Active Directory Interview Questiions

1. How can you restrict running certain applications on a machine? Via group policy, security settings for the group, then Software Restriction Policies.
2. You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer.
3. What’s the difference between Software Installer and Windows Installer? The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.
4. What can be restricted on Windows Server 2003 that wasn’t there in previous products? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.
5. How frequently is the client policy refreshed? 90 minutes give or take.
6. Where is secedit? It’s now gpupdate.
7. You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among the options when creating the policy.
8. What is “tattooing” the Registry? The user can view and modify user preferences that are not stored in maintained portions of the Registry. If the group policy is removed or changed, the user preference will persist in the Registry.
9. How do you fight tattooing in NT/2000 installations? You can’t.
10. How do you fight tattooing in 2003 installations? User Configuration - Administrative Templates - System - Group Policy - enable - Enforce Show Policies Only.