Windows Server Pro Manage and Administer Objective Test, Exams of Information Technology

Windows Server Pro Manage and Administer Objective Test

Typology: Exams

2025/2026

Available from 01/02/2026

KattyJennifer-1
KattyJennifer-1 🇺🇸

5

(2)

6.1K documents

1 / 18

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 18
Windows Server Pro: Manage and Administer Objective 3: File
Services Management
You work as the IT Administrator for a small
corporate network. You have four domain
controllers in your Main location: *CorpDC*,
*CorpDC2*, *CorpDC3*, and *CorpDC4*. During
installation, *CorpDC2* and *CorpDC3* were not
made global catalog servers. You would like
additional global catalog servers. Your task in
this lab is to designate *CorpDC2* and
*CorpDC3* as global catalog servers.
(To answer this question, complete the lab using
information below.) - -Active Directory
Users and Computers, edit the computer
account. On the General tab, click *NTDS
Settings...*
In Active Directory Sites and Services, edit the
NTDS Settings for the server object. Tick the
"Global Catalog" option and then Apply for both
*CorpDC2* and *CorpDC3* servers.c
You work as the IT Administrator for a small
corporate network. You have a branch site with
about 50 employees that is connected to the
main site with a WAN link. A single domain
controller named *BranchDC2* is configured in
the branch location. Because the WAN link is
slow and unreliable, you have not configured
*BranchDC2* as a global catalog server. You find
that when the WAN link goes down, users at the
branch location cannot log on to the network.
Even when the WAN link is up, users complain
that logon is slow. You want to minimize Active
Directory traffic across the WAN link, but you
also want to let branch users log on to the
network even when the WAN link is down. Your
task in this lab is to use Active Directory Sites
and Services to enable universal group
membership caching in the branch office. To do
this, edit the *NTDS Site Settings* object for the
*Branch2-Site* site. Keep the default caching
settings. - -1. From Hyper-V Manager, click
CORPSERVER. Expand the window to view all
virtual machines.
2. Right-click the CorpDC server and select
Connect... (maximize the window for easier
viewing if desired).
3. From Server Manager, select Tools > Active
Directory Sites and Services.
4. Expand the Sites node.
5. Select the site object.
6. In the right window, right-click the NTDS Site
Settings object and select Properties.
7. Select the Enable Universal Group
Membership Caching setting.
8. Click OK.
You work as the IT Administrator for a small
corporate network. When you installed the
*CorpDC* domain controller, you created a new
domain in a new forest. Since then, you have
added additional domain controllers. You would
like to move some of the operation master roles
to *CorpDC3* to provide role separation. Your
task in this lab is to transfer the RID master and
the PDC emulator roles to *CorpDC3*. You are
currently logged on to the *CorpServer2*
computer, which is the Hyper-V host for
*CorpDC3*. - -Use Active Directory Users
and Computers to transfer the RID and PDC
roles. Following are the steps an expert might
take to complete this lab:
1. From Hyper-V Manager, click
CORPSERVER2. Expand the window to view all
virtual machines.
2. Right-click the CorpDC3 server and select
Connect... (maximize the window for easier
viewing if desired).
3. From Server Manager, select Tools > Active
Directory Users and Computers.
4. Right-click the domain and select Operations
Masters....
5. Click the tab of the master you want to
transfer.
6. Click Change....
7. Click Yes to confirm the transfer.
8. Click OK.
9. Repeat steps 5 through 8 to transfer additional
master roles.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12

Partial preview of the text

Download Windows Server Pro Manage and Administer Objective Test and more Exams Information Technology in PDF only on Docsity!

