server 2008 70--640考试文档 (可打印)
2008 server 640考试试题Exam A
QUESTION 1
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:
You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do?
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the
HKLM\Software\Microsoft\Cryptography\MS CEP\ HashAlgorithm\HashAlgorithm registry key.
Answer: D
Section: Configuring AD DNS
QUESTION 2
.Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA). You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7.
You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1?
A.certreq.exe –retrieve
B.certreq.exe –submit
C.certutil.exe –getkey
D.certutil.exe -pulse
Answer: D
Section: Configuring AD Certificate Services
QUESTION 3
.Your network contains two Active Directory forests named https://www.docsj.com/doc/e818752075.html, and https://www.docsj.com/doc/e818752075.html,. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the https://www.docsj.com/doc/e818752075.html, forest to allow users from both forests to automatically enroll user certificates.
You need to ensure that all users in the https://www.docsj.com/doc/e818752075.html, forest have a user certificate from the https://www.docsj.com/doc/e818752075.html, certification authority (CA).
What should you configure in the https://www.docsj.com/doc/e818752075.html, domain?
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings. Answer: C
Section: Configuring AD Certificate Services
QUESTION 4
.You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed:
-Enterprise root certification authority (CA)
-Certificate Enrollment Web Service
-Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate.
You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template. What should you do on Server1?
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe -dspublish.
D.Restart the Active Directory Certificate Services service.
Answer: A
Section: Configuring AD Certificate Services
QUESTION 5
.Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do?
A.Run syskey.exe and use the Update option.
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
Answer: C
Section: Configuring AD Certificate Services
QUESTION 6
.You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card. Your company's corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do? A.Revoke the employee's smart card certificate.
B.Disable the employee's Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employee's Active Directory account.
Answer: B
Section: Configuring AD Certificate Services
QUESTION 7
.You add an Online Responder to an Online Responder Array. You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array. What should you do?
A.From Network Load Balancing Manager, set the priority ID of the new Online Responder
to 1.
B.From Network Load Balancing Manager, set the priority ID of the new Online Responder
to 32.
C.From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D.From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.
Answer: C
Section: Configuring AD Certificate Services
QUESTION 8
.Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping. You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site.
What should you do?
A.Run certutil.exe -crl.
B.Run certutil.exe
-delkey.
C.From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.From Active Directory Users and Computers, modify the Contact object for the external partner.
Answer: A
QUESTION 9
.Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named https://www.docsj.com/doc/e818752075.html,.
The https://www.docsj.com/doc/e818752075.html, domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the https://www.docsj.com/doc/e818752075.html, DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries
in the event that a WAN link fails. What should you do?
A.Create a new stub zone named
https://www.docsj.com/doc/e818752075.html, on DC2.
B.Configure the DNS server on DC2 to forward requests to DC1.
C.Create a new secondary zone named
https://www.docsj.com/doc/e818752075.html, on DC2.
D.Convert the https://www.docsj.com/doc/e818752075.html, zone on DC1 to an Active Directory-integrated zone. Answer: D
QUESTION 10
.Your company has two domain controllers that are configured as internal DNS servers. All zones on the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates. You discover that the https://www.docsj.com/doc/e818752075.html, zone has multiple entries for the host names of computers that do not exist. You need to configure the https://www.docsj.com/doc/e818752075.html, zone to automatically remove expired records. What should you do?
A.Enable only secure updates on the https://www.docsj.com/doc/e818752075.html, zone.
B.Enable scavenging and configure the refresh interval on the https://www.docsj.com/doc/e818752075.html, zone.
C.From the Start of Authority tab, decrease the default refresh interval on the https://www.docsj.com/doc/e818752075.html, zone.
D.From the Start of Authority tab, increase the default expiration interval on the https://www.docsj.com/doc/e818752075.html, zone.
Answer: B
QUESTION 11
.Your company has a main office and a branch office. The company has a single-domain Active Directory forest.
The main office has two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2 read-only domain controller (RODC) named DC3. All domain controllers hold the DNS Server server role and are configured as Active Directory- integrated zones. The DNS zones only allow secure updates.
You need to enable dynamic DNS updates on DC3. What should you do?
A.Run the Ntdsutil.exe DS Behavior commands on DC3.
