Task 6
You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1.
The required source files are located in a folder named \\dc1.contoso.com\install.
One possible solution to ensure that you can manage DC1 by using Windows Admin Center on SRV1 is to install Windows Admin Center on SRV1 and add DC1 as a managed server. Windows Admin Center is a web-based management tool that allows you to manage servers, clusters, Windows PCs, and Azure virtual machines (VMs) from a single interface. Here are the steps to install Windows Admin Center on SRV1 and add DC1 as a managed server:
On SRV1, open a web browser and go to the folder named \dc1.contoso.com\install. Download the Windows Admin Center installer file (WindowsAdminCenter.msi) and save it to a local folder, such as C:\Temp.
After the installation is complete, launch Windows Admin Center from the Start menu or the desktop shortcut. If you installed Windows Admin Center as a service, you can access it from a web browser by using the URL https://localhost:6516 or https://<SRV1>:6516, where <SRV1> is the name or IP address of SRV1.
On the Windows Admin Center dashboard, clickAddto add a new connection. SelectServeras the connection type and enter the name or IP address of DC1 in the Server name field. Optionally, you can specify the display name, description, and tags for the connection. ClickSubmitto add DC1 as a managed server.
Now, you can manage DC1 by using Windows Admin Center on SRV1. You can also add more servers or other types of connections to Windows Admin Center and manage them from the same interface
You have an Azure virtual machine named VM1 that contains the drives shown in the following table.
On VM1, you plan to install an app named App1. The data for App1 must be stored on a persistent data disk assigned to drive D.
You need assign the data disk to drive D.
What should you do on VM1 first?
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, openGroup Policy Managementfrom theAdministrative Toolsmenu or by typinggpmc.mscin the Run box.
In the left pane, expand your domain and right-click onGroup Policy Objects. SelectNewto create a new GPO.
In theNew GPOdialog box, enterGPO1as theNameof the new GPO and clickOK. You can also optionally select a source GPO to copy the settings from.
Close theGroup Policy Management Editorand return to theGroup Policy Managementconsole. Right-click on the new GPO and selectScope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
Under theSecurity Filteringsection, click onAuthenticated Usersand then click onRemove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
Click onAddand then type the name of the group that you want to apply the GPO to, such asMemberServers. ClickOKto add the group to the security filter. You can also click onAdvancedto browse the list of groups available in the domain.
To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and selectLink an Existing GPO. Select the GPO that you created, such asGPO1, and clickOK. You can also change the order of preference by using theMove UpandMove Downbuttons.
You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.
You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.
You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?
Task 1
You need to prevent domain users from saving executable files in a share named \\SRVl\Dat
a. The users must be able to save other files to the share.
One possible solution to prevent domain users from saving executable files in a share named \SRVl\Data is to use file screening on the file server. File screening allows you to block certain files from being saved based on their file name extension. Here are the steps to configure file screening:
On the file server, openFile Server Resource Managerfrom theAdministrative Toolsmenu.
In the left pane, expandFile Screening Managementand click onFile Groups.
Right-click onFile Groupsand selectCreate File Group.
In theFile Group Propertiesdialog box, enter a name for the file group, such asExecutable Files.
In theFiles to includebox, enter the file name extensions that you want to block, such as.exe, .bat, .cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.
ClickOKto create the file group.
In the left pane, click onFile Screen Templates.
Right-click onFile Screen Templatesand selectCreate File Screen Template.
In theFile Screen Template Propertiesdialog box, enter a name for the template, such asBlock Executable Files.
On theSettingstab, select the optionActive screening: Do not allow users to save unauthorized files.
On theFile Groupstab, check the box next to the file group that you created, such asExecutable Files.
On theNotificationtab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file.
ClickOKto create the file screen template.
In the left pane, click onFile Screens.
Right-click onFile Screensand selectCreate File Screen.
In theCreate File Screendialog box, enter the path of the folder that you want to apply the file screening to, such as\SRVl\Data.
Select the optionDerive properties from this file screen template (recommended)and choose the template that you created, such asBlock Executable Files.
ClickCreateto create the file screen.
Now, domain users will not be able to save executable files in the share named \SRVl\Data. They will be able to save other files to the share.
Currently there are no comments in this discussion, be the first to comment!