Services Management

You work as the IT Administrator for a small corporate network. You have four domain controllers in your Main location: CorpDC, CorpDC2, CorpDC3, and CorpDC4. During installation, CorpDC2 and CorpDC3 were not made global catalog servers. You would like additional global catalog servers. Your task in this lab is to designate CorpDC2 and CorpDC3 as global catalog servers. (To answer this question, complete the lab using information below.) - - Active Directory Users and Computers, edit the computer account. On the General tab, click NTDS Settings... In Active Directory Sites and Services, edit the NTDS Settings for the server object. Tick the "Global Catalog" option and then Apply for both CorpDC2 and CorpDC3 servers.c You work as the IT Administrator for a small corporate network. You have a branch site with about 50 employees that is connected to the main site with a WAN link. A single domain controller named BranchDC2 is configured in the branch location. Because the WAN link is slow and unreliable, you have not configured BranchDC2 as a global catalog server. You find that when the WAN link goes down, users at the branch location cannot log on to the network. Even when the WAN link is up, users complain that logon is slow. You want to minimize Active Directory traffic across the WAN link, but you also want to let branch users log on to the network even when the WAN link is down. Your task in this lab is to use Active Directory Sites and Services to enable universal group membership caching in the branch office. To do this, edit the NTDS Site Settings object for the Branch2-Site site. Keep the default caching settings. - - 1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.

  1. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
    1. From Server Manager, select Tools > Active Directory Sites and Services.
    2. Expand the Sites node.
    3. Select the site object.
    4. In the right window, right-click the NTDS Site Settings object and select Properties.
    5. Select the Enable Universal Group Membership Caching setting.
    6. Click OK. You work as the IT Administrator for a small corporate network. When you installed the CorpDC domain controller, you created a new domain in a new forest. Since then, you have added additional domain controllers. You would like to move some of the operation master roles to CorpDC3 to provide role separation. Your task in this lab is to transfer the RID master and the PDC emulator roles to CorpDC3. You are currently logged on to the CorpServer2 computer, which is the Hyper-V host for CorpDC3. - - Use Active Directory Users and Computers to transfer the RID and PDC roles. Following are the steps an expert might take to complete this lab:
      1. From Hyper-V Manager, click CORPSERVER2. Expand the window to view all virtual machines.
    7. Right-click the CorpDC3 server and select Connect... (maximize the window for easier viewing if desired).
    8. From Server Manager, select Tools > Active Directory Users and Computers.
    9. Right-click the domain and select Operations Masters....
      1. Click the tab of the master you want to transfer.
      2. Click Change....
      3. Click Yes to confirm the transfer.
    10. Click OK.
      1. Repeat steps 5 through 8 to transfer additional master roles.

Services Management

  1. Click Close. As your network has grown, you have added additional domains to the forest root domain. As a result, you would like to modify the operations master configuration on your network. Your task in this lab is to:
  • Transfer the domain naming master role from CorpDC to CorpDC4. This means that CorpDC will only host the infrastructure master role.
  • Because you will be creating additional domains in the forest, remove the global catalog from CorpDC to follow Microsoft's recommendation to not have the infrastructure master on a global catalog server. You are currently logged on to the CorpServer2 computer, which is the Hyper-V host for CorpDC4. - - Transfer the Domain Naming Master 1, From Hyper-V Manager, click CORPSERVER2. Expand the window to view all virtual machines.
  1. Right-click the CorpDC4 server and select Connect... (maximize the window for easier viewing if desired).
  2. From Server Manager, select Tools > Active Directory Domains and Trusts.
  3. Right-click the top node and select Operations Master....
    1. Click Change....
  4. Click Yes to confirm the transfer.
  5. Click OK, and then click Close. Note: This task must be performed from CorpDC4. Change a Global Catalog Server
  6. From Server Manager, select Tools > Active Directory Sites and Services.
  7. Browse to the Site. Expand the Servers node, and then expand the server object.
  8. Right-click the NTDS Settings object beneath the server and select Properties.
    1. Select or deselect the Global Catalog option as necessary.
    2. Click OK. You work as the IT Administrator for a small corporate network. There are four domain controllers at the main location as follows: Domain Controller CorpDC Role(s) Infrastructure master Domain Controller CorpDC2 Role(s) None Domain Controller CorpDC3 Role(s) PDC emulator, RID master Domain Controller CorpDC4 Role(s) Domain naming master Lately, you have had some problems creating new User objects in the domain. You suspect that one of your domain controllers has an intermittent problem connecting to the network. All domain controllers are currently working, but you want to prevent future problems of this nature. Your task in this lab is to identify the operations master role that could cause the symptoms explained above, and then transfer that operations master role to the CorpDC2 domain controller. - - Connect to CorpDC2, click Tools, then Active Directory Users and Computers Right click CorpNet, click Operations Masters. On the RID tab, click Change, Yes, then OK. On the PDC tab, click Change, Yes, then OK. Close. You work as the IT Administrator for a small corporate network. Your network currently has a main office and two branch offices. Due to a recent expansion, you will be opening a new branch office. The new office will be part of the main site, and will be connected to the main office with a WAN link. For security reasons, you plan to install a read-only domain controller in the new location. Your task in this lab is to pre-create the RODC account in Active Directory.
    • Before you begin, create a global security

