serveursAvecRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -in $roles } | Select-Object PSComputerName # Filtrer les serveurs sans rôles spécifiques $serveursSansRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -notin $roles } | Select-Object PSComputerName # Afficher les résultats Write-Host "Serveurs avec des rôles spécifiques ($roles) :" $serveursAvecRoles Write-Host "Serveurs sans des rôles spécifiques ($roles) :" $serveursSansRoles

upvoted 1 times 

sardonique

8 months ago 

As always the question has an ambiguous interpretation. If you have a security group that already contains all the desired computer objects, this solution is the faster. however you cannot assume that. so you would need to create a group and put all the servers as members of the group. you can acheive that using powershell pretty quickly. in my opinion the "Operating System" option is the way to go since it allows to filter by role: "Any", "Member Server" and "Domain Controller", so you would need to add a few rows (7 from 2003 to 2022) such as OS is server 2003 family, OS is server 2003R2 family, OS is server 2008 family .... and for each one of these you would chose the role "Member Server".

upvoted 3 times 

rasmart

8 months ago 

Selected Answer: C

This seems to be the most effective approach. You could create a security group that includes all the member servers and then target this group with the GPO. This method is precise and allows you to have full control over which servers are affected by the GPO. It requires some initial setup to create and populate the security group, but it minimizes ongoing administrative effort as the group membership dictates the GPO application.

upvoted 1 times 

SanMan_NZ

9 months, 4 weeks ago 

Selected Answer: B

OS targeting is correct only because there is an item under OS targeting called 'Computer Role' which has options to select 'Workstation', Member Srv' or 'Domain Controller.' Answer B is works and the easiest way to achieve the objective.

upvoted 2 times 

squilly

10 months, 3 weeks ago 

B does not make much sense, member servers and the domain controller very likely can have the same OS, security group would be much better.

upvoted 1 times 

Tim1119

11 months, 1 week ago 

Selected Answer: C

As domain controllers and member servers could be the same OS, the answer should be C / Security Group.

upvoted 1 times 

PapaLion

12 months ago 

Security GROUP is the CORRECT Answer, because the question plan to apply it at the DOMAIN Level, So we don't know wich OS versions have the DCs and the member servers...can be the same....SO......SECURITY GROUP!

upvoted 1 times 

boapaulo

1 year ago 

To ensure that the preference in GPO1 applies only to domain member servers and NOT to domain controllers or client computers, you should use Security Group item-level targeting. You can create a security group that includes only the member servers, and then use item-level segmentation to apply the preference only to that security group. This ensures that the preference is applied only to member servers, minimizing administrative effort and adhering to the principle of least privilege C: is correct - Security Group

upvoted 1 times 

boapaulo

1 year ago 

Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.

upvoted 1 times 

cao75rgl

1 year, 5 months ago 

Se puede hacer por OS mediante un filtro WMI, tomando el "Product Type: 3" se selecciona los equipos que son member server.

upvoted 1 times 

pass601

1 year, 6 months ago 

B is CORRECT ANSWER

upvoted 1 times 

edykss

2 years, 1 month ago 

Selected Answer: B

B is correct.

upvoted 4 times