Moving on to the next set of questions, just 5 more chosen by my degree of understanding from a conceptual standpoint or my lack of understanding from an actual being aware of the answer standpoint. The first one is an applocker question about merging a policy, it
seems as though if you would want to merge a policy you would have to “get” the policy first rather than use a verb such as “set” that seems entirely too static for this but as we can see below that is not the case.
It would be nice if they would give the whole line of code instead of just saying “use the -merge parm.” The TechNet article on the subject isn’t overly helpful in this case either stating:
If the Merge parameter is not specified, the existing AppLocker policy in the target GPO will be overwritten by the new policy.
So if you just add a few things we have to use -merge or the entire policy will be overwritten? This is a case where the gui has a clear advantage but regardless this is an important take away.
This one I feel like I just don’t have a strong enough grasp on how to configure cert policies in an AD environment. If the cert doesn’t do anything then its not exactly helpful in this case, that much I understand but its still the option I selected because dont I have to have a policy before I bind it to a site?
So if you que up this video you can see the process of installing a CA but it isn’t a native server CA so im not sure that its overly helpful but its important to see how this generally works I would assume as the wider knowledge base we have to pull from the greater actual understanding as opposed to just memorizing answers that may or may not be beneficial in the real world. Im having trouble finding this process seen to completion using netsh just like its hard to find info on writing answer files, deploying images start to finish….ect.
This is confusing for the problem of a NIC team can only have two adapters in it.
Failover has nothing to do with load balancing so I can agree that this is the wrong answer. However NLB is kind of a rabbit hole as well and one that im not overly familiar with so maybe we should talk about that briefly but before that let’s check out a youtube video
and see the answer.
it explains nothing about how 3 adapters fit into this scenario, frustrating. Any way maybe we could glean a little info on NIC teaming:
This is actually really good as he is showing PS commands as well, hopefully you can see them at full screen. He also hits on dynamic load balancing and switch independent vs dependant which is a process worth understanding. I understand the basic concept
but Im not sure of the reasons you would go dependant vs independent. Honestly, thats one of the most helpful sets of material ive seen in a while as it actually covers a whole thought process from conception to creation. a google search also takes us here to understand dependant vs independent. Though im still not sure of a use case. Suppose we will figure that out as we go? It looks as if we can have up to 32 adapters in a single team. That’s helpful to know and helps me to understand the reasons for the two modes. With attempting to avoid running on for two long on one question I think we will move on but also link a PluralSight article.
I had some confusion about starter gpos and this actually cleared it up or solidified it for me. A starter gpo is not a built in template but rather one that you create yourself. So once you have the template you created you can then create an actual GPO from the template, if im understanding this correctly.
Then its new-gplink, a little unclear as to when the set-gplink cmd should be used.
This question wasn’t overly complicated, i’m just left wondering, again, what is the complete process to create a template? So I just run new-aduser and then I have the start of a template?
I think it may be easier than im assuming given the process in this video:
xAFTERHOURSx 
Leave a Reply