Services Management

Schedule....*

  1. Click Next to begin the wizard.
  2. Select the backup type, and then click Next. If the Custom type was selected:
    • Click Add items.
    • Check boxes for the items to include the backup. Click OK.
    • Click Next.
  3. Select the backup frequency and time(s). Click Next.
  4. Select Back up to a shared network folder, and then click Next.
  5. Click OK.
  6. Enter the location of the shared folder, and then click Next.
  7. Click Finish.
  8. Click Close. Perform a Backup Once
    1. From the Windows Server Backup Actions pane, click Backup Once....
    2. If you have previously created a backup schedule, you can choose to perform the backup using the schedule settings. To use other settings, select Different options and click Next.
    3. Select the backup type, and then click Next. If the Custom type was selected:
    • Click Add items.
    • Check boxes for the items to include the backup. Click OK.
    • Click Next.
    1. Select the destination type backup. Click Next.
    2. Enter or select the backup location and click Next.
    3. Click Backup to start the backup.
    4. Click Close. You work as the IT Administrator for a small corporate network. Earlier, you created the SecureWS GPO with policy settings intended to apply to workstations in the domain. You defined the policy and linked it to the domain. Now you find that the GPO settings are affecting domain controllers and member servers, but it should only apply to workstations that are in various OUs. Your task in this lab is to modify GPO inheritance to prevent the SecureWS GPO from applying to domain controllers and member servers. Complete the following tasks:
      • Block inheritance on the Domain Controllers OU.
      • Block inheritance on the Servers OU.
      • Enforce the Default Domain Policy so it can't be blocked. - - By blocking inheritance on the Domain Controllers and Servers OUs, you prevent the SecureWS GPO from affecting objects in those OUs. However, you also prevent the Default Domain Policy GPO from taking effect. To make sure this policy still applies, even when OUs are blocking inheritance, enforce the policy. Following are steps that an expert might take to perform the tasks in this lab:
    5. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
    6. Right-click the CorpDC server and select Connect...(maximize the window for easier viewing if desired).
    7. From Server Manager, select Tools > Group Policy Management.
    8. To block inheritance, browse to the OU then right-click the OU and select Block Inheritance.
    9. To enforce a GPO so that it can't be blocked, right-click the GPO or GPO link and select Enforced. You work as the IT Administrator for a small corporate network. Earlier, you created the SecureWS GPO with policy settings intended to apply to workstations in the domain. You defined the policy and linked it to the domain. Now you find that the GPO settings are affecting domain controllers. The policy should apply to all other

Services Management

computers, but not domain controllers. Your task in this lab is to modify GPO permissions to prevent the SecureWS GPO from applying to domain controllers.

