Testout Server Pro: Install and Configure 3.1.0 Chapters: 1,3,4,5,6,7,8,9,10
You have several computer running Windows 8. You want to configure a GPO that will make the Windows 8 computers prompt for additional credentials whenever a sensitive action is taken.
Configure user account control (UAC) settings.
You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to find out who has been running a specific game on the client computers.
In application control policies, create an executable rule with a path condition that identifies the file. For example rules, configure audit only.
You run a custom application on a Windows Server 2012 R2 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to only Wrk1 and Wrk2.
In windows firewall with advanced security, add an inbound rule. Require only secure connections for the rule, and add the computer to the list of authorized computers.
You run a custom application on a Windows Server 2012 R2 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to specific users.
In windows firewall with advanced security, add an inbound rule. Require only secure connections for the rule, and add the users to the list of authorized users.
You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. There is one main office located in New York.
In windows firewall with advanced security, create a new isolation connection security rule and Require authentication for inbound and outbound connections.
You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for the C:\Shares \WidgetProject folder. Users will connect to the share using Windows 7 and Windows 8 workstations. On the Select the profile for this share screen, you select the SMB Share - Advanced sharing profile. However, when you do, the Next > button remains grayed-out and you can't proceed.
Install the File Server Resource Manager role on the server.
You are the network Administrator for eastsim.com . The network consists of one Active Directory domain. All the servers run Windows Server 2012 R2. All of the clients still run Windows Vista. The domain functional level of the domain is set to Windows Server 2008.
Install the client-side extensions (CSEs) on all of the client computers.
Select the policy node you would use to configure a user's Internet Explorer options.
Internet settings
You are the administrator of a network with a single Active Directory domain. Your domain contains two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only.
Configure the account lockout duration to 0.
You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for the C:\Shares\ WidgetProject folder. Sales reps for your organization will connect to the share using Windows 7 and Windows 8 notebook systems. You want to configure the share such that, if a user does not have at least Read permissions to a file or folder, Windows will hide the file or folder from the user. What option on the Other Settings screen should you enable?
Access-based enumeration
You need to configure Windows Firewall with Advanced Security to allow traffic for an application that dynamically opens up multiple ports on an ass-needed basis.
Add a program rule
You are the network administrator for a large metropolitan hospital. The hospital must conform to several new regulations dealing with patient privacy
Add the mangers group to the GPO's discretionary access control list (DACL). Deny the Apply Group Policy and Read permissions to the managers group.
The C:\Shares\WidgetProject folder on your Windows Server 2012 R2 system has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Read & execute • List folder contents • Read The westsim.com\Administrators group has been granted the Allow Full Control NTFS permission.In addition, the Everyone principle has been assigned the following Allow share permissions: • Full Control • Change • Read The vhammer user is a member of the westsim.com\Users and the westsim.com\Administrators group. She accesses data in the folder through the network share from her Windows 8 workstation. What permissions does this user have to data in the folder?
Allow Full Control
The C:\Shares\WidgetProject folder on your Windows Server 2012 R2 system has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Write • Read & execute • List folder contents • Read In addition,the Everyone principle has been assigned the Allow Read share permission. The smarsden user is a member of the westsim.com\Users group. She accesses data in the folder through the network share from her Windows 8 workstation. What permissions does this user have to data in the folder?
Allow Read
The C:\Shares\WidgetProject folder on your Windows Server 2012 R2 system has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Read & execute • List folder contents • Read In addition, the Everyone principle has been assigned the following Allow share permissions: • Full Control • Change • Read The ksanders user is a member of the westsim.com\Users group. She accesses data in the folder through the network share from her Windows 8 workstation. What permissions does this user have to data in the folder?
Allow Read & execute, List folder contents, and Read
The C:\Shares\WidgetProject folder on your Windows Server 2012 R2 system has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following Allow NTFS permissions: • Write • Read & execute • List folder contents • Read In addition, the Everyone principle has been assigned the Allow Read share permission. The jmarshall user is a member of the westsim.com\Users group. She accesses data in the folder by using Remote Desktop to establish a remote access session on the server. What permissions does this user have to data in the folder?
Allow Write, Read & execute, List folder contents, and Read
You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for the c:\shares\ WidgetProject folder. Sales reps for your organization will connect to the share using Windows 7 and Windows 8 notebook systems. Because the users travel frequently, you want to make the contents of the share available to users even when they are disconnected from the network. What option on the Other Settings screen should you enable?
Allow caching of share
Click on the user right policy that is used to grant a user local access to the desktop of a Windows Server 2012 R2 system.
Allow log on locally
You manage a single domain running Windows Server 2012 R2. You have configured a Restricted Group policy as show in the image. When this policy is applied, which actions will occur? (select two)
Any other members of the Backup Operators group will be removed. the desktop Admins group will be made a member of the Backup Operators group.
You need to share a folder that contains data used by your accounting department. You want Phil, the manager of the department, to be able to add and remove files. You want members of the department to be able to connect to the share and see the files it contains, but not make changes. Everyone else in the company should be blocked from connecting to the share. There is a global group called Accounting, which contains all the accounting department users, including Phil. You need to configure permissions on the share.
Assign Allow Change permission for Phil, Allow Read for Accounting, and nothing else.
You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, and add new files. They should not be able to delete or rename files. • Mary needs to be able to open and view files, but should not be able to modify the files. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible.
Assign Allow Read & execute, List folder contents, Read, and Write to the Accounting group. For the Mary user account, Deny the Write permission.
You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files but not modify them. • Mary needs to be able to modify existing files in the folder, add new files to the folder, but should not be able to delete or rename files. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible.
Assign Allow Read & execute, List folder contents, and Read to the Accounting group. Assign Allow Write to Mary.
On your Windows Server 2012 R2 computer,you share the D:\Apps folder using a sharename of Apps. You need to configure permissions to the share as follows: • Members of the Appusers group should be able to open and view files in the shared folder. • User JohnS should not have any access to files in the shared folder. JohnS is a member of the Appusers group. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible.
Assign Allow Read permission to Appusers, and assign Deny Read permission to Johns.
You are configuring access for a shared folder on Windows Server 2012 R2. There is a global group called Appusers who need read-only access. However, there is a member of Appusers, jsmith, who should not have any access at all. You need to configure your share so that the members of Appusers have access, but jsmith does not, while creating the least disruption to your existing administrative structure.
Assign Allow Read permission to Appusers, and assign Deny Read permission to jsmith.
You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shutdown. You would like to use auditing to track who performs these actions.
Audit successful system events. Create a GPO to configure auditing. Link the GPO to the domain.
You are the network administrator for southsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work.
Browse and select the executable file for the application. Modify the rule to include the product name information.
You are an administrator for a company that uses Windows 2008 for its server. In addition to active directory, you also provide file and print services, DHCP, DNS, and e-mail services .
Configure Object access auditing in a GPO and link it to the domain.
You are the network administrator for a small manufacturing company. You have ten regional sales people who travel extensively and have been provided Windows 7 laptop computers. The mobile users have complained that, although they can take copies of important files with them into the field, occasionally they have been caught with out-of-date documents because no one told them the files had been updated. Additionally, some of these files need to be distributed to all the other sales staff. You need to address this problem and easily provide the appropriate access to these shared files.
Configure Offline Files for the folder that contains these files.
You are the network Administrator for eastsim.com . The network consists of one Active Directory domain. All the servers run Windows Server 2012 R2. You have been instructed to map a drive to a department share for all users.
Configure a Drive Maps policy in a GPO linked to the domain
You manage 20 computers running Windows 7 in a domain network. You want to prevent the Sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change.
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to Prompt for credentials.
You manage the branch office for your company network. The branch office has a single Active Directory domain, branch1.westsim.private. All computers in the branch office are members of the domain. All client computers run Windows 7. The branch office consists of two subnets and 50 host computers. A single DHCP server on Subnet1 delivers IP address information to all clients. A single server on Subnet2 is both the domain controller and DNS server. Dynamic updates are enabled on the DNS zone. You want to configure each client computer with consistent DNS server addresses and DNS search suffixes. You want to prevent users from modifying these settings. What should you do?
Configure a GPO with the DNS server and search suffix settings
You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You have enabled outbound filtering for Public networks in the Windows Firewall with Advanced Security node of a Group Policy which applies to member servers.
Configure a custom outbound rule.
You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You would like to prevent users from running all software on the computer except for software that has been digitally signed.
Configure an executable rule in application control policies with a publisher condition.
