70-646 Exam
windows server 2008 administrator exam 70-646 lab manual pdf : Sep 2021 Edition
When it comes to the particular necessary knowledge-points involving Microsoft 70-646 real exam, you can visit Pass4sure website. Youll find all the significant information you would like. Download the 70-646 check engine and also do the particular Microsoft 70-646 training materials with your own style. Each of the Microsoft certification dumps are researched and also composed elaborately by our IT specialists.
2021 Sep ms press 70-646:
Q71. - (Topic 19)
You need to recommend a solution to meet the certificate distribution requirements.
What should you recommend?
A. Upgrade the Wingtip Toys client computers that run Windows XP to Windows 7.
B. Create a one-way trust from wingtiptoys.com to tailspintoys.com.
C. Create a two-way trust between tailspintoys.com and wingtiptoys.com.
D. Upgrade the Wingtip Toys servers that run Windows Server 2003 to Windows Server 2008 R2.
E. Create a one-way trust from tailspintoys.com to wingtiptoys.com.
Answer: C
Explanation:
Trusts
A trust is a relationship, which you establish between domains, that makes it possible for users in one domain to be authenticated by a domain controller in the other domain. All Active Directory trusts between domains within a forest are transitive, two-way trusts. Therefore, both domains in a trust relationship are trusted. As shown in the following illustration, this means that if Domain A trusts Domain B and Domain B trusts Domain C, users from Domain C can access resources in Domain A (when they are assigned the proper permissions). Only members of the Domain Admins group can manage trust relationships.
Two-way trust
All domain trusts in an Active Directory forest are two-way, transitive trusts. When a new child domain is created, a two-way, transitive trust is automatically created between the new child domain and the parent domain. In a two-way trust, Domain A trusts Domain B and Domain B trusts Domain A. This means that authentication requests can be passed between the two domains in both directions. Some two-way relationships can be either nontransitive or transitive, depending on the type of trust that is created.
The Automatic Enrollment Method
Auto-enrollment makes it possible for an organization to configure the CA to automatically
issue certificates to users and computers. Auto-enrollment can be defined as the process
by which certificates can be obtained, updated, and stored for users and computers,
without administrator and end user intervention.
The auto-enrollment feature also enables the centralized management of certificates,
including:
Certificate enrollment
Certificate renewal
Modifying certificates
Superseding certificates
Q72. - (Topic 1)
You plan to deploy a distributed database Application that runs on multiple Windows Server 2008 R2 servers.
You need to design a storage strategy that meets the following requirements:
•Allocates storage to servers as required •Uses the existing network infrastructure •Uses standard Windows management tools •Ensures that data is available if a single disk fails
What should you include in your design?
A. An iSCSI disk storage subsystem that supports Microsoft Multipath I/O. Configure the storage subsystem as a RAID?0 array.
B. An iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID?5 array.
C. A Fibre Channel (FC) disk storage subsystem that supports Microsoft Multipath I/O. Configure the storage subsystem as a RAID?0 array.
D. A Fibre Channel (FC) disk storage subsystem that supports the Virtual Disk Service (VDS). Configure the storage subsystem as a RAID?5 array.
Answer: B
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Virtual Disk Service (VDS)
Virtual Disk Service (VDS) provides a standard set of application programming interfaces (APIs) that provide a single interface through which disks can be managed. VDS provides a complete solution for managing storage hardware and disks and enables you to create volumes on those disks. This means that you can use a single tool to manage devices in a mixed storage environment rather than tools provided by different hardware vendors. Before you can manage a LUN using Storage Manager For SANs, you must install its VDS hardware provider. This will usually be provided by the hardware vendor. Prior to purchasing a storage device to be used on your organization’s SAN, you should verify that a compatible VDS hardware provider exists. VDS defines a software and a hardware provider interface. Each of these providers implements a different portion of the VDS API. The software provider is a program that runs on the host and is supported by a kernelmode driver. Software providers operate on volumes, disks, and partitions. The hardware provider manages the actual storage subsystem. Hardware providers are usually disk array or adapter cards that enable the creation of logical disks for each LUN type. The LUN type that can be configured will depend on the options allowed by the VDS hardware provider. For example, some VDS hardware providers will allow the RAID-5 (Striped with Parity) LUN type to be implemented, while others might be limited to providing the Mirrored or Spanned LUN types.
