Leading the way in IT testing and certification tools, www.certifyme.com
- 42 -
You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
The certifyme.com network contains five application servers running Terminal
Services named certifyme-SR01, certifyme-SR02, certifyme-SR03,
certifyme-SR04, and certifyme-SR05. You have placed these servers in an
organizational unit (OU) named TerminalServers.
The responsibility of dealing with support issues for these servers has been handed
to seven of the IT department employees. You have created an OU named ITAdmin
and added the user accounts of these IT department employees to it. These users are
also members of a global group named TSAdmin. 350-001
You need to ensure that the TSAdmin group is assigned the Log on Locally user
right for the application.
What should you do? (Each correct answer presents part of the solution. Choose
TWO.)
A. Link AppSup to the TerminalServers OU.
B. Create a GPO named AppSup.
C. Access the Properties page of the ITAdmin OU, select the Security tab.
Assign the Allow - Full Control permission for the ITAdmin OU to the TSAdmin
group.
D. Access the Properties page of the ITAdmin OU, select the Group Policy tab, and
assign the Create a GPO named AppSup the Allow - Full Control permission for the
AppSup GPO group policy object link.
E. Create a GPO named AppSup, configure it to grant the TSAdmin group the Log on
Locally user right.
F. Link AppSup to the ITAdmin OU.
Answer: A, E
Explanation:
Leading the way in IT testing and certification tools, www.certifyme.com
- 43 -
to allow a group of users to log on locally to servers in an OU, you can create a
GPO and define the Allow log on locally setting. This setting is located in the
Computer Configuration - Windows Settings - Security Settings - Local Policies -
User Rights Assignment policy node. Defining this policy allows you to add users or
groups that will be allowed to log on to the computer or computers where the GPO
is linked. 640-802 In this scenario, you want to assign this user right for the computers
located in the TerminalServers OU to members of the TSAdmin global group.
Therefore, the Allow log on locally setting in the AppSup GPO will be configured to
include the TSAdmin group. To apply the settings, you should link the AppSup
GPO to the TerminalServers OU.
Incorrect Answers:
B: This option is only partial. It suggests the creation of a GPO, but not what the GPO is
to specify. Combined with any other option it will not be specific in its purpose.
C: There is no Security tab in the OU Properties page
D: This action defines the DACLs for the group policy link object. Assigning the Allow -
Full Control permission to the group policy link allows the users receiving the permission
to modify, delete, and change permissions on the group policy link. VCP-310 It does not allow the
users receiving the permission to log on locally to the application servers.
F: The ITAdmin OU contains the user accounts for the IT employees. The GPO
containing the desired settings should be linked to the container that holds the application
server accounts.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment