Tải bản đầy đủ (.pdf) (50 trang)

Tài liệu MCSE Windows server 2003- P13 pdf

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (724.59 KB, 50 trang )

Objective 2.7 Troubleshoot User Authentication
15
-
35
Objective 2.7
Troubleshoot User Authentication
Without proper authentication, a user will be unable to access network resources, and,
in some cases, will not be able to log on to his or her local computer. At the root of
authentication is the combination of username and password which comprise the
user’s credentials. If there is a mismatch between what the user believes his or her cre-
dentials to be and what the authenticating system expects, the user will not be able to
connect to that resource. If that resource is the local computer, the user will not be able
to log on at all.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-36
Chapter 15 Managing Users, Computers, and Groups (2.0)
Objective 2.7 Questions
1.
A traveling user has been away from the office for several months. The laptop com-
puter with which the user travels is not configured for dial-in access to the corporate
network because it is used mostly for presentations and client documentation.
Upon returning to the office and connecting to the corporate network, the user is
unable to log on to his or her computer using a local account, and is presented with
the “Log on Failed” dialog box.
What should you do?
A.
Reset the user’s password in Active Directory.
B.
Reset the user’s computer account in Active Directory.
C.
Use the password reset disk for that user to reset the password on the local computer.


D.
Disconnect the computer from the network, and then restart the computer.
2.
A user has returned from an extended business trip, and reconnects his or her com-
puter to the network. The user is able to log on, but is not able to connect to any net-
work resources.
You examine the accounts associated with the user in Active Directory Users And Com-
puters, and note that the computer account for the user’s laptop is marked with a red
“X” icon.
What should you do to solve the problem?
A.
Reset the user’s password in Active Directory.
B.
Reset the laptop computer account in Active Directory.
C.
Delete the laptop computer account from the domain, join the laptop to a work-
group, then rejoin the laptop to the domain.
D.
Delete and recreate the laptop computer account.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 2.7 Troubleshoot User Authentication
15
-
37
3.
You are the systems administrator for a medium-sized organization that runs a single
Windows Server 2003 domain. The Default Domain Group Policy object has the fol-
lowing password policy settings:
10 Passwords Remembered.
Maximum Password Age 10 days

Minimum Password Age 2 days
Minimum Password Length 10 characters
A group of 40 developers who work in a department in your organization has lobbied
management for a separate set of password policies specific to its members. The devel-
opers want the minimum password age set to 0 days and the maximum password age
set to 28 days. Which of the following methods will allow you to alter the password
policy for this group of developers?
A.
Create a child domain of the current domain and move the developers’ accounts
to this domain. Edit the Default Domain GPO of the child domain and implement
the separate password policy requested by the developers.
B.
Create a separate OU and move the 40 developers’ user accounts into this OU.
Create and edit a new GPO, implementing the separate password policy requested
by the developers via this GPO. Apply the GPO to the newly created OU hosting
the developers’ accounts.
C.
Resubnet the network and create a new site within Active Directory. Place all the
40 developers’ workstations onto this new subnet. Create and edit a new GPO,
implementing the separate password policy requested by the developers via this
GPO. Apply the GPO to the newly created site hosting the developers’ computer
accounts.
D.
Edit the Local GPO on each of the developer’s workstations, implementing the
separate password policy requested by the developers via this GPO.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-38
Chapter 15 Managing Users, Computers, and Groups (2.0)
Objective 2.7 Answers
1.

Correct Answers: C
A.
Incorrect: The “Logon Failed” dialog box appears only if a password reset disk
has been created for an account on the local computer. The domain user account
is not involved in this problem.
B.
Incorrect: The “Logon Failed” dialog box only appears if a password reset disk
has been created for an account on the local computer. The domain computer
account is not involved in this problem.
C.
Correct: The password reset disk is created for local user accounts, and can be
used when a user is trying to access a local computer account with the incorrect
credentials, as in this case.
D.
Incorrect: The computer’s connection to the network or any network interaction
does not cause the “Logon Failed” dialog box to appear.
2.
Correct Answers: B
A.
Incorrect: The user’s password would not affect the computer account, as the
icon indicates, in Active Directory.
B.
Correct: The password between the laptop and the domain computer account
has become unsynchronized and must be reset.
C.
Incorrect: This would solve the problem, but might cause other problems if
there are permissions set on resources for this laptop computer. Also, this process
would take much more time than a computer password reset.
D.
Incorrect: This would compound the problem by not only having unsynchro-

