Nt2580 Unit 7 Questions And Answers
Lab 7 worksheet
Employing Security Concepts
This lab contains the following exercises:
Exercise 7.1 Using Naming Standards and Secure Passwords
Exercise 7.2 Employing Administrator Account Security
Exercise 7.3 Delegating Administrative Responsibility
Estimated lab time: 55 minutes
Exercise 7.2
Employing Administrator Account Security
Overview
You must demonstrate the various methods for using the runas utility to allow administrators to reduce the exposure of administrative accounts.
Completion time
20 minutes
■ PART A: Using Runas from the Command Prompt
Question 1
Were you able to reset your password?
No, I was denied access because I don’t have administrative privileges.
Question 2
Why were you successful this time?
Yes.
Exercise 7.3
Delegating Administrative Responsibility
Overview
You must now create an administrative structure that you can use for new administrators. Group administrators into separate global groups. Then, create a universal group that can be used to give new administrators permissions equivalent to the local administrators of each domain.
Completion time
30 minutes
■ PART A: Delegating Control on the Domain
2. Press Ctrl+Prt Scr to take a screen shot of the copmmand prompt windows showing the three user accounts were succesffully added, and then press Ctrl+V to paste the resulting image into the lab07_worksheet file in the page provided.
14. Press Ctrl+Prt Scr to take a screen shot of the Active Directory Users and Computers console showing that the User1 and User2 accounts have been moved to the Mgmt1 OU, and then press Ctrl+V to paste the resulting image into the lab07_worksheet file in the page provided.
■ PART B: Testing Delegated Permissions on the Parent Domain
Question 3
Why can the manager change a user's password in the Mgmt1 OU but cannot delete a user's account?
The manager is the lead over the organizational unit but it takes an administrator to delete an account
Question 4
Is the manager account able to change an account password outside of the Mgmt1 OU?
No. Access is denied.
Employing Security Concepts
This lab contains the following exercises:
Exercise 7.1 Using Naming Standards and Secure Passwords
Exercise 7.2 Employing Administrator Account Security
Exercise 7.3 Delegating Administrative Responsibility
Estimated lab time: 55 minutes
Exercise 7.2
Employing Administrator Account Security
Overview
You must demonstrate the various methods for using the runas utility to allow administrators to reduce the exposure of administrative accounts.
Completion time
20 minutes
■ PART A: Using Runas from the Command Prompt
Question 1
Were you able to reset your password?
No, I was denied access because I don’t have administrative privileges.
Question 2
Why were you successful this time?
Yes.
Exercise 7.3
Delegating Administrative Responsibility
Overview
You must now create an administrative structure that you can use for new administrators. Group administrators into separate global groups. Then, create a universal group that can be used to give new administrators permissions equivalent to the local administrators of each domain.
Completion time
30 minutes
■ PART A: Delegating Control on the Domain
2. Press Ctrl+Prt Scr to take a screen shot of the copmmand prompt windows showing the three user accounts were succesffully added, and then press Ctrl+V to paste the resulting image into the lab07_worksheet file in the page provided.
14. Press Ctrl+Prt Scr to take a screen shot of the Active Directory Users and Computers console showing that the User1 and User2 accounts have been moved to the Mgmt1 OU, and then press Ctrl+V to paste the resulting image into the lab07_worksheet file in the page provided.
■ PART B: Testing Delegated Permissions on the Parent Domain
Question 3
Why can the manager change a user's password in the Mgmt1 OU but cannot delete a user's account?
The manager is the lead over the organizational unit but it takes an administrator to delete an account
Question 4
Is the manager account able to change an account password outside of the Mgmt1 OU?
No. Access is denied.