B.Run the Dnscmd.exe /ZoneResetType command on DC3.
C.Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
D.Create a custom application directory partition on DC1. Configure the partition to store Active Directory-integrated zones. Answer: C
QUESTION 12
.Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named https://www.docsj.com/doc/e818752075.html,. Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for https://www.docsj.com/doc/e818752075.html,.
You need to configure the https://www.docsj.com/doc/e818752075.html, zone to resolve client queries for at least four days in the event that a WAN link fails. What should you do?
A.Configure the Expires after option for the https://www.docsj.com/doc/e818752075.html, zone to 4 days.
B.Configure the Retry interval option for the https://www.docsj.com/doc/e818752075.html, zone to 4 days.
C.Configure the Refresh interval option for the https://www.docsj.com/doc/e818752075.html, zone to 4 days.
D.Configure the Minimum (default) TTL option for the https://www.docsj.com/doc/e818752075.html, zone to 4 days. Answer: A
QUESTION 13
.Your company has an Active Directory domain named https://www.docsj.com/doc/e818752075.html,. The company network has two DNS servers named DNS1 and DNS2.
The DNS servers are configured as shown in the following table:
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites.
You need to enable Internet name resolution for all client computers.
What should you do?
A.Create a copy of the .(root) zone on DNS1.
B.Update the list of root hints servers on DNS2.
C.Update the Cache.dns file on DNS2. Configure conditional forwarding on DNS1.
D.Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2. Answer: D
QUESTION 14
.Your company has an Active Directory domain named https://www.docsj.com/doc/e818752075.html,. FS1 is a member server in https://www.docsj.com/doc/e818752075.html,.
You add a second network interface card,
NIC2, to FS1 and connect NIC2 to a subnet that contains computers in a DNS domain named https://www.docsj.com/doc/e818752075.html,.
https://www.docsj.com/doc/e818752075.html, has a DHCP server and a DNS server.
Users in https://www.docsj.com/doc/e818752075.html, are unable to resolve FS1 by using DNS. You need to ensure that FS1 has an A record in the https://www.docsj.com/doc/e818752075.html, DNS zone. What are two possible ways to achieve this goal?
(Each correct answer presents a complete solution. Choose two.)
A.Configure the DHCP server in https://www.docsj.com/doc/e818752075.html, with the scope option 044 WINS/NBNS Servers.
B.Configure the DHCP server in https://www.docsj.com/doc/e818752075.html, by setting the scope option 015 DNS Domain Name to the domain name https://www.docsj.com/doc/e818752075.html,.
C.Configure NIC2 by configuring the Append these DNS suffixes (in order): option.
D.Configure NIC2 by configuring the Use this connection's DNS suffix in DNS registration option.
E.Configure the DHCP server in https://www.docsj.com/doc/e818752075.html, by setting the scope option 015 DNS Domain Name to the domain name https://www.docsj.com/doc/e818752075.html,. Answer: BD
QUESTION 15
.Your network consists of an Active Directory forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers. You have a standard primary zone for
https://www.docsj.com/doc/e818752075.html, that is stored on a member server.
You need to ensure that all domain controllers
can resolve names from the https://www.docsj.com/doc/e818752075.html, zone. What should you do?
A.On the member server, create a stub zone.
B.On the member server, create a NS record for each domain controller.
C.On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the forest.
D.On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.
Answer: C
QUESTION 16
.You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server.
You need to record all inbound DNS queries to the server.
What should you configure in the DNS Manager console?
A.Enable debug logging.
B.Enable automatic testing for simple queries.
C.Enable automatic testing for recursive queries.
D.Configure event logging to log errors and warnings.
Answer: A
QUESTION 17
.Your network consists of an Active Directory forest named https://www.docsj.com/doc/e818752075.html,. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers. The https://www.docsj.com/doc/e818752075.html, DNS zone is stored in the ForestDnsZones Active Directory application partition.
You have a member server that contains a standard primary DNS zone for
https://www.docsj.com/doc/e818752075.html,.
You need to ensure that all domain controllers can resolve names for https://www.docsj.com/doc/e818752075.html,. What should you do?
A.Create a NS record in the https://www.docsj.com/doc/e818752075.html, zone.
B.Create a delegation in the https://www.docsj.com/doc/e818752075.html, zone.
C.Create a standard secondary zone on a Global Catalog server.
D.Modify the properties of the SOA record in the https://www.docsj.com/doc/e818752075.html, zone.
Answer: B
QUESTION 18
.Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active
Directory-integrated zone for https://www.docsj.com/doc/e818752075.html,. You have a UNIX-based DNS server.
You need to configure your Windows Server 2008 R2 environment to allow zone transfers of the https://www.docsj.com/doc/e818752075.html, zone to the UNIX-based DNS server.
What should you do in the DNS Manager console?
A.Disable recursion.
B.Create a stub zone.
C.Create a secondary zone.
D.Enable BIND secondaries.
Answer: D
QUESTION 19
.Your network consists of an Active Directory forest that contains one domain named https://www.docsj.com/doc/e818752075.html,.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: https://www.docsj.com/doc/e818752075.html, and https://www.docsj.com/doc/e818752075.html,. You need to ensure a user is able to modify records in the https://www.docsj.com/doc/e818752075.html, zone. You must prevent the user from modifying the SOA record in the https://www.docsj.com/doc/e818752075.html, zone.
What should you do?
A.From the DNS Manager console, modify the
permissions of the https://www.docsj.com/doc/e818752075.html, zone.
B.From the DNS Manager console, modify the permissions of the https://www.docsj.com/doc/e818752075.html, zone.
C.From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
D.From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).
Answer: A
QUESTION 20
.Contoso, Ltd. has an Active Directory domain named https://www.docsj.com/doc/e818752075.html,. Fabrikam, Inc. has an Active Directory domain named
https://www.docsj.com/doc/e818752075.html,.
Fabrikam's security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network.
You need to ensure that the Contoso users are able to resolve names from the https://www.docsj.com/doc/e818752075.html, domain. What should you do?
A.Create a new stub zone for the
https://www.docsj.com/doc/e818752075.html, domain.
B.Configure conditional forwarding for the https://www.docsj.com/doc/e818752075.html, domain.
C.Create a standard secondary zone for the https://www.docsj.com/doc/e818752075.html, domain.
D.Create an Active Directory-integrated zone for the https://www.docsj.com/doc/e818752075.html, domain. Answer: B
Exam B
QUESTION 1
.Your company has an Active Directory domain named https://www.docsj.com/doc/e818752075.html,. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS Server server role installed.
You install a new DNS server named
https://www.docsj.com/doc/e818752075.html, on the perimeter network. You configure DC1 to forward all unresolved name requests to https://www.docsj.com/doc/e818752075.html,.
You discover that the DNS forwarding option is unavailable on DC2. You need to configure DNS forwarding on the DC2 server to point to the https://www.docsj.com/doc/e818752075.html, server. Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)
A.Clear the DNS cache on DC2.
B.Delete the Root zone on DC2.
C.Configure conditional forwarding on DC2.
D.Configure the Listen On address on DC2. Answer: BC
QUESTION 2
.Your network consists of an Active Directory forest that contains one domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active Directory- integrated zone.
You have two Active Directory sites. Each site contains five domain controllers.
You add a new NS record to the zone.
You need to ensure that all domain controllers immediately receive the new NS record. What should you do?
A.From the DNS Manager console, reload the zone.
B.From the Services snap-in, restart the DNS Server service.
C.From the command prompt, run repadmin /syncall.
D.From the DNS Manager console, increase the version number of the SOA record. Answer: C
QUESTION 3
.You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is configured as a DNS server for https://www.docsj.com/doc/e818752075.html,. You install the DNS Server server role on a member server named Server1 and then you create a standard secondary zone for https://www.docsj.com/doc/e818752075.html,. You configure DC1 as the
master server for the zone.
You need to ensure that Server1 receives zone updates from DC1.
What should you do?
A.On Server1, add a conditional forwarder.
B.On DC1, modify the permissions of https://www.docsj.com/doc/e818752075.html, zone.
C.On DC1, modify the zone transfer settings for the https://www.docsj.com/doc/e818752075.html, zone.
D.Add the Server1 computer account to the DNSUpdateProxy group.