nized passwords, but mismatched SIDs as well.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 2.7 Troubleshoot User Authentication
15
-
39
3.
Correct Answers: A
A.
Correct: Password policies apply domain-wide. The only method by which users
can have separate password policies is if their user accounts reside in different
domains. A child domain does not inherit the password policy of its parent
domain.
B.
Incorrect: Password policies apply domain-wide. Password policies applied at
the OU level do not override the password policies set at the domain level. If this
set of steps is taken, the password policies will remain as they did before at the
domain level.
C.
Incorrect.: Password policies apply domain-wide. Password policies applied at
the site level do not override the password policies set at the domain level. If this
set of steps is taken, the password policies will remain as they did before at the
domain level.
D.
Incorrect: Password policies apply domain-wide. Password policies applied at
the local level do not override the password policies set at the domain level. If this
set of steps is taken, the password policies will remain as they did before at the
domain level.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

16 Managing and Maintaining
Access to Resources (3.0)
Access to resources requires proper identification and proper permissions. There is no
additional configuration to be done to access files across a network than to make sure
that the resource is accessible (shared) and that the user has appropriate permissions to
accomplish the desired action (read, write, delete, and so on). This transactional process of
analyzing the user’s access token involves reading the entries on the access control list
(ACL) of the resource, and comparing the list with the security identifiers (SIDs) on the
token. If the security services governing the resource access process determine that the
combination of SIDs and their permissions is sufficient to perform the requested task,
permission and access is granted; if not, access to the resource is denied.
Such permission-based access is accomplished by the operating system based upon the
file system that is installed on the storage device where the resource resides. On a
FAT32 file system, for example, even if the operating system version is Windows Server
2003, permissions cannot be set at the file system level: NTFS permissions are required
for this type of permission assignment.
Share permissions, however, can be set regardless of the file system on which the
resources are stored. The operating system alone controls the share permissions, which
are valid for any entity attempting to access the resource from across the network.
Terminal Services provides a different type of access to resources, in that it presents a
local environment to the user over the network. The creation and use of this virtual
local environment requires additional permissions and configuration, but the resource
access to files and folders is still governed by network (share) and file system (NTFS)
permissions. The understanding of these additional configuration needs and possibili-
ties is key to the proper use of Terminal Services.
Testing Skills and Suggested Practices
The skills that you need to master the Managing and Maintaining Access to Resources
objective domain on Exam 70-290: Managing and Maintaining a Microsoft Window
Server 2003 Environment include


Configure access to shared folders.

Practice 1: Set permissions for individual users and groups. Create increas-
ingly complex sets of group memberships and permission assignments so as
to make a 2–3 layer set of permissions using multiple group memberships for
a user account, and nested memberships for groups.
16-1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-2
Chapter 16 Managing and Maintaining Access to Resources (3.0)

Practice 2: Configure sets of permissions on network share points. Configure
NTFS permissions for the same resource, and analyze the effective resulting
permissions for a user.

Troubleshoot terminal services.

Practice 1: Configure Terminal Services in Remote Desktop for Administration
mode such that various users are allowed or denied permissions. Set proper-
ties for allowed users to control their profile paths, home directories, and
whether their sessions can be controlled remotely through another Terminal
Services session.

Practice 2: Configure Group Policy for Terminal Services users to redirect
local printer and drive output to the Terminal Services session. Know the pur-
poses and functionalities for each of these settings.

Configure file system permissions.

Practice 1: Set permissions for individual users and groups. Create increas-

ingly complex sets of group memberships and permission assignments so as
to make a 2–3 layer set of permissions using multiple group memberships for
a user account, and nested memberships for groups.

Practice 2: Configure sets of NTFS permissions on file system objects. Config-
ure share permissions for the same resource, and analyze the effective result-
ing permissions for a user.

Troubleshoot access to shared files and folders.

