Which objects should you grant permissions to?

A company has an Active Directory Domain Services (AD DS) environment. All domain controllers run
Windows Server 2012 R2. The company also has a virtualization infrastructure that consists of two Hyper-V
host servers. The host servers and all of the virtual machine (VMs) run Windows Server 2012 R2.
The company must deploy VMs by using file shares that use the Server Message Block (SMB) protocol. You
create a file share. You must follow the principle of least privilege.
You need to implement the NTFS and share permissions required to use the file share.
Which objects should you grant permissions to?

A company has an Active Directory Domain Services (AD DS) environment. All domain controllers run
Windows Server 2012 R2. The company also has a virtualization infrastructure that consists of two Hyper-V
host servers. The host servers and all of the virtual machine (VMs) run Windows Server 2012 R2.
The company must deploy VMs by using file shares that use the Server Message Block (SMB) protocol. You
create a file share. You must follow the principle of least privilege.
You need to implement the NTFS and share permissions required to use the file share.
Which objects should you grant permissions to?

A.
Hyper-V service accounts and the LocalSystem account

B.
LocalSystem and all Hyper-V administrators

C.
computer objects for the VMs, the SYSTEM account,and all Hyper-V administrators

D.
computer objects for the Hyper-V host servers, the SYSTEM account, and all Hyper-V administrators

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Matt

Matt

The answer is D:

How to Assign SMB 3.0 File Shares to Hyper-V Hosts and Clusters in VMM
http://technet.microsoft.com/en-us/library/jj614620.aspx#BKMK_AssignShare

By default, the Run As account that was used to add the host to VMM is listed. If you want to change the Run As account, click Browse, and then select an existing Run As account, or click Create Run As Account to create a new account. You cannot use the same account that you used for the VMM service account.

If you used a domain account for the VMM service account, add the domain account to the local Administrators group on the file server.

If you used the local system account for the VMM service account, add the computer account for the VMM management server to the local Administrators group on the file server. For example, for a VMM management server that is named VMMServer01, add the computer account VMMServer01$.

Any host or host cluster that accesses the SMB 3.0 file share must have been added to VMM by using a Run As account. VMM automatically uses this Run As account to access the SMB 3.0 file share.

noteNote
If you specified explicit user credentials when you added a host or host cluster, you can remove the host or cluster from VMM, and then add it again by using a Run As account.

Reply