Answer: C
QUESTION 4
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
A domain controller named DC1 has a standard primary zone for https://www.docsj.com/doc/e818752075.html,. A domain controller named DC2 has a standard secondary zone for https://www.docsj.com/doc/e818752075.html,.
You need to ensure that the replication of the https://www.docsj.com/doc/e818752075.html, zone is encrypted. You must not lose any zone data.
What should you do?
A.On both servers, modify the interface that the DNS server listens on.
B.Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.
C.Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.
D.Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone. Answer: B
QUESTION 5
.Your network consists of a single Active Directory domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You plan to create a new Active
Directory-integrated zone.
You need to ensure that the new zone is only replicated to four of your domain controllers. What should you do first?
A.Create a new delegation in the ForestDnsZones application directory partition.
B.Create a new delegation in the DomainDnsZones application directory partition.
C.From the command prompt, run dnscmd and specify the /enlistdirectorypartition parameter.
D.From the command prompt, run dnscmd and specify the /createdirectorypartition parameter.
Answer: D
QUESTION 6
.Your network consists of a single Active Directory domain. You have a domain controller and a member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client computers run either Windows XP Service Pack 3 or Windows 7. You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone.
You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone.
What should you do first?
A.On the member server, add a conditional forwarder.
B.On the member server, install Active Directory Domain Services.
C.Add all computer accounts to the DNSUpdateProxy group.
D.Convert the standard primary zone to an Active Directory-integrated zone. Answer: D
QUESTION 7
.Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link.
You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server.
What should you do?
A.Clear the cache on DNS2.
B.Reload the zone on DNS1.
C.Refresh the zone on DNS2.
D.Export the zone from DNS1 and import the zone to DNS2.
Answer: C
QUESTION 8
You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
What is the minimal forest functional level that you should use?
A.Windows Server 2008 R2
B.Windows Server 2008
C.Windows Server 2003
D.Windows 2000
Answer: C
QUESTION 9
Your company has a single Active Directory domain named https://www.docsj.com/doc/e818752075.html,. All domain controllers run Windows Server 2008 R2. The domain functional level is Windows 2000 native and the forest functional level is Windows 2000.
You need to ensure the UPN suffix for https://www.docsj.com/doc/e818752075.html, is available for user accounts. What should you do first?
A.Raise the https://www.docsj.com/doc/e818752075.html, forest functional level to Windows Server 2003 or higher.
B.Raise the https://www.docsj.com/doc/e818752075.html, domain functional level to Windows Server 2003 or higher.
C.Add the new UPN suffix to the forest.
D.Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to https://www.docsj.com/doc/e818752075.html,.
Answer: C
QUESTION 10
.Your company, A. Datum Corporation, has a single Active Directory domain named https://www.docsj.com/doc/e818752075.html,. The domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain controllers also run DNS servers.
The https://www.docsj.com/doc/e818752075.html, DNS zone is configured as an Active Directory-integrated zone with the Dynamic updates setting configured to Secure only. A new corporate security policy requires that the
https://www.docsj.com/doc/e818752075.html, DNS zone must be updated only by domain controllers or member servers.
You need to configure the
https://www.docsj.com/doc/e818752075.html, zone to meet the new security policy requirement.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Remove the Authenticated Users account from the Security tab of the
https://www.docsj.com/doc/e818752075.html, DNS zone properties. B.Assign the SELF Account Deny on Write permission on the Security tab of the https://www.docsj.com/doc/e818752075.html, DNS zone properties. C.Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the https://www.docsj.com/doc/e818752075.html,
DNS zone properties.
D.Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the
https://www.docsj.com/doc/e818752075.html, DNS zone properties. Answer: AD
QUESTION 11
.Your company has an Active Directory forest that contains only Windows Server 2008 domain controllers.
You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain controllers.
Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Run the adprep /forestprep command.
B.Run the adprep /domainprep command.
C.Raise the forest functional level to Windows Server 2008.
D.Raise the domain functional level to Windows Server 2008.
Answer: AB
QUESTION 12
.Your company has a single Active Directory domain. All domain controllers run Windows Server 2003.
You install Windows Server 2008 R2 on a server.
You need to add the new server as a domain controller in your domain.
What should you do first?
A.On the new server, run dcpromo /adv.
B.On the new server, run dcpromo
/createdcaccount.