You are in charge of managing several servers. Your company requires many custom firewall rules in Windows Firewall with Advanced Security.
Configure firewall settings in group policy. Apply the GPO so that it applies to all applicable servers.
You are the server administrator for the Srv12 server. This server is running the File Services role and is used for user home folders. Each user has a folder that they can use for storing personal files. Management wants a solution that meet the following requirements: • Allow only the specified user to save files in their home folder. • User should not be allowed to view or edit files in other user's home folders. • The list of files and folders that users can view should show only the files that they have rights to access.
Configure share and NTFS permissions with access-based enumeration.
You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network for the high school.
Configure the Computer configuration node of the computer center security GPO and restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the computer center computers group only.
You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8.1. The company has a main office in New York and several international locations including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy Administrative Templates to manage Group Policy in their location. You need to install the German version of the Group Policy Administrative Templates so they will be available when the new domain controller is deployed to Germany. What should you do?
Copy the German .ADML files to the apporpriate directory int he SYSVOL on a local domain controller
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do?
Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs. Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs.
You manage a single domain named widgets.com . Organizational units have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account locout policy for the domain.
Create a granular password policy. Apply the policy to all users in the Directors OU.
You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to prevent users from running a common game on their machines.
Create a hash rule
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom Administrative Template settings are not shown. What should you do?
Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location
You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the Accounting department use a custom application. During installation, the application creates a local group named AcctMagic. The group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the Accounting department. All Accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO name Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?
Create a restricted group named AcctMagic. Add the Accounting domain group as a member
You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work. You want to allow only members of the Sales team to run the sales lead application.
Create an executable rule with a file hash condition in application control policies.
You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7. Many of the client computers are used by several different users.
Create an executable rule with a publisher condition in application control policies.
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, while you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you'd apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?
Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.
You manage a single domain names widgets.com . Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those charges. You want to only enable auditing that shows you the old and new values of the changed objects.
Directory Service Changes
You manage a single domain names widgets.com . Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those charges. You enable successful auditing of directory service access events in a GPO, and link the GPO to the domain.
Edit the access list for the OU. Identify specific users and events to audit.
You are the network administrator for your company. Your company uses Windows XP professional as its desktop operating system. Rodney, a user in the research department, shares a computer with two other users.
Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit success of the Delete permission.
The D:\ drive in your Windows Server 2012 R2 server is formatted with NTFS. The Sales group on your computer has been given Allow Modify to the D:\Sales folder. The Mary user account is a member of the Sales group. You want to accomplish the following: • Mary should not be allowed access to the D:\Sales\2013sales.doc file. • Mary should be able to read, write, and create new files in the D:\Sales folder. • Your solution should not affect the abilities of other Sales group members to access files in the D:\Sales folder.
Edit the properties for the file; assign Mary the Deny Full Control permission.
You are the manager for Windows Servers at your company. You have just installed Windows Server 2012 R2 on a new server. You have configured Windows Server Backup to take regular backups once a day and save those backups to an external disk. You find that users working on a new project are constantly overwriting files and asking you to restore older versions of files that exist on backups from as far back as a week ago. You would like to implement a solution that allows users to restore files without an administrator's help.
Enable VSS on the volume that holds user data.
You are the server administrator for the westsim.com domain. Client computers run Windows 7. All servers run Windows Server 2008 R2. You have a server named FS12 that holds a shared folder named Reports. Within this folder, subfolders have been created for each company department. All company employees have Read access to the shared folder. The Board of Directors uses a subfolder in the shared folder named BoardReports for their reports. They would like this subfolder to only be visible to members of the Board of Directors and specific people that they authorize to see the folder and its contents.
Enable access-based enumeration on the shared folder. Configure NTFS permissions on the BoardReports folder to control access.
You are the network administrator of a small network consisting of three Windwos Server 2012 R2 computers, 50 Windows 7 professional workstations, and 100 Windows 8 workstations. Your network has a password policy in place with the following settings:
Enable the Minimum password age setting Enable the password must meet complexity requirements.
You have been asked to troubleshoot a Windows 8 computer that is a member of a workgroup. The director who uses the machine said he is able to install anything he wants as well as change system settings on-demand.
Enable the Run all admin approval mode setting in the local security policy.
Your are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 R2 for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers.
Enable the logging of Logon events Link the GPO to the Member Servers OU.