Practice 1: Access the properties of a file for which you have set complex
NTFS permissions for several groups of users. Select a user that is a member
of more than one of the groups that you have assigned the permissions to for
the file. Use the advanced button in the securities tab to access the “effective
permissions” tab. Enter the user’s name to discover his or her effective per-
missions to that file.

Practice 2: Access the properties of a folder for which multiple groups have
been given different NTFS permissions. Use the advanced button in the secu-
rities tab to access the “effective permissions” tab. Enter a group name to view
the effective group permissions for that folder.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Chapter 16 Managing and Maintaining Access to Resources (3.0)
16
-
3
Further Reading
This section contains a list of supplemental readings divided by objective. Study these
sources thoroughly before taking the exam.
Objective 3.1 Review Chapter 6, “Files and Folders.” This chapter examines share

permissions, NTFS permissions, and auditing of resource access.
Microsoft Corporation. Frequently Asked Questions: Security Technologies. This Web-
based resource is free and can be accessed at the URL:
/windowsserver2003/community/centers/security/security_faq.asp.
Objective 3.2 Review Chapter 2, Lesson 3, “Remote Administration with Terminal
Services.” This lesson discusses configuration and permission issues involved with
Terminal Services, Remote Desktop, and Remote Assistance.
Microsoft Corporation. Windows Server 2003, Help and Support Center: Remote
Assistance.
Objective 3.3 Review Chapter 6, “Files and Folders.” This chapter explores share
permissions, NTFS permissions, and auditing of resource access.
Microsoft Corporation. Technet; Script Center: Disks and File Systems. This
Web-based resource is free, and can be accessed at the following URL: http:
//www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/dfs
/default.asp.
Objective 3.4 Review Chapter 6, “Files and Folders.” Examine the material on
troubleshooting permissions, including how to view effective permissions.
Review the following article on Microsoft Technet:
/technet/prodtechnol/windowsserver2003/proddocs/standard/acl_view_effective
_permissions.asp.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-4
Chapter 16 Managing and Maintaining Access to Resources (3.0)
Objective 3.1
Configure Access to
Shared Folders
Share permissions are set within the Windows Server 2003 operating system on net-
work access points—shares—within the file system. These share permissions are
assigned in the folder properties interface (Sharing tab) in Windows Explorer. Individ-
ual files cannot be shared.

For multiple user entities, permissions are analyzed for each SID presented in the user’s
access token, and the most liberal permission is granted. The exception to this liberal
permission assignment is when one (or more) of the SIDs presented in the token has
a deny permission assigned in the resources’ ACL; in that case, the deny permission
takes precedence.
If NTFS permissions are in use on the file system, the effective share permission is com-
pared to the effective NTFS permission, and the most restrictive permission is then
assigned as the final, effective permission for the user on that resource.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders
16
-
5
Objective 3.1 Questions
1.
Server01 is a file server running Microsoft Windows Server 2003 that is used by the
accounting department to provide timesheet and expense report forms for employees.
You are setting permissions on the share points for these folders, and must meet the
following requirements:

Employee-specific forms are stored in the Forms folder. These forms should be
accessible by all employees.

Only Authenticated Users should be able to access the forms.

Employees can upload completed forms to a folder named Forms\Reports
\<username>.

Users should only be able to read their own forms, not forms submitted by other
users.


Supervisor-specific forms are stored in Forms\Supervisors. These forms should be
accessible only by supervisors.
The Forms folder is shared as Forms, the Supervisors folder is shared as Supervisors,
and each user’s folder is shared as that user’s username.
Supervisors are members of the Supervisors Global Group.
NTFS permissions are set on all folders to Authenticated Users–Modify.
Permissions are granted to the shared folders as follows:
Shared Folder Share Permissions
Forms Everyone, Allow Read
Supervisors Supervisors, Allow Read
<username> <username> Allow Change
Which of the following requirements is met? (Select all that apply.)
A.
All employees can download their forms.
B.
All employees can upload completed forms to their folders.
C.
Employees can read only their own submitted forms.
D.
Only Authenticated Users can download forms.
E.
Only Supervisors can download Supervisor-specific forms.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-6
Chapter 16 Managing and Maintaining Access to Resources (3.0)
2.
You are configuring share permissions for a shared folder on a file server. You want all
Authenticated Users to be able to save files to the folder, read all files in the folder, and
modify or delete files that they own.

