DRAG DROP
Your network contains an Active Directory domain named contoso.com. All file servers in the
domain run Windows Server 2012 R2.
The computer accounts of the file servers are in an organizational unit (OU) named OU1. A Group
Policy object (GPO) named GPO1 is linked to OU1.
You plan to modify the NTFS permissions for many folders on the file servers by using central access
policies.
You need to identify any users who will be denied access to resources that they can currently access
once the new permissions are implemented.
In which order should you Perform the five actions?
Explanation:
* Configure a central access rule
* Configure a central access policy (CAP) (with help of central access rules)
* Deploy the central access policy (through GPO)
* Modify security settings
* Check the resultDeploy a Central Access Policy (Demonstration Steps)
http://technet.microsoft.com/en-us/library/hh846167.aspx
Have doubts – if CAR in GPO is modified first then would it cause false events of lacko of access in time until security settings are not modified? Would it be prevented if security settings are changed firs and then afterwards GPO?
Maybe because if you create CAR an CAP correctly and then modify security settings, users wouldn’t lose access to resources?
Just thinking out loud…
Box 1: Create a central access rule.
Box 2: Create a central access policy.
Box 3: In GPO1, MODIFY the Audit Central Access Policy Staging setting & configure the Central Access Policy settings.
Box 4: Modify the Secuirty settings of the shared folders on the file servers.
Box 5: Search for FALIURE events in the security logs from the file server.
yes answer is correct but it is poorly written
Box 1: Create a central access rule.
Box 2: Create a central access policy.
Box 3: In GPO1, MODIFY the Audit Central Access Policy Staging setting & configure the Central Access Policy settings.(this requires explanation as you are setting the staging which would typically happen during central access rule creation; but it also configure CAP settings which is making the cap availalbe to objects on file servers which can only happen after CAP has been created.
Box 4: Modify the Secuirty settings of the shared folders on the file servers.( a cenrtal policy tab now appears on the advanced security settings and you can choose to apply it to the file/folder object)
Box 5: Search for FALIURE events in the security logs from the file server.
What a information of un-ambiguity and preserveness of valuable experience concerning unexpected emotions.|