You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to prevent users from running any file with .bat or .vbs extension unless the file is digitally signed by your organization.
In application control policies, create a script rule with a publisher condition.
Your are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 R2 for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You would like to log whenever a user is unable to log on to any computer using a domain user account.
Enable the logging of failed Account Logon events. Link the GPO to the domain controllers OU.
You are the server administrator for your network. Recently, the system time on several servers has been modified. You want to find out who has been making the change. You enable auditing for System events. After several days,
Filter the look for successful events. Look in the Security log.
You are the owner of the D:\Reports folder. Judith needs to be able to see the files and subfolders in the D:\Reports folder. Dalton needs to be able to do these same things, but also to delete folders. You need to assign the necessary NTFS permissions to the D:\Reports folder.
Grant Read & Execute to Judith; Modify to Dalton
You manage a single domain named widgets.com . Organizational units have been created for each company department. User and computer accounts have been moved into their corresponding OUs. you define a password and account lockout policy for the domain.
Implement a granular password policy of the users in the Directors OU.
You are a technical consultant for many businesses in your community. One of your clients, a small law firm, has a single Active Directory domain. They have two servers running Windows Server 2012 R2. Both servers are configured as domain controllers while also serving as file and printer servers. This client is calling you on a regular basis because users are deleting or damaging their files. You must visit the client's site and restore the files from backup. Your client has asked you to create an alternate solution.
Implement shadow copies on the relevant data.
You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work. Recently, users have downloaded and installed two malware programs onto the computer.
In application control policies, create a Windows Installer rule with a file hash condition.
Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HW_West, and child OUs of research, HR, Finance, sales, and operations.
Link DefaultSec to the HQ_West OU. Link HiSec to the HR and Research OUs. Configure password policies on a GPO linked to the domain.
You are consulting with the owner of a small network which has a Windows Server 2008 functioning as a workgroup server. There are six client desktop computers, each of which is running Windows XP Professional. There is no Internet connectivity.
Make sure the correct users and groups are listed in the Auditing properties of the files. Make sure Object Access auditing policy is configured for success and failure. Make sure the files to be audited are on NTFS partitions.
You are a domain administrator for a large, multi-domain network. There are approximately 2500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs.
You manage a Windows Server 2012 R2 server. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the Allow Modify NTFS permissions. You need to move the file from the existing folder to the D:\Confidential folder. You want to keep the existing NTFS permissions on the file. You want to accomplish this with the least amount of effort possible.
Move the file to the new folder.
Your organization employs many outside sales representatives who frequently travel to customer sites. While they are away, they frequently need to access data on the internal file server in your network. Currently, they e-mail files to themselves so they can access them on their notebooks. To address this situation, you are planning a Work Folders deployment in your organization, which will allow users to synchronize shared file server data directly to their notebooks. Your plan details are as follows: • Sync shares will be configured on CorpFS, which is a Windows Server 2012 R2 system. • Work Folders will be configured on users' notebook systems, which currently run Windows Vista Business edition. These systems are not joined to your organization's domain. • A server certificate from DigiCert will be used. • The network firewall will be reconfigured to allow traffic from the Work Folders clients to the server. • A publicly registered DNS host name will be assigned to the server. • The Work Folders directory on clients will be set to C:\ Work Folders.
No, Work Folders can't be configured on Windows Vista systems.
You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. A member server named Web1 running the Web Server role is hosting an internal company web site.
On Web1 you should create a custom inbound firewall rule that allow HTTP traffic on Web1 from Domain Users. Add the TechContractors group as an exception to the rule.
You are the Administrator for a network with a single active directory domain named widgets.local . The widgets.local domain has an Organizational Unit object for each major department in the company, including the Information Systems department.
On the Group Policy object's access control list, deny the Apply Group Policy permission for members of the Domain Admins group.
Management is concerned that users are spending time during the day playing games and have asked you to create a restriction that will prevent all users and administrators from running Games app on Windows 8 Workstations.
Packaged app rules
You manage a single domain names widgets.com . One day you notice that a trust relationship you have established with another forest has changed.
Policy change events
You have a computer running windows 8. Prior to installing some software, you turn off User account control, reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions.
