Windows Server 2003 70-290 Chpt. 7-9

The minimum NTFS permissions required to allow users to open documents and run programs stored in a shared folder is "Read & Execute". This permission allows users to view and access the files within the shared folder, as well as execute any programs or scripts contained within it. It does not grant the ability to modify or delete files, ensuring the integrity of the shared folder and its contents.

If the user's account appears normal in Active Directory Users And Computers, it suggests that the computer account might be the issue. By resetting the computer account, disjoining the user's account from the domain, and then rejoining it to the domain, it can help resolve the problem. This process will refresh the computer's connection with the domain and ensure that the computer account is properly recognized by the domain controller.

The correct answer is to create a computer account, disjoin the user's account from the domain, and then rejoin it to the domain. This is because the user received a message stating that the computer cannot contact the domain because the domain controller is down or the computer account might be missing. By creating a new computer account and then disjoining and rejoining the user's account to the domain, it allows for a fresh connection to be established between the computer and the domain, resolving the issue.

To nest the IT Administrators group responsible for the Sales group inside the Sales group, you would access the "Members Of" tab from the Properties page of the IT Administrators group. This tab allows you to add the IT Administrators group as a member of the Sales group, thereby giving its members access to the same resources set by permissions in an ACL as the Sales group.

Integrated Windows Authentication should be chosen in this scenario. This authentication method allows users to authenticate automatically using their Windows credentials without the need for additional login prompts. It leverages the security features of Active Directory and provides a seamless and transparent authentication process for users. Since all users are within the corporate firewall, this method ensures a high level of security for the corporate IIS intranet server without the need for additional infrastructure like certificate services.

To add users to a group, you would access the "Members" tab in the properties of the group. This tab allows you to view and manage the current members of the group and also provides options to add new users to the group.

The correct answer is dsadd user "CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com" –company "Fabrikam, Inc." –dept "Inside Sales". This command-line format uses the dsadd user command to create a user object named "Mark Lee" in the "Inside Sales" OU of the "fabrikam.com" domain. The -company and -dept options are used to set the Company and Department properties of the user object to "Fabrikam, Inc." and "Inside Sales" respectively. The CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com part specifies the distinguished name (DN) of the user object, which includes the OU and domain information.

The most appropriate course of action is to delete the objects. Since the machines have been moved to the new domain, it is no longer necessary to keep their objects in the old domain. Deleting the objects will remove them from the old domain and help maintain a clean and organized Active Directory.

To fulfill the instructions, you need to create a virtual directory on the Web1 server with the alias "hr". This will allow the human resources department to publish their documents containing company benefit and policy information from their own server while using the URL http://intranet.contoso.com/hr. This solution does not require installing IIS on the HR server or the FTP service on Web1, nor does it involve creating a new website on Web1.

The correct command to reset the computer account for Pserver01 in the Pservers OU in the contoso.com domain is "dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com –reset". This command uses the "dsmod" utility to modify the computer object, specifies the correct distinguished name (DN) for the object, and includes the "-reset" parameter to reset the computer account's password.

In this scenario, the group scopes that can be used for assigning permissions on any resource on any domain member computer are Domain Local Group. Domain Local Groups are used to assign permissions within a single domain and can contain user accounts, global groups, and universal groups from any domain. Global Groups are used to organize users within a domain, Universal Groups are used to assign permissions across multiple domains, and security groups are a general term that encompasses all types of groups used for assigning permissions.

not-available-via-ai

In this scenario, the group scope that can be used as a security principal in any domain in the forest is Global. The reason for this is that a Windows NT 4 domain can only have global groups, and since contoso_north is a trusted domain, it can only support global groups as well. Therefore, in order to maintain compatibility and ensure that the groups can be used across the trust, the group scope should be set to Global.

Windows 2000, Windows NT 4, Windows XP, and Windows Server 2003 are capable of joining to a computer object in an Active Directory domain. These operating systems have the necessary functionality and compatibility to connect to and interact with an Active Directory domain. Windows 98, on the other hand, does not have this capability and cannot join a computer object in an Active Directory domain.

In a Windows Server 2003 domain functional level, security principals that can be a member of a global group include users, computers, and other global groups. Universal groups, on the other hand, cannot be a member of a global group in this domain.

Netdom.exe and Dsadd.exe are the correct command-line tools for creating a computer object in Active Directory. Netdom.exe is a command-line tool used to manage domain trusts, join computers to a domain, and create computer accounts. Dsadd.exe is a command-line tool used to create various objects in Active Directory, including computer objects. Dsmod.exe is used to modify existing objects, Dsrm.exe is used to delete objects, and Net.exe is used for various network-related tasks but not specifically for creating computer objects in Active Directory.

A custom MMC console containing the Shared Folders snap-in enables you to create a share on a remote server by providing a user-friendly interface to manage shared folders on the remote server. The Shared Folders snap-in allows you to create, modify, and delete shared folders on the remote server.

The Computer Management console also enables you to create a share on a remote server. It provides a centralized management tool that includes various snap-ins, including the Shared Folders snap-in, allowing you to manage shared folders on remote servers.

Windows Explorer running on the local machine, connected to the remote computer's ADMIN$ share, does not directly enable you to create a share on a remote server. It only provides access to the administrative share on the remote computer.

Net.exe is a command-line tool that allows you to manage various network resources, but it does not specifically enable you to create a share on a remote server.

One possible cause of the failure to delete a global security group in the Active Directory Users And Computers console could be that one of the group's members has the group set as its primary group. This would prevent the group from being deleted as it is still being used as the primary group for that member. Another possible cause could be that the user attempting to delete the group does not have the proper permissions for the container in which the group is located. Without the necessary permissions, the user would not have the authority to delete the group.

The group scope modifications that are not permitted are Domain local to local and Global to domain local. Domain local groups are specific to a domain and cannot be converted to local groups within the same domain. Similarly, global groups are specific to a domain and cannot be converted to domain local groups within the same domain. Therefore, modifying the scope from domain local to local or from global to domain local is not allowed.

To create a Windows Server 2003 computer account in an OU in a domain, the minimum group memberships required are Account Operators on a domain controller and Administrators on the computer. The Account Operators on a domain controller group is needed to create the computer account in the Active Directory. The Administrators on the computer group is necessary to have the required privileges to create the computer account on the specific computer.

To enable Bill to access the spreadsheet document, you can modify the permissions on the spreadsheet document itself by adding the permission "Bill:Allow Read." This will grant Bill the necessary access to view the document. Additionally, you can modify the permissions on the spreadsheet document by deselecting "Allow Inheritable Permissions," selecting "Copy," and removing the "Deny" permission. This will override the inherited permissions and allow Bill to access the document. Lastly, you can remove Bill from the group that is assigned the "Deny" permission, which will also grant him access to the document.