C.On a domain controller run adprep
/rodcprep.
D.On a domain controller, run adprep
/forestprep.
Answer: D
QUESTION 13 .Your company has two Active Directory forests as shown in the following table:
The forests are connected by using a
two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the https://www.docsj.com/doc/e818752075.html, domain to access resources in the https://www.docsj.com/doc/e818752075.html, domain.
You need to configure the forest trust to meet the new security policy requirement.
What should you do?
A.Delete the outgoing forest trust in the https://www.docsj.com/doc/e818752075.html, domain.
B.Delete the incoming forest trust in the https://www.docsj.com/doc/e818752075.html, domain.
C.Change the properties of the existing incoming forest trust in the https://www.docsj.com/doc/e818752075.html, domain from Forest-wide authentication to Selective authentication.
D.Change the properties of the existing outgoing forest trust in the https://www.docsj.com/doc/e818752075.html, domain to exclude *https://www.docsj.com/doc/e818752075.html, from the Name Suffix Routing trust properties. Answer: D
QUESTION 14
.You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2.
You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller. You create the site link between Site1 and Site2.
What should you do next?
https://www.docsj.com/doc/e818752075.html,e the Active Directory Sites and Services
console to configure a new site link bridge
object.
https://www.docsj.com/doc/e818752075.html,e the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.
https://www.docsj.com/doc/e818752075.html,e the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.
https://www.docsj.com/doc/e818752075.html,e the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.
Answer: C
QUESTION 15
.Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003.
You upgrade all domain controllers to Windows Server 2008 R2.
You need to ensure that the Sysvol share replicates by using DFS Replication (DFS-R). What should you do?
A.From the command prompt, run netdom
/reset.
B.From the command prompt, run dfsutil
/addroot:sysvol.
C.Raise the functional level of the domain to Windows Server 2008 R2.
D.From the command prompt, run dcpromo /unattend:unattendfile.xml.
Answer: C
QUESTION 16
.Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller. The Active Directory site requires a local Global Catalog server to support a new application.
You need to configure the domain controller as a Global Catalog server.
Which tool should you use?
A.The Dcpromo.exe utility
B.The Server Manager console
C.The Computer Management console
D.The Active Directory Sites and Services console
E.The Active Directory Domains and Trusts console
Answer: D
QUESTION 17
.Your company has a main office and 10 branch offices. Each branch office has an Active Directory site that contains one domain controller. Only domain controllers in the main office are configured as Global Catalog servers.
You need to deactivate the Universal Group Membership Caching option on the domain controllers in the branch offices.
At which level should you deactivate the Universal Group Membership Caching option?
A.Site
B.Server
C.Domain
D.Connection object
Answer: A
QUESTION 18
.Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain.
You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21... and that no account name is listed.
You need to list the account names.
What should you do?
A.Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B.Modify the schema to enable replication of the friendlynames attribute to the Global
Catalog.
C.Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D.Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
Answer: D
QUESTION 19
.Your company has an Active Directory domain.
You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC).
You need to access the Active Directory Schema snap-in.
What should you do?
A.Register Schmmgmt.dll.
B.Log off and log on again by using an account that is a member of the Schema Admins group.
https://www.docsj.com/doc/e818752075.html,e the Ntdsutil.exe command to connect to the schema master operations master and open the schema for writing.
D.Add the Active Directory Lightweight Directory Services (AD/LDS) role to the domain controller by using Server Manager. Answer: A
QUESTION 20
Your company has two domain controllers named DC1 and DC2. DC1 hosts all domain and forest operations master roles.
DC1 fails.
You need to rebuild DC1 by reinstalling the operating system. You also need to rollback all operations master roles to their original state. You perform a metadata cleanup and remove all references of DC1.
Which three actions should you perform next?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Exam C
QUESTION 1
.You are decommissioning one of the domain controllers in a child domain. You need to transfer all domain operations master roles within the child domain to a newly installed domain controller in the same child domain. Which three domain operations master roles should you transfer?
(Each correct answer presents part of the solution. Choose three.)
A.RID master
B.PDC emulator
C.Schema master
D.Infrastructure master
E.Domain naming master
Answer: ABD
QUESTION 2
.Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the schema master role.
DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the schema master role.