  • Add the Domain Controllers group to the access control list for the GPO.
  • Deny the Read and Apply group policy permissions. - - To prevent a GPO from applying to specific users or computers, you can edit the permissions for the GPO. Deny the Read and Apply group policy permissions. Following are steps that an expert might take to perform the tasks in this lab.
  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  2. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse and select a GPO link or the GPO object in the Group Policy Objects node.
  5. On the right pane, click the Delegation tab. Click Advanced.... To add a group:
  • Click Add....
  • Type the name of the group. Click OK.
  1. To modify permissions assigned to a group:
  • In the top box, select the group.
  • Assigned permissions show in the bottom box. Check and uncheck permissions as desired.
  1. Click OK. Since you assigned Deny permissions, click Yes to continue. You work as the IT Administrator for a small corporate network. The corporate office has directed that a specific set of policies be in place for all Domain Controllers and has provided you with a policy that must be applied. You copied the policy object called Corp Domain Controllers, which will be used for the new policies. Complete the following tasks:
  • Import the corporate policy into the Corp Domain Controllerspolicy object. The policy is located at \CorpFiles08\Admin\CorpPolicy.
  • As you import, make a backup of the current policy settings. store the backup in \CorpFiles12\Backup\GPOs.
  • Copy references directly from the corporate policy.
  • Link the Corp Domain Controllers policy to the Domain Controllers container and move it first in the Link Order. - - Use Group Policy Management to import the corporate policy from \CorpFiles08\Admin\CorpPolicy into the Corp Domain Controllers policy and link it to the Domain Controllers OU. Following are steps that an expert might take to perform the tasks in this lab: Import GPO Settings
  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  2. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse to the Group Policy Objects container.
  5. To import settings for a GPO, right-click the GPO and select Import Settings....
  6. Click Next to begin the wizard.
  7. To create a backup of the current GPO settings, click Backup....
  • Click Browse..., and then browse to the backup location. Select the folder, and then click OK.
  • Click Back Up.
  • Upon completion of the backup, click OK.
  1. Click Next.
  2. Click Browse..., and then browse to folder

Services Management

Development departments, regardless of which computer they use for logon.

  • The software should not be installed automatically. It should only be installed when users manually install it through Add or Remove Programs. Create the GPO, configure its settings, and link it to the appropriate object(s) to meet the scenario requirements. - - Create and Link a GPO
  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  2. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse to the OU.
  5. Right-click the OU and select Create a GPO in this domain, and link it here....
  6. Type the GPO name and select a starter GPO if required. Click OK.
  7. To link the GPO to additional objects, right- click the object and select Link an Existing GPO....
  8. Select the GPO from the list, and then click OK. Create a Software Distribution Policy
  9. In Group Policy Management, browse to the GPO where you want to create the software distribution policy.
  10. Right-click the GPO and select Edit....
  11. Under User Configuration, browse to Policies\Software Settings.
  12. Right-click the Software installation node and select New > Package....
  13. Browse the network to locate and select the installer package file. Click Open.
  14. Select whether to assign or publish the software package. Click OK.
  15. To modify the package properties, right-click the package and select Properties.
  16. On the Deployment tab, modify deployment options as necessary. Click OK. You work as the IT Administrator for a small corporate network. You want to use Group Policy to distribute a database application called Hot Leads to all users in the sales department. You have copied the HotLeads.msi installer package to the Shared\Software directory, which is shared on CorpFiles12. Create the software installation package on CorpDC to meet the following requirements:
  • The software will be installed through a new GPO that is to be named Hot Leads Software.
  • The software should be available only for users in the sales department, regardless of which computer they use for logon.
  • The software should be installed automatically at logon.
  • The software should not appear in Add/Remove Programs in the Control Panel.
  • The software should be uninstalled automatically if the user account moves to a different department. Create the GPO, configure its settings, and link it to the appropriate ob - - Create and Link a GPO
  1. From Hyper-V Manager, click (CORPSERVER*. Expand the window to view all virtual machines.
  2. Right-click the CorpDC server and select Connect...(maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse to the OU.
  5. Right-click the OU and select Create a GPO in this domain, and link it here....
  6. Type the GPO name and select a starter GPO if required. Click OK. Create a Software Distribution Policy
  7. In Group Policy Management, browse to the

Services Management

GPO where you want to create the software distribution policy.

