Local Policy vs Domain Policy

[mediaradams]

I am doing some research on the MCP 70-270 exam and I am running into a
delima. Several questions relating to Local Policy and Domain Policy
don't seem to add up. Here is one of the questions:

You administer a Windows domain. Your company's sales representatives
travel frequently and need access to their files offline. You are
required to secure the offline copies of these files on the sales
representatives laptop computers with minimal effort.

Which of the following actions should you perform?

A. Configure strict NTFS permission on the shared folder residing on
the Domain.--Wrong--

B. Place all sales representatives in an OU, implement a GPO that will
encrypt the Offline Files cache, and link the GPO to the OU

C. On each sales representative's laptop computer, delete the Offline
Files cache.--Wrong--

D. On each sales representative's laptop computer, configure a local
policy to encrypt the Offline files cache.


The problem I am having is that a GPO applied to the OU on the domain
is the easiest method but the answers are coming up that going to each
laptop and configuring a local policy is the correct answer. I know
that even when you are not connected to the Domain, the Domain GPO is
still being used on the local computer. We have received several
questions where the Domain policy should be used but the local policy
is the answer. They all seem to be related to EFS and Offline files
and folders. Is there some fact or rule we are missing?

Thanks in advance
mediaradams

 

[Colin Nash [MVP]]

I am doing some research on the MCP 70-270 exam and I am running into a
delima. Several questions relating to Local Policy and Domain Policy
don't seem to add up. Here is one of the questions:

You administer a Windows domain. Your company's sales representatives
travel frequently and need access to their files offline. You are
required to secure the offline copies of these files on the sales
representatives laptop computers with minimal effort.

Which of the following actions should you perform?

A. Configure strict NTFS permission on the shared folder residing on
the Domain.--Wrong--

B. Place all sales representatives in an OU, implement a GPO that will
encrypt the Offline Files cache, and link the GPO to the OU

The policy that controls that is only under Computer
Configuration\Administrative Templates\Network\Offline Files - a
computer-based setting. Option B talks about applying it to users, not
computers.

 

[mediaradams]

']


The policy that controls that is only under Computer
Configuration\Administrative Templates\Network\Offline Files - a
computer-based setting. Option B talks about applying it to users, no

computers.

I thought that was the case also but when I tried a GPO and applied i
to an OU with users, it worked the same as when I applied a GPO to a
OU with computers accounts. I was expecting it not to work whe
applied to the user accounts but it did. The encrypt offline files an
folders was greyed out under tools--folder options--offline files.
Does that mean computer policy settings applied to a user account wil
follow that user to every computer they log onto and policy settin
applied to a computer will only apply to that one computer?

mediaradam