MORE INFO More on VDS
For more information on the functionality of VDS, consult the following TechNet article:http://technet2.microsoft.com/windowsserver/en/library/dc77e7c7-ae44-4483-878b-6bc3819e64dc1033.mspx?mfr=true
Storage Manager For SANs
You can use the Storage Manager For SANs console to create LUNs on Fibre Channel and iSCSI storage arrays. You install Storage Manager For SANs as a Windows Server 2008 feature. To use Storage Manager For SANs to manage LUNs, the following criteria must be met: The storage subsystems that you are going to manage must support VDS. The VDS hardware provider for each subsystem must already be installed on the Windows Server 2008 computer. When you open Storage Manager For SANs from the Administrative Tools menu, you are presented with three main nodes, which have the following functionality: LUN ManagementThis node lists all of the LUNs created with Storage Manager For SANs. From this node you can create new LUNs, extend the size of existing LUNs, assign and unassign LUNs, and delete LUNs. You can also use this node to configure the Fibre Channel and iSCSI connections that servers use to access LUNs. SubsystemsThis node lists all of the storage subsystems currently discovered within the SAN environment. You can rename subsystems using this node. DrivesThis node lists all of the drives in the storage subsystems discovered in the SAN. You can identify drives that you are working with by making the drive light blink from this node. You can use any LUN type that is supported by the storage subsystem that you are deploying. The different LUN types are:
SimpleA simple LUN uses either an entire physical drive or a portion of that drive. The failure of a disk in a simple LUN means that all data stored on the LUN is lost. SpannedA spanned LUN is a simple LUN that spans multiple physical drives. The failure of any one disk in a spanned LUN means that all data stored on the LUN is lost. StripedData is written across multiple physical disks. This type of LUN, also known as RAID-0 has improved I/O performance because data can be read and written to multiple disks simultaneously, but like a spanned LUN, all data will be lost in the event that one disk in the array fails. MirroredThis LUN type, also known as RAID-1, is fault tolerant. Identical copies of the LUN are created on two physical drives. All read and write operations occur concurrently on both drives. If one disk fails, the LUN continues to be available on the unaffected disk. Striped with ParityThis LUN type, also known as RAID-5, offers fault tolerance and improved read performance, although write performance is hampered by parity calculation. This type requires a minimum of three disks and the equivalent of one disk’s worth of storage is lost to the storage of parity information across the disk set. This LUN type will retain data if one disk is lost, but all data will be lost if two disks in the array fail at the same time. In the event that one disk fails, it should be replaced as quickly as possible.
Q73. - (Topic 17)
You need to recommend changes to the environment that meet the company's user requirements. What should you include in the recommendation?
A. a BranchCache in Distributed Cache mode
B. a BranchCache in Hosted Cache mode
C. Distributed File System (DFS) namespaces
D. Distributed File System (DFS) Replication
Answer: C
Explanation:
Users want a single point of access for all shares, a DFS Namespace will provide this. it will also meet the fail over requirement for is one server is unavailable
Q74. - (Topic 1)
Your network contains several Windows Server 2008 R2 servers that run Windows Server Update Services (WSUS). The WSUS servers distribute updates to all computers on the internal network. Remote users connect from their personal computers to the internal network by using a splittunnel VPN connection.
You need to plan a strategy for patch management that deploys updates on the remote users' computers.
Your strategy must meet the following requirements:
. Minimize bandwidth use over the VPN connections . Require updates to be approved on the WSUS servers before they are installed on the client computers.