You need to ensure that DC2 holds the
schema master role.
What should you do?
A.Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
B.Configure DC2 as a bridgehead server.
C.On DC2, seize the schema master role.
D.Log off and log on again to Active Directory by using an account that is a member of the Schema Admins group. Start the Active Directory Schema snap-in.
Answer: C
QUESTION 3
.You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller.
Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.)
A.RID master
B.PDC emulator
C.Schema master
D.Infrastructure master
E.Domain naming master
Answer: CE
QUESTION 4
.Your company has a server that runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to create new organizational units in the AD LDS application directory partition. What should you do?
https://www.docsj.com/doc/e818752075.html,e the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
https://www.docsj.com/doc/e818752075.html,e the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.
https://www.docsj.com/doc/e818752075.html,e the dsadd OU
https://www.docsj.com/doc/e818752075.html,e the dsmod OU
QUESTION 5
.Your company has a server that runs Windows Server 2008 R2. The server runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to replicate the AD LDS instance on a test computer that is located on the network.
What should you do?
A.Run the repadmin /kcc
B.Create a naming context by running the Dsmgmt command on the test computer.
C.Create a new directory partition by running the Dsmgmt command on the test computer.
D.Create and install a replica by running the AD LDS Setup wizard on the test computer. Answer: D
QUESTION 6
.Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.
You need to configure AD RMS so that users are able to protect their documents.
What should you do?
A.Install the AD RMS client 2.0 on each client computer.
B.Add the RMS service account to the local administrators group on the AD RMS server.
C.Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D.Upgrade the Active Directory domain to the functional level of Windows Server 2008. Answer: C
QUESTION 7
.Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005.
When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You need to open the AD RMS administration Web site. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Restart IIS.
B.Install Message Queuing.
C.Start the MSSQLSVC service.
D.Manually delete the Service Connection Point in Active Directory Domain Services (AD DS) and restart AD RMS.
Answer: AC
QUESTION 8
.Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use?
A.Dsmod.exe
B.Ntdsutil.exe
C.Active Directory Sites and Services
D.Active Directory Users and Computers Answer: D
QUESTION 9
.Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do?
A.Add and configure a new account store.
B.Add and configure a new account partner.
C.Add and configure a new resource partner.
D.Add and configure a Claims-aware application.
Answer: A
QUESTION 10
.A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?
A.Prestage the computer account in the Active Directory domain.
B.Add the user to the Domain Administrators group for one day.
C.Add the user to the Server Operators group in the Active Directory domain.
D.Grant the user the right to log on locally by using a Group Policy Object (GPO). Answer: A
QUESTION 11
.Your company's security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled.
What should you do?
A.Modify the userAccountControl attribute to disabled. Run the csvde -i -k -f import.csv command. Run the DSMOD utility to set
default passwords for the user accounts.
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.
D.Modify the userAccountControl attribute to disabled. Run the ldifde -i -f import.csv command. Run the DSADD utility to set passwords for the imported user accounts. Answer: A
QUESTION 12
.Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office.
What should you do?
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group. Answer: B
QUESTION 13
.You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal?
(Each correct answer presents a complete solution. Choose two.)
A.Run the Dsmove utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility. Answer: AC
QUESTION 14
.You want users to log on to Active Directory by using a new User Principal Name (UPN). You need to modify the UPN suffix for all user accounts.
Which tool should you use?
A.Dsmod
https://www.docsj.com/doc/e818752075.html,dom
C.Redirusr
D.Active Directory Domains and Trusts Answer: A
QUESTION 15
.You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do?
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application. Answer: C
QUESTION 16
.Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal?
(Each correct answer presents a complete solution. Choose two.)
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
Answer: BD
QUESTION 17
.Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group.
You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit.
What should you do next?
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
Answer: A
QUESTION 18
.Your company has an Active Directory forest. The company has branch offices in three locations.
Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
B.Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
C.Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.
D.Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
Answer: AD
QUESTION 19
.Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary
company must use the French-language version of the administrative templates.
You create a folder on the PDC emulator for the subsidiary domain in the
path %systemroot%\SYSVOL\domain\Policies\ PolicyDefinitions\FR.
You need to ensure that the French-language version of the templates is available.
What should you do?
A.Download the Conf.adm, System.adm,
Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.