What are the correct permissions that you need to set on the shared folder to achieve
your objective? (Select all that apply.)
A.
Authenticated Users–Full Control
B.
Authenticated Users–Change
C.
Authenticated Users–Read
D.
Creator/Owner–Full Control
E.
Creator/Owner–Change
F.
Creator/Owner–Read
3.
You are configuring permissions for a shared folder on your network. You want all
Authenticated Users to have read access to the files when attaching to the folder across
the network from their computers, but only members of the Managers group should be
able to read the files when logged on locally to the computer containing the files. Man-
agers also need the ability to change the files when logged on locally.
All users are able to log on locally to the computer.
What permissions do you need to set on the shared folder? (Select all that apply.)
A.
NTFS–Interactive–Change
B.
NTFS–Interactive–Read
C.
NTFS–Authenticated Users–Change
D.
NTFS–Managers–Change

E.
Share Permission–Network–Read
F.
Share Permission–Interactive–Read
G.
Share Permission–Managers–Change
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders
16
-
7
4.
A folder, Documents, on Server01 is shared as Docs$. The permissions on the shared
folder are set as follows:

Docs$ Shared Folder Permissions: Everyone–Full Control

Documents Folder NTFS Permissions: Authenticated Users–Read, Write; Manag-
ers–Modify; Administrators–Full Control
Which of the following statements regarding access to the resource are true? (Select all
that apply.)
A.
Only Administrators can access the shared folder from the network.
B.
All Users can access the shared folder from the network.
C.
Authenticated Users can delete files in the folder.
D.
Managers can delete files in the folder.
E.

Authenticated Users can write files in the folder.
F.
Authenticated Users can change ownership of a file in the folder.
G.
Managers can change ownership of a file in the folder.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-8
Chapter 16 Managing and Maintaining Access to Resources (3.0)
Objective 3.1 Answers
1.
Correct Answers: A, B, and D
A.
Correct: All employees can access their forms through the Forms shared folder as
part of the Everyone Group.
B.
Correct: All employees can access their user folders through the change permis-
sion assigned to them.
C.
Incorrect: Although the change permission on each username folder restricts
access through that share point, any user can navigate to any individual folder
through the Forms shared folder.
D.
Correct: In Windows Server 2003, by default, the Everyone group does not con-
tain the identity Anonymous Logon.
E.
Incorrect: Although the users will not be able to access the Supervisors shared
folder directly, they can navigate to it using the Forms shared folder.
2.
Correct Answers: C and E
A.

Incorrect: Giving Authenticated Users--Full Control permission will allow modi-
fication or deletion of any files in the folder, which gives more permission than
required.
B.
Incorrect: Giving Authenticated Users--Change permission will allow modifica-
tion of any files in the folder, which gives more permission that required.
C.
Correct: Giving Authenticated Users--Read permission will allow reading of any
files in the folder, which fulfills the requirement.
D.
Incorrect: Giving permissions for Creator/Owner–Full Control will allow users to
modify or delete their own files, but would also allow them to change permissions
on the files. With the ability to change permissions, the Creator/Owner could set
permissions that allow other users to modify or delete files.
E.
Correct: Giving permissions for Creator/Owner–Change will allow users who
create the file to modify or delete it, which satisfies the requirements.
F.
Incorrect: Giving permissions for Creator/Owner–Read will not allow users to
create or modify any files in the folder, which does not satisfy the requirements.
3.
Correct Answers: D and E
A.
Incorrect: This setting will allow any user logged on to the computer to change
files. The NTFS permissions are the only permissions that apply to users logged on
locally, which is what the Interactive entity group includes.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders
16
-