What should you include in your plan?
A. Create a Group Policy object (GPO) to perform clientside targeting.
B. Create a computer group for the remote users' computers. Configure the remote users' computers to use the internal WSUS server.
C. Create a custom connection by using the Connection Manager Administration Kit (CMAK). Deploy the custom connection to all of the remote users' computers.
D. Deploy an additional WSUS server. Configure the remote users' computers to use the additional WSUS server. Configure the additional WSUS server to leave the updates on the Microsoft Update Web site.
Answer: D
Explanation:
Performance and Bandwidth Optimization Branch offices with slow WAN connections to the central server but broadband connections to the Internet can be configured to get metadata from the central server and update content from the Microsoft Update Web site.
Q75. - (Topic 1)
Your network consists of a single Active Directory domain. The network contains two Windows Server 2008 R2 computers named Server1 and Server2. The company has two identical print devices. You plan to deploy print services.
You need to plan a print services infrastructure to meet the following requirements:
. Manage the print queue from a central location.
. Make the print services available, even if one of the print devices fails.
What should you include in your plan?
A. Install and share a printer on Server1. Enable printer pooling.
B. Install the Remote Desktop Services server role on both servers. Configure Remote Desktop Connection Broker (RD Connection Broker).
C. Install and share a printer on Server1. Install and share a printer on Server2. Use Print Management to install the printers on the client computers.
D. Add Server1 and Server2 to a Network Load Balancing cluster. Install a printer on each node of the cluster.
Answer: A
Explanation:
http://www.techrepublic.com/blog/datacenter/configure-printer-pooling-in-windows-server-2008/964
Managing printers can be the bane of a Windows administrator. One feature that may assist you with this task is the Windows printer pooling feature. Windows Server 2008 offers functionality that permits a collection of multiple like-configured printers to distribute the print workload.
Printer pooling makes one share that clients print to, and the jobs are sent to the first available printer. Configuring print pooling is rather straightforward in the Windows printer configuration applet of the Control Panel. Figure A shows two like-modeled printers being pooled.
To use pooling, the printer models need to be the same so that the driver configuration is transparent to the end device; this can also help control costs of toner and other supplies. But plan accordingly — you don’t want users essentially running track to look for their print jobs on every printer in the office.
Improved server 2008 exam 70-646:
Q76. - (Topic 14)
You need to recommend a solution to ensure that users in the London office can access the graphics files in the main office. The solution must meet the company's business goals.
What should you recommend?
A. Configure the client computers to use BranchCache in Distributed Cache mode.
B. Deploy a standalone Distributed File System (DFS) namespace. Configure a DFS Replication group.
C. Deploy a domainbased Distributed File System (DFS) namespace. Configure a DFS Replication group.
D. Deploy a BranchCache server that operates in Hosted Cache mode. Configure the client computers to use the BranchCache server.
Answer: C
Explanation:
BranchCach is a Server 2008 R2 feature
http://technet.microsoft.com/en-us/library/cc731545.aspx
Review Requirements for DFS Replication
Applies To: Windows Server 2008 R2
Before you can deploy DFS Replication, you must configure your servers as follows:
Extend (or update) the Active Directory Domain Services (AD DS) schema to include
Windows Server 2003 R2, Windows Server 2008, or Windows Server 2008 R2 schema
additions. To use read-only replicated folders, the schema must include the Windows
Server 2008 or newer schema additions. For information about extending the AD DS
schema, see the Microsoft Web site at (http://go.microsoft.com/fwlink/?LinkId=93051).
Ensure that all servers in a replication group are located in the same forest. You cannot
enable replication across servers in different forests.
Verify that all members of the replication group are running Windows Server 2008 R2,
Windows Server 2008, or Windows Server 2003 R2. DFS Replication is supported on all
x64 editions of Windows Server 2008 R2 and all x64 and x86 editions of Windows Server
2008. DFS Replication is not available for Itanium-Based Systems.
Install DFS Replication on all servers that will act as members of a replication group.