  1. Right-click the GPO and select Edit....
  2. Under User Configuration, browse to Policies\Software Settings.
  3. Right-click the Software installation node and select New > Package....
  4. Browse the network to locate and select the installer package file. Click Open.
  5. Select whether to assign or publish the software package. Click OK.
  6. To modify the package properties, right-click the package and select Properties.
  7. On the Deployment tab, modify deployment options as necessary. Click OK. You work as the IT Administrator for a small corporate network. After a security review, you have decided to take steps to improve network security. You are configuring security options using Group Policy on the CorpDC server. Complete the following tasks:
  • Edit the Default Domain Policy GPO and configure the following settings:
    • Prevent logon with the Guest local account by disabling the Accounts: Guest account status policy.
    • Change the local administrator username to skycaptain by enabling the Accounts: Rename administrator account policy.
    • Prevent hackers from seeing valid usernames by enabling the Interactive logon: Do not display last user name policy.
    • Prevent an anonymous user from requesting SID on behalf of another user by disabling the Network access: Allow anonymous SID/Name translation policy.
    • Enable the Network access: Do not allow anonymous enumeration of SAM accounts policy - - Edit Security Options
  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
    1. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
    2. From Server Manager, select Tools > Group Policy Management.
    3. Browse to the domain or OU where the GPO is linked.
    4. Right-click the GPO and select Edit....
    5. Browse to *Computer Configuration > Policies

    Windows Settings > Security Settings > Local Policies* and select Security Options. 7. Right-click the rights assignment you want to edit and select Properties. 8. Select Define this policy setting. 9. Select Enabled or Disabled, or configure additional values for the policy. 10. Click OK. 11. Repeat steps 7 through 10 as needed for additional options. 12. Close the Group Policy. Edit the GPO Status 1. In the Group Policy Management console, browse to the Group Policy Objects folder. 2. Right-click the GPO you want to modify and select GPO Status, then select: - Enabled to enable both computer and user settings - User Configuration Settings Disabled - Computer Configuration Settings Disabled - All Settings Disabled You work as the IT Administrator for a small corporate network. You are configuring a password policy for the domain. Your task in this lab is to edit the Default Domain Policy on CorpDC using Group Policy Management and configure the Account Policy settings to meet the following requirements: - Passwords must be at least 10 characters long. - Passwords must contain uppercase letter, lowercase letter, number, and symbol characters. - Users must change passwords every 90 days.

Services Management

by Microsoft. Your task is to configure the following Audit policy settings in the WorkstationGPO on CorpDC: Policy Setting Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Enabled Audit: Shut down system immediately if unable to log security audits Enabled Retention method for security log Enabled: Do not overwrite events (clear log manually) Audit Policies: Account Logon: Audit Credential Validation Success and Failure Audit Policies: Account Management: Audit User Account Management Success and Failure Audit Policies: Account Mana - - Remember to not use the old Audit Policies located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policies. Following are steps that an expert might take to perform the tasks in this lab:

  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  2. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse to the policy. Right-click the policy and select Edit....
  5. In the Group Policy Management Editor, browse to the location of the policy settings.
  6. On the right, right-click the policy you want to edit and select Properties (or double-click).
  7. For the Security Options and Event Log policies, select Define this policy setting. Select additional settings as required. For the Advanced Audit Policy Configuration policies, select Configure the following audit events. Select the type of auditing as required.
  8. Click OK.
    1. Repeat steps 5 through 8 for additional policy settings. You work as the IT Administrator for a small corporate network. As part of your ongoing program to improve security, you would like to enable auditing for removable storage devices on all workstations. You want an audit event each time a user accesses or attempts to access a file system object on a removable storage device. Your task is to add Object Access auditing for removable storage to the WorkstationGPO policy object on CorpDC. - - Use Group Policy Management to edit the WorkstationGPO object and configure the Audit Removable Storage policy in the Object Access category. Configure audit events for both Success and Failure to access a file system object on removable storage. To find the policy, browse to: Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access Following are steps that an expert might take to perform the tasks in this lab:
    2. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
    3. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
    4. From Server Manager, select Tools > Group Policy Management.
    5. Browse to the policy. Right-click the policy and select Edit....
    6. In the Group Policy Management Editor, browse to the location of the policy settings.
    7. On the right, right-click the policy you want to edit and select Properties (or double-click).
    8. Select Configure the following audit events. Select the type of auditing as required.
    9. Click OK.

