You need to ensure that a user named User1 can back up and restore files on Server1

Your network contains an Active Directory domain. The domain contains a file server named Server1 that runs Windows Server 2008 R2. You need to ensure that a user named User1 can back up and restore files on Server1. The solution must minimize the number of user rights assigned to User1. What should you do?

Your network contains an Active Directory domain. The domain contains a file server named Server1 that runs Windows Server 2008 R2. You need to ensure that a user named User1 can back up and restore files on Server1. The solution must minimize the number of user rights assigned to User1. What should you do?

A.
Add User1 to the Server Operators group.

B.
Assign the Backup files and directories user right to User1.

C.
Add User1 to the Backup Operators group.

D.
Assign the Perform volume maintenance tasks user right to User1.

Show Hint

Leave a Reply 5

Your email address will not be published. Required fields are marked *

dobber

dobber

believe the correct answer is: “C. Add User1 to the Backup Operators group.”

BACKUP OPERATORS group definition: Members of this group can back up and restore all files on domain controllers in the domain, regardless of their own individual permissions on those files. Backup Operators can also log on to domain controllers and shut them down. This group has no default members. Because this group has significant power on domain controllers, add users with caution.

Reply

Jonny

Jonny

You shouldn´d add the user1 to backup operator group, beuse the question says to minimize user rights: The solution must minimize the number of user rights assigned to User1.

Reply

nrkmann

nrkmann

If you assign Assign the Backup files and directories user right to User1, then user1 cannot restore files (a requirement). But they can take the files and do what they want with them.

MS cautions, “Assigning this user right can be a security risk. Since there is no way to be sure that a user is backing up data, stealing data, or copying data to be distributed, only assign this user right to trusted users.”

Reply

netuser258

netuser258

Answer is C – “Add User1 to the Backup Operators group.”

Although it has more rights than needed such as logging into & shutting down a domain controller, it doesn’t mean it is a network wide setting. You only add user1 to this group “locally” on server1.

Also as nrkmann stated, the “Assign the Backup files and directories user right to User1” doesn’t give “write” rights so user1 wouldn’t be able to restore the files.

Reply