Which two actions should you perform?

Your network contains an Active Directory domain named contoso.com. The domain
contains a file server named Server1 and a domain controller named DC1. All servers run
Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied
access to the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.
Enable the Enable access-denied assistance on client for all file types policy setting for
GPO1.

B.
Configure the Customize message for Access Denied errors policy setting of GPO1.

C.
Install the File Server Resource Manager role service on DC1.

D.
Install the File Server Resource Manager role service on Server1.

E.
Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users
group.

Show Hint

← Previous question

Next question →

Leave a Reply 15

Jim

I believe the correct answers should be A and B

noname

Answer A & B

https://technet.microsoft.com/en-us/library/hh831402.aspx

To configure access-denied assistance for all file types by using Group Policy
…

To specify a separate access-denied message for a shared folder by using File Server Resource Manager
…

Iva

Maybe they’ve changed the answers around but you need FSRM installed so it is B + C

Iva

Opps, I meant B + D 🙂

pancake

fsrm needs to be installed, so B and D

Ben

If you look at the Group Policy descriptions, Customize message for Access Denied errors does not need to be configured. Users that are denied access will just get a default message. Enable Access-denied assistance on client for all file types needs to be enabled. Finally, according to every trainer and Microsoft exam specialist, unless the question states a roles or feature is installed or configured, you should assume the default state. This means that File Server Resource Manager role needs to be installed.

So I think that the Answers are
A.
Enable the Enable access-denied assistance on client for all file types policy setting for
GPO1.

D.
Install the File Server Resource Manager role service on Server1.

Annihilator

…but ask the specialists and trainers why they would use 2 solutions (GPO and the FSRM role) to configure Access-denied assistance. That doesn’t make sense. If you go for D you miss the ‘request assistance’ demand. Beside that, you can’t use FSRM and the GPO at the same time. This means you have to drop answer A. So if you go for D, what is you second answer then?

Jobe

Answer is A+D

We need to understand the way MS are asking the questions.

This question clearly states (Each correct answer presents part of the solution. Choose two.)

This Means that “Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.” is a part of one solution,
and “Install the File Server Resource Manager role service on Server1.” is a part of another solution.
Both parts need additional configuration, but both are part of a solution.

If the answer should have been A+B, then MS would have stated “(Each correct answer presents part of the COMPLETE solution. Choose two.)

So since we can use both GPO and FSRM to achieve assistance, the answer is A+D since they don’t ask for the coomplete solution, just parts of it.

hope this helps

Annihilator

I go A + B:

Arguments:
– The question is clear about using a GPO solution (and we have an AD).
– There is no reason using the File Server Resource Manager if we are using a GPO (unless we can’t provide a solution).
– Only installing the FSRM role doesn’t fulfill the ‘request assistance’ demand.
– It’s not possible to configure ‘Access-denied assistance’ via GPO and FSRM at the same time. When you use the GPO setting, FSRM settings are disabled according to this video (https://www.youtube.com/watch?v=2ya5trYTXDE at 6:42)

Enough reasons for me to chose A and B

ATLJason

Without FSRM installed, how are you going to configure who the user’s request for assistance gets sent TO? You can configure all the GPO settings you want, but the user’s request will never be sent to anyone unless you install FSRM and configure the email settings. I think that makes the answer A and D.

https://technet.microsoft.com/en-us/library/hh831402.aspx

Relevant section:

Step 2: Configure the email notification settings

You must configure the email notification settings ON EACH FILE SERVER that will send the access-denied assistance messages.

Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.

Right-click File Server Resource Manager (Local), and then click Configure Options.

Click the Email Notifications tab.

Configure the following settings:

In the SMTP server name or IP address box, type the name of IP address of the SMTP server in your organization.

In the Default administrator recipients and Default “From” e-mail address boxes, type the email address of the file server administrator.

kyo

I agree with this answer.

Leanne

A and B

http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

ChaserZX

Am I missing something because FSRM is required for access denied even if you enable GPO it’s still required?

TheoneTruePotato

It’s A and D

Technically you don’t need to “customize the message” ruling out B.

CSGO

Great looking website. Assume you did a great deal of your very ownyour very own coding
CSGO http://www.publicenemy.com.hk/forum/home.php?mod=space&uid=538095&do=profile&from=space