9
B.
Incorrect: This setting will allow any user logged on to the computer to read
files, which violates the requirements. The NTFS permissions are the only permis-
sions which apply to users logged on locally, which is what the Interactive entity
group includes.
C.
Incorrect: This setting will allow any user logged on to the computer to read
files, which violates the requirements. The NTFS permissions are the only permis-
sions which apply to users logged on locally, which is what the Interactive entity
group includes.
D.
Correct: This setting will allow for the Managers to have change permission
when logged on locally. They will also have the change permission when access-
ing the file from the network unless the share permissions are more restrictive.
E.
Correct: This setting will allow all users who access the folder from across the
network to have read access. With no other share permissions assigned, the Man-
agers will not have any additional access to the files outside the context of their
being in the Network entity group.
F.
Incorrect: The interactive permission, although it can be set, does not have any
effect for users attaching across the network. The Interactive entity group is for
users who log on locally at the console of the computer.
G.
Incorrect: This setting will allow the Managers to change the files from across
the network, which violates the requirements: the Managers are only to be able to
read and modify files when they are logged on locally to the computer.
4.
Correct Answers: B, D, and E

A.
Incorrect: The $ in the share name hides the share from the browse list, but does
not affect the permissions of the share available from the network. Although any
shares created by the operating system as hidden shares to the root of a drive are
configured with Administrator-only access permission, any hidden shares created
manually do not have the Administrator-only access permissions set.
B.
Correct: The combination of Full Control shared folder permissions and Read,
Write NTFS permissions allow for access from the network by Authenticated
Users.
C.
Incorrect: Users do not have Delete or Modify permissions, which are required
to delete files.
D.
Correct: The NTFS Modify permission allows Managers to delete files.
E.
Correct: The NTFS Write permission allows Authenticated Users to write files to
the folder.
F.
Incorrect: The NTFS Read, Write permissions are insufficient to allow modifica-
tion of file ownership.
G.
Incorrect: The NTFS Modify permission is insufficient to allow modification of
file ownership.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-10
Chapter 16 Managing and Maintaining Access to Resources (3.0)
Objective 3.2
Troubleshoot Terminal Services
Terminal Services has unique permission and configuration settings compared with

share permissions on other resources. The use of Terminal Services requires User
Rights (log on locally, for example) for the computer on which Terminal Services is
running in addition to the explicit permission to use Terminal Services. In Windows
Server 2003, all these rights and permission for the use of Terminal Services are given
to the Remote Desktop Users group.
The settings in Terminal Services for Remote Control, home directory, application
startup, and profile settings should not be confused with the permissions and User
Rights needed to access Terminal Services.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.2 Troubleshoot Terminal Services
16
-
11
Objective 3.2 Questions
1.
You have configured several users to be able to connect to Server01 through Terminal
Services, and have modified the default configuration with the Terminal Services Con-
figuration console to allow for redirection of client printers. The goal is for all users of
the Terminal Server to be able to print to print devices configured on their local com-
puter from their Terminal Server session.
The users, however, report that they are unable to print to their locally configured print
devices.
What should you do to correct the problem?
A.
Enable the Client/Server data redirection setting in Group Policy for each Terminal
Server client computer.
B.
Enable the Client/Server data redirection setting in Group Policy for the Terminal
Server computer.
C.

Instruct the user to install the local printer from within their Terminal Server session.
D.
Use a logon script for the users’ Terminal Server session to add the printer.
2.
You have configured several client computers with the Terminal Service client, Remote
Desktop Connection, and have configured a Terminal Server in Remote Desktop for
Administration (default) mode. When the users attempt to connect to the Terminal
Server, they receive an error message stating that the local policy of this system does
not permit them to log on interactively.
What should you do to correct the problem?
A.
Add the users to the Remote Desktop Users group.
B.
Configure the User Right to Log on locally on the Terminal Server for each user.
C.
Enable the Group Policy setting for Client/Server data redirection.
D.
Enable the Terminal Services Remote Control setting for each user.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-12
Chapter 16 Managing and Maintaining Access to Resources (3.0)
3.
A user has sent you a request, by e-mail, for a Remote Assistance session. You attempt
to connect to the user’s computer to establish the Remote Desktop session, but cannot
establish the network connection.
You are able to connect to the user’s computer to access the file system through the
C$ share.
What is the most likely cause of the problem?
A.
Your user account is not a member of the local Administrators group on the user’s

