Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to
the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
B.
Configure the Customize message for Access Denied errors policy setting of GPO1.
C.
Install the File Server Resource Manager role service on DC1.
D.
Install the File Server Resource Manager role service on Server1.
E.
Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
Explanation:
* To configure access-denied assistance by using Group Policy
Open Group Policy Management. In Server Manager, click Tools, and then click Group Policy
Management.
Right-click the appropriate Group Policy, and then click Edit.
Click Computer Configuration, click Policies, click Administrative Templates, click System, and then
click Access-Denied Assistance.
Right-click Customize message for Access Denied errors, and then click Edit.
Select the Enabled option.
Etc
*You can configure access-denied assistance within a domain by using Group Policy, or you can
configure the assistance individually on each file server by using the File Server Resource Manager
console.
Reference: Deploy Access-Denied Assistance
According to the explanation given, would the answer not be B and D?
0
0
Not sure about this one.
But I think as described in this technet article: https://technet.microsoft.com/en-us/library/hh831402.aspx?f=255&MSPPError=-2147217396#BKMK_1
the right answer should be: A+B
But I have to test this to be sure π
0
0
@BlaBla – The reason I say D is that even in the article you reference it gives intructions on how to use FSRM.
0
0
Nevermind, I see the error of ways. A and B is the correct answer.
0
0
The correct answer is A and D. You can’t do anything with Access Denied Assistance unless the file server has FSRM installed first, and then you configure the GPO. Option B would then be the third step (if three choices were allowed)
1
0
I suppose A and D.
At first you need to install FSRM role service.
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy.
To configure access-denied assistance by using File Server Resource Manager
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure Options.
Click the Access-Denied Assistance tab.
Select the Enable access-denied assistance check box.
In the Display the following message to users who are denied access to a folder or file box, type a message
that users will see when they are denied access to a file or folder.
The Customize message for Access Denied errors policy is intended for enabling Access-Denied Assistance for File Server via Group Policy,
but because a Group Policy object (GPO) named GPO1 is linked to the domain, and not to File Server, so then :
The Enable access-denied assistance on client for all file types policy should be enabled to force
client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO
scope accordingly to βhitβ your domain workstations as well as your Windows Server 2012 file servers.
More information :
https://technet.microsoft.com/en-us/library/hh831402.aspx
https://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/
0
0
Dear “Ex”, its “OR”; look closer at the site https://technet.microsoft.com/en-us/library/hh831402.aspx you already mentioned.
It says:
You can configure access-denied assistance within a domain by using Group Policy, OR you can configure the assistance individually on each file server by using the File Server Resource Manager console. You can also change the access-denied message for a specific shared folder on a file server.
You can use eighter GP OR FSRM; so I think you don’t need FRSM because you can a;ready use GP!
0
1
Dear “johnpp”. Read your reference article and then read the question. It talks about 2 distinct things.
1. configure access-denied assistance within a domain by using Group Policy
2. configure access-denied assistance individually on each file server by using the File Server Resource Manager console
A and D are the correct answers.
Its not a OR situation here, its an AND situation. Read the question.
3
0
you should install FSRM first
then you have 2 choices to achieve this
1.enable access denied assistance and set customized message from FSRM
2.enable access denied assistance and set customized message via GPO
if set GPO ,the FSRM setting will not take effective.
i think the question is wrong,right answer D->A->B
I learn it from MOAC books ,but i haven’t test in lab
i wonder if GOP works without FSRM
who can test.
0
0
A and B without installing FSRM could be possible, did not have a chance to test it fully, however.
B option makes it so that you can request assistance and email a predefined set of users. This is the same with the FSRM option however both cannot be enabled at the same time.
imo AB works
AD works as well
My take on this:
You are asked to configure this only for resources on Server1. While you can create a GPO to suit that purpose, additional configuration is required. You will also have to modify the GPO settings and only allow read for Server1 if you want to apply it only to Server1 resources.
The FSRM option is a more straight-forward approach, so I tend to prefer that.
0
0
Answer is A and B.
Did this in my lab with ONLY GPO settings linked. Did not have to install and/or configure FSM.
1
0
Yes, this can be done with FSRM, but “A Group Policy object (GPO) named GPO1 is linked to the domain.” so you do not have to mess with FSRM at this point.
0
0
B: Customize message for Access Denied errors:
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
And D
0
1