Install the DFS Management snap-in on a server to manage replication. This server cannot
run a Server Core installation of the Windows Server 2008 operating system.
Contact your antivirus software vendor to check that your antivirus software is compatible
with DFS Replication.
Store replicated folders on NTFS volumes.
To include a failover cluster in a replication group, the failover cluster must be running
Windows Server 2008 R2. Install and configure the failover cluster feature and then use the
High Availability Wizard to create a clustered File Server instance before adding the
instance as a replication group member. For more information, see Add a Failover Cluster
to a Replication Group.
On a server that is running a version of Windows older than Windows Server 2008 R2,
locate replicated folders for failover clusters in the local storage of a node. Versions of the
DFS Replication service older than Windows Server 2008 R2 are not designed to
coordinate with cluster components, and the service will not fail over to another node.
Q77. - (Topic 1)
....
You plan to deploy a distributed database Application that runs on Windows Server 2008 R2.
You need to design a storage strategy that meets the following requirements:
Allocates storage to servers as required
Isolates storage traffic from the existing network
Ensures that data is available if a single disk fails
Ensures that data is available if a single storage controller fails
What should you include in your design?
A. An iSCSI disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 0 array.
B. An iSCSI disk storage subsystem that uses Virtual Disk Service (VDS). Configure a RAID 5 array.
C. A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
D. A Fibre Channel (FC) disk storage subsystem that uses Virtual Disk Service (VDS). Configure a RAID 0 array.
Answer: C
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Fiber channel with isolate the network, Multipath I/O Multipath I/O (MPIO) is a feature of Windows Server 2008 that allows a server to use multiple data paths to a storage device. This increases the availability of storage resources because it provides alternate paths from a server or cluster to a storage subsystem in the event of path failure. MPIO uses redundant physical path components (adapters, switches, cabling) to create separate paths between the server or cluster and the storage device. If one of the devices in these separate paths fails, an alternate path to the SAN device will be used, ensuring that the server is still able to access critical data. You configure failover times through the Microsoft iSCSI Software initiator driver or by modifying the Fibre Channel HBA driver parameter settings, depending on the SAN technology deployed in your environment. If the server will access a LUN through multiple Fibre Channel ports or multiple iSCSI initiator adapters, you must install MPIO on servers. You should verify that a server supports MPIO prior to enabling multiple iSCSI initiator adapters or multiple Fibre Channel ports for LUN access. If you do not do this, data loss is likely to occur. In the event that you are unsure whether a server supports MPIO, only enable a single iSCSI initiator adapter or Fibre Channel port on the server. Windows Server 2008 MPIO supports iSCSI, Fibre Channel, and Serially Attached Storage (SAS) SAN connectivity by establishing multiple connections or sessions to the storage device. The Windows Server 2008 MPIO implementation includes a Device Specific Module (DSM) that works with storage devices that support the asymmetric logical unit access (ALUA) controller model as well as storage devices that use the Active/Active controller model. MPIO also supports the following load-balancing policies:
Failover When this policy is implemented no load balancing is performed. The application specifies a primary path and a group of standby paths. The primary path is used for all device requests. The standby paths are only used in the event that the primary path fails. Standby paths are listed from most preferred path to least preferred path. Failback When this policy is configured, I/O is limited to a preferred path while that path is functioning. If the preferred path fails, I/O is directed to an alternate path. I/O will automatically switch back to the preferred path when that path returns to full functionality. Round-robin All available paths are used for I/O in a balanced fashion. If a path fails, I/O is redistributed among the remaining paths. Round-robin with a subset of paths When this policy is configured, a set of preferred paths is specified for I/O and a set of standby paths is specified for failover. The set of preferred paths will be used until all paths fail, at which point failover will occur to the standby path set. The preferred paths are used in a round-robin fashion. Dynamic least queue depthI/O is directed to the path with the least number of outstanding requests. Weighted path Each path is assigned a weight. The path with the least weight is chosen for I/O. Load-balancing policies are dependent on the controller model (ALUA or true Active/ Active) of the storage array attached to the Windows Server 2008 computer. MPIO is added to a Windows Server 2008 computer by using the Add Features item in the Features area of Server Manager. MORE INFO More on MPIO To learn more about Multipath I/O, consult the following TechCenter article:http://www.microsoft.com/WindowsServer2003/technologies/storage/mpio/default.m spx.