Reboot the machine
You need to control access to the D:\Reports folder as follows: • Members of the Accounting group should be able to open and view all files, edit them, add new files, and rename and delete files. • Mary needs to be able to open and view files, but should not be able to modify the files, rename files, or delete them. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible.
Remove Mary from the Accounting group. Assign Allow Read & execute, List folder contents, Read, and Modify to the Accounting group. Assign Allow Read & execute, List folder contents, and Read to Mary.
You have a Windows Server 2012 R2 computer that is maintained by multiple administrators. Sally wants to access a file in the Reports folder. A group named Sales has been granted the Full Control permission to the Reports folder and all subfolders and files. You add Sally as a member of the Sales group, but she still cannot access the file that she needs. You want to let Sally access the Reports folder. What should you do?
Remove Sally from any other groups that have been explicitly denied access to the Reports folder.
On your Windows Server 2012 R2 computer, you share the D:\Promo folder using a share name of Promo. The share has been assigned the following permissions: User/Group Permission Telesales group Allow Read Training group Deny Full Control Managers group Allow Change .. Mary user Allow Change The Mary user account is a member of the Training group. NTFS permissions allow all access. Mary needs to be able to edit documents in the shared folder but cannot. You need to modify the share permissions to allow her the necessary access. What should you do? (Choose two. Each choice is a possible solution.)
Remove the Mary user account from the Training group. change the training group permissions to allow read
You have decided to create a shared folder that will contain sensitive information about planned changes in the personnel structure. Most users will be denied access to the share, which is named REORG. You have successfully created the share and set appropriate permissions. However, management feels the effect of having this share on the server, which denies access to most users is damaging morale. You need to keep the information available to the users who currently access it, but avoid having a share listed when users browse the network and shares for specific servers.
Remove the REORG share. Share the folder again as REORG$ with the same permissions as before.
Mr. Yamashita needs to be able to modify the contents of the promo share, a shared folder on one of your Windows Server 2012 R2 servers. The share has been assigned the following permissions: User/Group Permission Telesales global group Allow Read Training global group Deny Full Control Managers global group Allow Change Mr. Yamashita user Allow Change Mr. Yamashita is a member of each of these groups. How should you modify the share permissions to allow the necessary access? (Choose three. Each choice is a complete solution.)
Remove the training group from the share Remove Mr. Ymashita's user account from the training group. Change the Training Group's permission to allow read.
You are the administrator for the widgets.com domain. Organizational unit have been created for each company department. User and computer accounts for each department have been moved into their repective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers.
Security Options
You need to configure Work Folders on a Windows 8.1 notebook system to connect to a sync share on a Windows Server 2012 R2 system. Click the option you would use in Control Panel to do this.
Select "System and Security"
You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its Security database.
Select failure for audit account logon events.
You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify denied attempts to change user's group membership in a computer's local database.
Select failure for audit account management
You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions.
Select failure for audit object access.
You are the network administrator for your network. You network consists of a single Active Directory domain. All servers run Windows Server 2012 R2. Your company recently mandated The following user account criteria:
Set Minimum password length to 12 Set account lockout duration to 0 Set account lockout threshold to 3
You manage several computers that run Windows 7. You would like to have better control over the applications that run on there computers, so you have decided to implement AppLocker..
Set the enforcement mode for executable rules to Enforce rules. Start the application identity service on the client.
Your Windows Server 2012 R2 computer has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: • Members of the Sales group should have read-only access to the content in the folder. • Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. • No other users should have access. Members of the SalesAdmin group are also members of the Sales group. You want to assign as few permissions as possible.
Share the SalesDept folder. Grant Read permission to the Sales group and Change permission to the SalesAdmin group. Remove Everyone from the access control list.
SRV03 is a Windows Server 2012 R2 server that holds the SalesDept folder. This folder contains documents specific to the sales department. You create two user groups: • The Sales group includes all members of the sales department. • The SalesAdmin group includes about ten members of the sales department who manage sales-related documents. You want the Sales group to have read-only access to the content in the SalesDept folder. Members of the SalesAdmin group should have all permissions to the folder. No other users should have access. All access will be through the network. You want to assign as few permissions as possible.
Share the SalesDept folder. Grant Read permission to the Sales group and Full Control permission to the SalesAdmin group. Remove the Everyone group.