Services Management

You work as the IT Administrator for a small corporate network. The Sales department would like to make sure that all users of Internet Explorer are using the Corporate intranet website for their home page regardless of which computer they use. You need to enforce these preferences along with a few changes to Internet Explorer security settings. All computers are running Internet Explorer 10. Your task is to configure the following Internet Explorer preference settings in the SalesGPO:

  • Set the Home page to the company intranet: www.corpnet.local
  • Set Internet Explorer to start with the specified homepage
  • Set the Security level for the Local intranet zone to Low
  • Prevent websites from requesting your physical location. - - 1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  1. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  2. From Server Manager, select Tools > Group Policy Management.
  3. Browse to the GPO. Then, right-click and select Edit....
  4. Browse to the category for Internet Settings.
  5. Right-click Internet Settings and select *New

Internet Explorer 10*.

  1. On the General tab, enter the home page and select the specified startup option.
  2. On the Security tab, select Local intranet, and then move the slider to Low.
  3. On the Privacy tab, select Never allow websites to request your physical location.
  4. Click OK. You are the IT Administrator for a small corporate network. You have noticed that several computer monitors are still on late at night, long after employees have left. You would like to use Group Policy to set consistent power options for computers throughout the company. All workstations are either Windows 7 or Windows 8 and reside in the Workstations OU. Your task is to configure the following Power Option policy settings in the WorkstationGPO policy:
  • Set the policy Action to Update
  • Set the Balanced power plan as the active power plan for all workstations
  • Set the following Advanced Settings:
  • Setting; Hard disk > Turn off hard disk after On battery 60 Minutes Plugged in 120 Minutes
  • Setting; Display > Turn off display after On battery 30 Minutes Plugged in 60 Minutes -
  • Use Group Policy Management to edit the WorkstationGPO. To find the necessary policies, browse to: Computer Configuration\Preferences\Control Panel Settings\Power Options Following are steps that an expert might take to perform the tasks in this lab:
  1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
  2. Right-click the CorpDC2 server and select Connect... (maximize the window for easier viewing if desired).
  3. From Server Manager, select Tools > Group Policy Management.
  4. Browse to the GPO.
  5. Right-click the GPO and select Edit....
  6. Browse to Computer Configuration\Preferences\Control Panel Settings\Power Options.
  7. Right-click Power Options and select New > Power Plan (At least Windows 7).
  8. Select the required settings for this Power Plan and click OK.

Services Management

Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired). From Server Manager, select Tools > Group Policy Management. Browse to the Group Policy Objects container. To restore settings for a GPO, right-click the GPO and select Restore from Backup.... Click Next to begin the wizard. Click Browse..., and then browse to folder where the GPO backup is located. Select the folder, click OK, and then click Next. Select the desired backup, and then click Next. Click Finish to restore the GPO settings. You work as the IT Administrator for a small corporate network. As the company continues to grow, you realize that you will need assistance with managing group policy. You would like to create a group that has the ability to manage group policy so you can assign assistants to the group as needed. Your task in this lab is to delegate group policy management as follows:

  • Create a Global Security Group called GPOAdmins in the Admins container.
  • Delegate the ability to create Group Policy Objects in the domain to the new GPOAdmins group. - - To delegate GPO management, create the GPOAdmins group and add it to the Delegation tab of the Group Policy Objects container in Group Policy Management. Following are steps that an expert might take to perform the tasks in this lab: Create a Group From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired). From Server Manager, select Tools > Active Directory Users and Computers. Browse the Active Directory structure to the Admins container. Right-click the container and select New > Group. Type a name for the group (a pre-Windows 2000 group name will be created automatically). Select a group scope and a group type, and then click OK. Close Active Directory Users and Computers. Delegate Group Policy Management From Server Manager, select Tools > Group Policy Management. Browse to and select the Group Policy Objects container. In the right pane, select the Delegation tab. Click Add.... Type the name of the group, and then click OK. You are the IT Administrator for a small corporate network. As your network grows, you need to delegate common administrative tasks. You have defined the following administrative roles:
  • PasswordAdmins will be able to reset passwords for any user in the domain.
  • ComputerAdmins will be able to join computers to the domain for the entire domain.
  • GPOLinkAdmins will be able to manage GPO links for departmental OUs (Accounting, Marketing, Research-Dev, Sales, and Support). Your task in this lab is to delegate administrative roles on CorpDC to accomplish the following:
  • Create Global security groups in the Users container for each of the administrative roles listed. Use the role name for the group name (do not include a space in the group name).
  • Use the Delegation of Control Wizard to delegate the necessary permissions at the correct level to each group. In the wizard, use the common tasks option for de - - Create a Group and Modify Group Membership
  1. From Hyper-V Manager, click CORPSERVER.

