ShikenPASSを通してMicrosoft 70-411 前提条件試験に合格することがやすくて、Microsoft 70-411 前提条件試験をはじめて受ける方はShikenPASSの商品を選んで無料なサンプル（例年の試験問題集と解析）をダウンロードしてから、楽に試験の現場の雰囲気を体験することができます。オンラインにいろいろなMicrosoft 70-411 前提条件試験集があるですけれども、弊社の商品は一番高品質で低価額で、試験の問題が絶えず切れない更新でテストの内容ともっとも真実と近づいてお客様の合格が保証いたします。それほかに、弊社の商品を選んで、勉強の時間も長くではありません。できるだけ早くMicrosoft 70-411 前提条件認定試験「Administering Windows Server 2012」を通ろう。
NO.1 Your network contains an Active Directory domain named contoso.com. The domain contains
more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO.
You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?
H. Gpedit. msc
70-411 受験料 70-411 割引
Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state
after initial installation).
Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx
NO.2 Your network contains an Active Directory domain named contoso.com. The domain contains
a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access the share, they receive the Access
Denied message as shown in the exhibit. (Click the Exhibit button.)
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?
A. The Storage Services server role
B. The Enhanced Storage feature
C. The Remote Assistance feature
D. The File Server Resource Manager role service
70-411 指導 70-411 取得
Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each
relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let's do that quickly
with Windows PowerShell:
Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress
email@example.com -FromEmailAddress firstname.lastname@example.org
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To
my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers' Active Directory computer
accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are
looking for the following path to configure Access-Denied Assistance: \Computer
Configuration\Policies\Administrative Templates\System\Access-Denied Assistance The Customize
message for Access Denied errors policy, shown in the screenshot below, enables us to create the
actual message box shown to users when they access a shared file to which their user account has no
What's cool about this policy is that we can "personalize" the e-mail notifications to give us
administrators (and, optionally, file owners) the details they need to resolve the permissions issue
quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the
administrator e-mail address, and so forth. See this example:
Whoops! It looks like you're having trouble accessing [Original File Path]. Please click Request
Assistance to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the
cryptic, non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client
computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO
scope accordingly to "hit" your domain workstations as well as your Windows Server 2012 file
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows
Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience
feature on your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the
custom Access-Denied Assistance message should appear: If the user clicks Request Assistance in the
Network Access dialog box, they see a secondary message:
At the end of this process, the administrator(s) will receive an e-mail message that contains the key
information they need in order to resolve the access problem: The user's Active Directory identity
The full path to the problematic file A user-generated explanation of the problem
So that's it, friends! Access-Denied Assistance presents Windows systems administrators with an
easy-to-manage method for more efficiently resolving user access problems on shared file system
resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your
client devices must run Windows 8, but other than that, this is a great technology that should save
admins extra work and end-users extra headaches.
Reference: http: //4sysops. com/archives/access-denied-assistance-in-windows-server2012/
NO.3 Your network contains an Active Directory domain named contoso.com. All domain controllers
run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the
password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the fine-grained
Which two object types should you identify? (Each correct answer presents part of the solution.
A. Global groups
B. Universal groups
E. Domain local groups
70-411 回答 70-411 ファンデーション
First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained
password policies ONLY apply to user objects, and global security groups. Linking them to universal or
domain local groups is ineffective. I know what you're thinking, what about OU's? Nope, Fine-grained
password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in
mind is, by default only members of the Domain Admins group can set fine-grained password
policies. However, you can delegate this ability to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used
instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups: References: http:
//technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx http: //technet. microsoft.
com/en-us/library/cc731589%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-
us/library/cc770848%28v=ws. 10%29. aspx http: //www. brandonlawson. com/active-
NO.4 Your network contains an Active Directory domain named contoso.com. The domain contains
an organizational unit (OU) named IT and an OU named Sales.
All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located
in the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a
global security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:
- Reset the passwords of the sales users.
- Force the sales users to change their password at their next logon.
What should you do?
A. Right-click the IT OU and select Delegate Control.
B. Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter.
C. Right-click the Sales OU and select Delegate Control.
D. Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter.
G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales
You can use the Delegation of Control Wizard to delegate the Reset Password permission to the
References: http: //support. microsoft. com/kb/296999/en-us http: //support. microsoft.
com/kb/296999/en-us http: //technet. microsoft. com/en-us/library/cc732524. aspx