70-742 Additional Notes – AD FS, WAP, and Preauthentication

September 18, 2017 at 11:07 am

When you are configuring AD FS and WAP you have two preauthentication methods and various types of preauthentication available. Here is a recap of when you would use the various methods and types:

  • AD FS preauthentication method
    • Type – Web and MSOFBA
      • WebApplication
      • Rich Office Client
      • SharePoint
      • Office Server
      • Custom WebApp
    • Type – HTTP Basic
      • Rich Client without HTTP Redirection
      • Exchange ActiveSync
      • Remote Desktop Gateway
    • Type – OAuth2
      • Application using OAuth2
      • Windows Store Apps
      • Custom Application
  • Pass-Through preauthentication method 
    • No authentication
    • Forward authentication
    • Anonymous website
    • Legacy application
    • Public website

70-742 Additional Notes – Restoring the Default GPOs

September 17, 2017 at 10:10 pm

70-742

You may find yourself in a situation where you need to restore the default domain policy or the default domain controllers policy to their original configurations. Thankfully – there is a tool for this – it is the aptly named dcgpofix.exe command line tool. This tools offers the following options:

  • /ignoreschema- this permits the command to run regardless of the AD scheme version in use
  • /target – permits you to specify exactly what object you want to restore
  • /? – permits the display of help on the command

70-742 Additional Notes – Item-Level Targeting with Group Policy Objects (GPO)

September 1, 2017 at 4:13 pm

GPO

Item-level targeting is a feature of Group Policy that allows preference settings to be applied to individual users and/or computers within the scope of the Group Policy Object (GPO) that contains the preferences. Policy settings can also be filtered, but there are several important differences between item-level targeting of preference settings and the filters that can be used with policy settings:

  • Policy settings within a GPO can only be filtered on an all-or-nothing basis: either the entire GPO will apply to a target or it won’t. Item-level targeting allows individual preference settings within a GPO to be applied or not, based on specified criteria. Different preference settings can be applied to different groups of targets.
  • Policy settings are filtered using either security filters or WMI filters. Security filters are static and not very granular. WMI filters are dynamic and can be very granular, but the WMI Query Language in which they are written is complex and has a steep learning curve. Item-level targeting provides a great deal of granularity and an intuitive user interface for constructing filters.
  • Item-level targeting allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied to a user or computer object. The conditions in the list are connected by Boolean AND or OR operators. When the list is evaluated, if the result is true, the setting is applied; if the result is false, it isn’t.

A wide variety of criteria are available for targeting settings to users and computers, including the following:

  • Battery Present Targeting
  • Computer Name Targeting
  • CPU Speed Targeting
  • Date Match Targeting
  • Disk Space Targeting
  • Domain Targeting
  • Environment Variable Targeting
  • File Match Targeting
  • IP Address Range Targeting
  • Language Targeting
  • LDAP Query Targeting
  • MAC Address Range Targeting
  • MSI Query Targeting
  • Network Connection Targeting
  • Operating System Targeting
  • Organizational Unit Targeting
  • PCMCIA Present Targeting
  • Portable Computer Targeting
  • Processing Mode Targeting
  • RAM Targeting
  • Registry Match Targeting
  • Security Group Targeting
  • Site Targeting
  • Terminal Session Targeting
  • Time Range Targeting
  • User Targeting
  • WMI Query Targeting