Sally, a member of the sales department, is borrowing a laptop computer from her supervisor to do some work from home in the evenings. Sally contacts you and indicates that she cannot access the C:\Reports folder on the laptop. This folder contains documents that she needs to edit. You log on to the laptop as a domain administrator to check the folder's access control list. You are denied access to view the permissions. You contact Sally's supervisor to verify that Sally should receive access to the folder. Sally's supervisor indicates that Sally should be able to read, change, and delete documents in the folder, but that only the supervisor should be able to configure permissions. You need to grant Sally appropriate permissions to the C:\Reports folder. What should you do? (Choose two. Each correct choice is part of the solution.)
Take ownership of the C:\Reports folder
A server administrator has just been fired, but not before he assigned Deny Full Control permission to Everyone to several key files and folders on the server. All users, including you, are now blocked from accessing these important files. You are the administrator and you need to make these files available as quickly as possible.
Take ownership of the files and change the permissions.
An employee has quit under difficult circumstances. Unfortunately, the user had several files that are needed, and before the employee left, they assigned Deny Full Control permission to Domain Users to all the files and folders. All users, including you, are now blocked from accessing these important files. You need to make these files available as quickly as possible.
Take ownership of the files, and change the permissions.
You manage a single domain running Windows Server 2012 R2. You have configured a Restricted Group policy as show in the image. When this policy is applied, which actions will occur?
The backup operators group will be made a member of the Desktop Admins group.
Your organization employs many outside sales representatives who frequently travel to customer sites. While they are away, they frequently need to access data on the internal file server in your network. Currently, they e-mail files to themselves so they can access them on their mobile devices. To address this situation, you are planning a Work Folders deployment in your organization that will allow users to synchronize shared file server data directly to their tablets. The details of your plan are as follows: • Sync shares will be configured on CorpFS, which is a Windows Server 2012 system. • Work Folders will be configured on users' Surface tablets, which currently run Windows RT 8.1. These systems are not joined to your organization's domain. • A self-signed server certificate from an internal CA will be used. • The network firewall will be reconfigured to allow traffic from the Work Folders clients to the server. • A publicly-registered DNS host name will be assigned to the server. • The Work Folders directory on clients will be set to C:\ Work Folders.
The server hosting sync shares must be running Windows Server 2012 R2.
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. The company has a file server named FSl that hosts a share named SalesData for the Sales department. You need to configure the SalesData share so that users will be allowed to view only the files and folders to which they have rights.
Use the Shares panel in Server Manager to enable Access Based Enumeration (ABE) on the SalesData share.
Your Windows Server 2012 R2 computer has two volumes: C: and D:. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the Allow Modify NTFS permissions. You need to move the file from the existing folder to the C:\Reports2 folder. You want to keep the existing NTFS permissions on the file. You want to accomplish this with the least amount of effort possible.
Use the robocopy command to copy the file to the C:\Reports2 folder.
You are the administrator for the widgets.com domain. Organizational unit have been created for each company department. User and computer accounts for each department have been moved into their repective departmental OUs. You have two OUs that contain temporary users:
User Rights
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs
User Rights Assignment
You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. A server named App1 is running an application that uses a service named Custom App service.
You should create a custom rule using the windows firewall with advanced security.
Your network has a single Active Directory forest with two domains: eastsim.private and HQ.eastsim.private. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the eastsim.private and HQ.eastsim.private domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: *You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. * The Accounting department has a custom software application that needs to be installed on computers in that department. * Computers in the Marketing and Sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.
eastsim.private - password setting HQ.eastsim.private - password setting Accounting - Accounting app Marketing - Desktop Settings Sales - Desktop Settings
You are managing the WidgetProject share in Server Manager on a Windows Server 2012 R2 system. You want to specify an email address users can contact for assistance if they are denied access to the folder. Click on the option in the share Properties screen you would use to do this.
fvjanagement Prop...l+
You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for the c:\shares\ WidgetProject folder. Users will connect to the share using Windows 7 and Windows 8 workstations. Because this share will be used by many different users, you would like to enable quotas on the share as you create it to prevent users from using too much space at the expense of other users. Click on the sharing profile you should use.
smb share -advanced
You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for use with Hyper-V servers in the network. Click on the sharing profile you should use.
smb shared apps
You are the administrator of a network with a single Active Directory domain. Your domain contains three domain controllers and five member servers.
using active Directory users and computers, select Unlock Account for each account.