Striped with Parity This LUN type, also known as RAID-5, offers fault tolerance and improved read performance, although write performance is hampered by parity calculation. This type requires a minimum of three disks and the equivalent of one disk’s worth of storage is lost to the storage of parity information across the disk set. This LUN type will retain data if one disk is lost, but all data will be lost if two disks in the array fail at the same time. In the event that one disk fails, it should be replaced as quickly as possible.
Q78. - (Topic 1)
A company has 10,000 client computers that run Windows 7. The company has a single domain Active Directory Domain Services (AD DS) forest with domain controllers that run Windows Server 2008 R2. Users have local administrative rights on client computers.
You need to design a Group Policy solution that deploys a printer and enforces printer settings.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Use the Local Security Policy.
B. Use Group Policy preferences (GPPs).
C. Use a Group Policy object (GPO) Windows setting.
D. Use Starter Group Policy objects (GPOs).
Answer: B
Explanation:
Group Policy preferences, new for the Windows Server 2008 operating system, include more than 20 new Group Policy extensions that expand the range of configurable settings within a Group Policy object (GPO). These new extensions are included in the Group Policy Management Editor window of the Group Policy Management Console (GPMC), under the new Preferences item. Examples of the new Group Policy preference extensions include folder options, mapped drives, printers, scheduled tasks, services, and Start menu settings.
In addition to providing significantly more coverage, better targeting, and easier management, Group Policy preferences enable you to deploy settings to client computers without restricting the users from changing the settings. This capability provides you with the flexibility to decide which settings to enforce and which settings to not enforce. You can deploy settings that you do not want to enforce by using Group Policy preferences.
System requirements and installation steps To use Group Policy preferences, complete the following steps: Install the set of client-side extensions (CSEs) on client computers. Supported operating systems: Windows Vista RTM or later, Windows XP with Service Pack 2 or later, Windows Server 2003 with Service Pack 1 or later Download locations: Windows Vista (x86): http://go.microsoft.com/fwlink/?LinkId=111859Windows Vista (x64): http://go.microsoft.com/fwlink/?LinkID=111857Windows XP (x86): http://go.microsoft.com/fwlink/? LinkId=111851Windows XP (x64): http://go.microsoft.com/fwlink/?LinkId=111862Windows Server 2003 (x86): http://go.microsoft.com/fwlink/?LinkId=111852Windows Server 2003 (x64): http://go.microsoft.com/fwlink/? LinkId=111863 For more information, see Article 943729 in the Microsoft Knowledge Base. Install the XMLLite low-level XML parser on client computers that are not running Windows Vista. Supported operating systems: Windows XP SP2 or later, Windows Server 2003 SP1 or later Download location: http://go.microsoft.com/fwlink/?LinkId=111843 worth looking at: GP Policy vs. Preference vs. GP preferences http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
Q79. - (Topic 10)
You need to recommend changes to the software deployment process that meet the company's technical requirements. What should you include in the recommendation?