Services Management

Expand the window to view all virtual machines.

  1. Right-click the CorpDC server and select Connect... (maximize the window for easier viewing if desired).
  2. From Server Manager, select Tools > Active Directory Users and Computers.
  3. Browse the Active Directory structure to the parent domain or OU.
  4. Right-click the domain, OU, or other container in which the new group must be created (the group context). From the pop-up menu, click New, then click Group.
  5. Type a name for the group (a pre-Windows 2000 group name will be created automatically, but can be changed).
  6. Select a group scope and a group type, then click OK.
  7. To modify the group membership, right-click the newly-created group and select Properties.
  8. Click the Members tab.
  9. To add a group member (user account, computer account, or other group), use the following steps (repeat to add other group members):
    1. Click Add....
    2. Type the name of the object that you want to add.
  10. Click OK to add the new group member.
  11. To remove a group member, select the member and click Remove.
  12. Click OK to apply the changes. Delegate Administrative Control
  13. From Active Directory Users and Computers, browse the Active Directory structure to the level where you want to delegate control (the domain or an OU).
  14. Right-click the domain or OU and select Delegate Control....
  15. Click Next.
  16. Click Add... to add users or groups.
  17. Type the name of the user or group, then click OK.
  18. Click Next.
    1. To delegate common tasks, select the checkbox(es) next to the task(s) you want to delegate. Click Next.
    2. Click Finish. You are the IT Administrator for a small corporate network. Users on your network have started saving music and video files to your file server. These files are using up a lot of resources. You need to prevent these files from being saved to the server and set quotas on users' directories. Your task is to add the role service to the CorpFiles12 server that will provide you with the required features. - - Use the Add Roles and Features wizard in Server Manager to add the File Server Resource Manager role service to the server. The role service is located under the File and Storage Services role in File and Storage Services > File and iSCSI Services. Following are the steps an expert might use to complete this lab:
    3. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
    4. Right-click the CorpFiles12 server and select Connect... (maximize the window for easier viewing if desired).
    5. From Server Manager, select Manage > Add Roles and Features.
    6. Click Next to begin the Add Roles and Features Wizard.
    7. Select Role-based or feature-based installation and click Next.
    8. Select the desired server from the Server Pool and click Next.
    9. Expand File and Storage Services > File and iSCSI Services.
    10. Select the File Server Resource Manager role service. Click Add Features to include management tools, and then click Next.
    11. Click Next.
    12. Click Install to add the role.

Services Management

viewing if desired).