computer.
B.
You do not have the Terminal Services client installed on your computer.
C.
Port 3389 is not open on the firewall between your network segment and the net-
work segment that the user’s computer is on.
D.
The user’s account in Active Directory is configured so as not to allow Remote
Control.
4.
All computer users in your company access several applications through a single Ter-
minal Server, Server01, located on the same Local Area Network segment. You are run-
ning a Windows Server 2003 Active Directory and DNS, and the Terminal Server is a
Windows Server 2003 server.
At the end of business on the previous day, you renamed the Terminal Server to App1.
You verified that the server was reachable using its new name through Terminal Ser-
vices both as administrator and as a regular user, and through Windows Explorer.
This morning, all users report that they cannot connect to the Terminal Server. You ver-
ify that connection to the Terminal Server is possible through Windows Explorer, but
that user connection through Terminal Services is not possible. You are able to connect
to the Terminal Server as Administrator.
What is the most likely cause of the problem?
A.
The Terminal Server entry in DNS needs to be refreshed.
B.
The Terminal Server connection permissions need to be refreshed.
C.
A Terminal Services Licensing Server needs to be installed and configured.
D.
The Terminal Server needs to be restarted.

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.2 Troubleshoot Terminal Services
16
-
13
5.
You attempt to connect to Server01 through the Remote Desktop for Administration cli-
ent, but receive a message that you cannot connect because the number of concurrent
connections has been exceeded.
You can connect with the Remote Desktop for Administration client to Server02,
Server03, and Server04, which are member servers in the same domain. You have
administrator privileges on each of these servers.
Server01 is not physically accessible to you, as it is in a remote location.
What steps should you take to resolve the problem? (Select all that apply.)
A.
Connect to Server02 with the Remote Desktop for Administration client.
B.
Connect to Server01 from the Terminal Services session on Server02 with the Ter-
minal Services Manager. Disconnect one of the Remote sessions.
C.
Connect to Server01 from the Terminal Services session on Server02 with the
Remote Desktop for Administration client. Disconnect one of the Remote sessions.
D.
Open the Server01 Properties dialog box from Active Directory Users And Com-
puters. Configure Server01 to deny Terminal Services connections, and then
reconfigure Server01 to allow Terminal Services connections.
E.
Connect to Server01 from the Terminal Services session on Server02 with the
Remote Desktop for Administration client. Open the System properties page for
Server01 and configure Server01 to deny Remote Desktop Connections, and then

reconfigure Server01 to allow Remote Desktop Connections.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-14
Chapter 16 Managing and Maintaining Access to Resources (3.0)
Objective 3.2 Answers
1.
Correct Answers: A
A.
Correct: Although set to Not Configured by default, if set to Disabled, this Group
Policy setting will override the Terminal Server console settings for the property of
data redirection. Changing this policy from Disabled to Enabled will correct the
problem.
B.
Incorrect: This Group Policy setting is for local computer behavior during a Ter-
minal Services session from that computer. Enabling this setting for the Terminal
Server computer would control outgoing Terminal Server sessions from that con-
sole, not incoming from the client computers as required here.
C.
Incorrect: This would configure a network printer connection to the local com-
puter, which is not what the circumstance requires. Additional steps to share and
set permissions for the printer from the local computer would have to be taken.
D.
Incorrect: This would configure a network printer connection to the local com-
puter, which is not what the circumstance requires. Additional steps to share and
set permissions for the printer from the local computer would have to be taken.
2.
Correct Answers: A
A.
Correct: The Remote Desktop Users group has the appropriate configuration and
rights to allow access to the Terminal Server.

B.
Incorrect: This setting will remove one of the barriers to the user’s connecting to
the Terminal Server, but there are permissions for connection to the Terminal
Server itself that still must be set. Additionally, this action would allow the user to
log on locally to the console as well, which may not be desired.
C.
Incorrect: This setting is for controlling how printer and drive redirection is
accomplished within a user session, not for configuring logon access to the ses-
sion itself.
D.
Incorrect: This setting is for controlling how Remote Control can be used on an
established Terminal Services session, not for the logon access to the session itself.
3.
Correct Answers: C
A.
Incorrect: This is not the case, seeing as you are able to establish a connection
to an administrative share point (C$) on the user’s computer.
B.
Incorrect: The Terminal Services client is not involved in a Remote Assistance
session. The Windows Messenger Services are responsible for handling the estab-
lishment and usage of a Remote Assistance session.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

×