A. BranchCache in Distributed Cache mode
B. BranchCache in Hosted Cache mode
C. domain-based Distributed File System (DFS)
D. standalone Distributed File System (DFS)
Answer: C
Explanation:
Software is installed and managed from a central location, so regardless of where a user is in the network the share for the installation files should appear to be the same, this is done using DFS Namespaces. There is one AD Domain and each Office also has 2 DCs so you can add the updated files in the HQ and then use DFS replication to replicate the new files to the branch namespace servers Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-available access to files, load sharing, and WAN-friendly replication. In the Windows Server. 2003 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in, and introduced the new DFS Replication feature. In the Windows Server. 2008 operating system, Microsoft added the Windows Server 2008 mode of domain-based namespaces and added a number of usability and performance improvements. What does Distributed File System (DFS) do?
The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files. The two technologies in DFS are the following:
DFS Namespaces. Enables you to group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same Active Directory Domain Services site, when available, instead of routing them over WAN connections. DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the Windows Server 2008 domain functional level. in respect to answers A or B these may possibly work but this test http://www.sustainableit.co.za/wp-content/ uploads/downloads/2010/09/Is_BranchCache_right_for_software_distribution.pdf would suggest its not the most efficient solution.
Topic 11, Fabrikam Inc
Scenario
COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be
configured to meet the following requirements: The cluster will host eight virtual machines (VMs). The cluster will consist of two nodes named Node1 and Node2. The quorum mode for the cluster will be set to Node and Disk Majority. A user named Admin1 will configure the virtual switch configuration of the VMs. The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The
functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the
following table.
.....
The relevant sites for the network are configured shown in the following table.
The relevant group policy objects (GPOs) are configured as shown in the following table.
Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.
WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \\fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
...... . .
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to
the Internet.
Ensure that all client computers continue to receive updates from WSUS if a
WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making
offline copies of the VM files.
Fabrikam must meet the following requirements for the Templates share:
..
Ensure that users access the files in the Templates share from a server in their
local site.
Ensure that users always use the same UNC path to access the Templates share,
regardless of the site in which the users are located.
Q80. - (Topic 1)
Your network consists of three Active Directory forests. Forest trust relationships exist between all forests. Each forest contains one domain. All domain controllers run Windows Server 2008 R2.
Your company has three network administrators. Each network administrator manages a forest and the Group Policy objects (GPOs) within that forest.
You need to create standard GPOs that the network administrators in each forest will use. The GPOs must meet the following requirements:
. The GPOs must only contain settings for either user configurations or computer configurations. . The number of GPOs must be minimized.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Export the new GPOs to .cab files. Ensure that the .cab files are available to the network administrator in each forest.
B. Create two new GPOs. Configure both GPOs to use the required user configurations and the required computer configurations.
C. Create two new GPOs. Configure one GPO to use the required user configuration. Configure the other GPO to use the required computer configuration.
D. Back up the Sysvol folder that is located on the domain controller where the new GPOs were created. Provide the backup to the network administrator in each forest.
Answer: A,C
Explanation:
http://technet.microsoft.com/en-us/library/ee390958.aspx http://www.petri.co.il/working_with_group_policy.htm
Export a GPO to a File
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2 You can export a controlled Group Policy object (GPO) to a CAB file so that you can copy it to a domain in another forest and import the GPO into Advanced Group Policy Management (AGPM) in that domain. For information about how to import GPO settings into a new or existing GPO, see Import a GPO from a File. A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
To export a GPO to a file
1.
In the Group Policy Management Console tree, click Change Control in the forest and
domain in which you want to manage GPOs.
2.
On the Contents tab, click the Controlled tab to display the controlled GPOs.
3.
Right-click the GPO, and then click Export to.
4.
Enter a file name for the file to which you want to export the GPO, and then click Export.
If the file does not exist, it is created. If it already exists, it is replaced.
Additional considerations
. By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this
procedure. Specifically, you must have List Contents, Read Settings, and Export GPO
permissions for the GPO.
Group Policy sections
Each GPO is built from 2 sections:
.
Computer configuration contains the settings that configure the computer prior to the user logon combo-box.
.
User configuration contains the settings that configure the user after the logon. You cannot choose to apply the setting on a single user, all users, including administrator, are affected by the settings.