  1. From Server Manager, select Tools > Files Server Resource Manager.
  2. Expand File Screen Management and select File Screen Templates.
  3. To create a File Screen Template, right-click and select Create File Screen Template....
    • Enter template name and select screening type.
    • Select the file groups to block.
    • On the E-mail Message tab, select notification recipients as required.
    • On the Event Log tab, select to send a warning to the event log as required.
    • Click OK.
  4. To create a File Screen from a File Screen Template, right-click File Screens and select Create File Screen....
    • Enter or browse to select the File Screen path.
    • Verify that Derive properties from this file screen template (recommended) is selected, and then select the specified template.
    • Click Create.
  5. Repeat step 6 as needed to create additional File Screens from File Screen Templates.
    1. To create a File Screen Exception, right-click File Screens and select Create File Screen Exception....
    • Enter or browse to select the Exception path.
    • Select the file groups to exclude from screening.
    • Click OK. You are the IT Administrator for a small corporate network. You would like to simplify file access for various departments using the Distributed File System (DFS). Your implementation will be configured as follows:
    • The CorpDC2 server will host a domain namespace and several replicated folders.
    • The server will replicate with other servers running DFS. Your task in this lab is to add the necessary role services to provide the required features. After adding the role services, create the DFS structure as follows:
      • Create a namespace on server CorpDC2. Users will use \CorpNet\SharedFiles to access the namespace. Create the namespace so that you can use access-based enumeration.
      • Create folders with targets as follows: Folder name Accounting. Target \CorpFiles12\Accounting Folder name Marketing. Target \CorpFiles08\Marketing Folder name Sales. Target \CorpFiles08\Sales - - Add DFS Role Services
    1. From Hyper-V Manager, click CORPSERVER. Expand the window to view all virtual machines.
    2. Right-click the CorpDC2 server and select Connect... (maximize the window for easier viewing if desired).
    3. From Server Manager, select Manage > Add Roles and Features.
    4. Click Next to begin the Add Roles and Features Wizard.
    5. Select Role-based or feature-based installation and click Next.
    6. Select the desired server from the Server Pool and click Next.
    7. Expand File and Storage Services > File and iSCSI Services.
    8. Select the DFS Namespaces role service. Click Add Features to include management tools.
    9. Select the DFS Replication role service. Click Next.
    10. Click Next.
    11. Click Install.
    12. Click Close. Create a Domain-based DFS Namespace
    13. From Server Manager, select Tools > DFS Management.
    14. Right-click Namespaces and select *New

Services Management

Namespace...*.

  1. Enter the server name that will host the namespace. Click Next.
  2. Enter a name for the namespace and click Next.
  3. Make sure Domain-based namespace is selected. To allow access-based enumeration, select Enable Windows Server 2008 mode. Click Next.
  4. Click Create.
  5. Click Close.
  6. To add folders, right-click the namespace and select New Folder....
  7. Enter the folder name and click Add....
  8. Enter the path or browse to the target folder. Click OK.
  9. Click OK.
  10. Repeat steps 8 through 11 as necessary to add additional folders. You work as the IT Security Administrator for a small corporate network. You have placed several documents that are used only by administrators in a folder on CorpServer. You need to secure the contents of the C:\Admins folder so that unauthorized users cannot view the documents in the folder. You also need to allow Susan access to the latest password file in the folder. Complete the following tasks:
    • Encrypt the C:\Admins folder and all of its contents.
    • Add the Susan user account as an authorized user for the C:\Admins\Passwords.xls file. - - To encrypt the folder, edit the folder properties. Use the Advanced... button to view and set the encryption attribute. Complete the following steps:
  11. Click File Explorer in the task bar.
  12. Select the C: volume.
  13. Right-click the Admins folder and select Properties.
    1. Click Advanced....
    2. Select Encrypt contents to secure data. Click OK.
    3. Click OK.
    4. Select the setting to apply encryption to the entire folder and its contents. Click OK.
    5. To authorize additional users for a file, open the Admins folder.
    6. Right-click the file and choose Properties.
    7. Click Advanced....
    8. Click Details.
    9. Click Add....
    10. Select the user and click OK.
    11. Click OK.
    12. Click OK.
    13. Click OK. You work as the IT Administrator for a small corporate network. Employees in Branch Office 1 are working on a very sensitive project. Files for the project are store on the BranchFiles12 server. Management is concerned that if the hard drive in the server were to be stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The BranchFiles12 server has a built-in TPM on the motherboard. Your task in this lab is to configure BitLocker drive encryption as follows:
    - Turn on BitLocker for the *System (C:)* drive. - Turn on and activate the TPM. - Save the recovery key to 
    \CorpFiles12\Backup. - Encrypt the entire drive. - Perform a BitLocker system check. Note: To activate the TPM, restart the server and press the Delete key to enter setup. - - Complete the following steps:
    1. Move the mouse to the lower left-hand corner and click Start when it appears.
    2. Click Control Panel > System and Security > BitLocker Drive Encryption.
    3. Click Turn On BitLocker next to System (C:).