B.Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
C.Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
D.Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
Answer: B
QUESTION 20
.A server named DC1 has the Active Directory Domain Services (AD?DS) role and the Active Directory Lightweight Directory Services (AD?LDS) role installed. An AD?LDS instance named LDS1 stores its data on the C: drive. You need to relocate the LDS1 instance to the D: drive. Which three actions should you perform in sequence? (To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.) Answer:
Exam D
QUESTION 1
.Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.
Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You need to configure your partner company's domain to use the approved set of administrative templates. What should you do?
https://www.docsj.com/doc/e818752075.html,e the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.
B.Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.
C.Copy the ADML files from your company's
PDC emulator to the PolicyDefinitions folder
on the partner company's PDC emulator.
D.Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner company's PDC emulator. Answer: B
QUESTION 2
.Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3.
You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store. What should you do?
A.Add your account to the Domain Admins group.
B.Upgrade your client computers to Windows
7.
C.Install .NET Framework 3.0 on your client computers.
D.Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder. Answer: B
QUESTION 3
.Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.
The registry modifications are in a file that has an .adm extension.
You need to prepare the target computers for the application.
What should you do?
A.Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B.Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
C.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
D.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.
Answer: A
QUESTION 4
.Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups.
You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.
You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources.
What should you do?
A.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
B.Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
C.Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.
D.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.
Answer: A
QUESTION 5
.All consultants belong to a global group named TempWorkers.
You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders.
You need to record any failed attempts made by the consultants to access the confidential data.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
B.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
C.Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
D.On each shared folder on the three file servers, add the three servers to the Auditing tab.
Configure the Failed Full control setting in the Auditing Entry dialog box.
E.On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
Answer: BE
QUESTION 6
.Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA.
You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit.
What should you do?
A.Run secedit /configure /db iis.inf from the command prompt on IISServerA, and then run secedit /configure /db webou.inf from the command prompt.
B.Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.
C.Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the command prompt.
D.Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.
Answer: B
QUESTION 7
.Your company has an Active Directory forest that contains client computers that run Windows Vista and Windows XP.
You need to ensure that users are able to install approved application updates on their computers.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Set up Automatic Updates through Control Panel on the client computers.
B.Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search for updates on the Microsoft Update site.
C.Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Windows Server Update Services (WSUS) server for approved updates.
D.Install the Windows Server Update Services
(WSUS). Configure the server to search for new updates on the Internet. Approve all required updates.
Answer: CD
QUESTION 8
.Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department.
You need to install a Microsoft Office 2007 application only on the computers in the Sales organizational unit.
You create a GPO named SalesApp GPO. What should you do next?
A.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
Answer: D
QUESTION 9
.Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations: - London
- Chicago
- New York
- Madrid
Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department. The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection.
You need to install an application on all the computers in the sales department.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Disable the slow link detection setting in the Group Policy Object (GPO).
B.Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).
C.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. Link the GPO to each Sales organizational unit.
D.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GPO to each Sales organizational unit.
Answer: AD
QUESTION 10
.Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales organizational units.
You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units.
What should you do?
A.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign
the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
Answer: D
QUESTION 11
.The default domain GPO in your company is configured by using the following account policy settings:
- Minimum password length: 8 characters
- Maximum password age: 30 days
- Enforce password history: 12 passwords remembered
- Account lockout threshold: 3 invalid logon attempts .Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights.
The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out.
You need to resolve the server failure and prevent recurrence of the failure.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Reset the password of the SQLSrv user account.
B.Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user account.
C.Configure the properties of the SQLSrv account to Password never expires.
D.Configure the properties of the SQLSrv account to User cannot change password.
E.Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the Allow logon locally user right. Answer: AC
QUESTION 12
.You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A.Set the Minimum password age setting to one day.
B.Set the Maximum password age setting to one day.
C.Set the Account lockout duration setting to
5 minutes.
D.Set the Reset account lockout counter after setting to 5 minutes.
E.Set the Account lockout threshold setting to
3 invalid logon attempts.
F.Set the Enforce password history setting to 3 passwords remembered.
Answer: CDE
QUESTION 13
.Your company has an Active Directory domain.
A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain.
What should you do?
A.Modify the properties of the user account to set the account to never expire.
B.Modify the properties of the user account to extend the Logon Hours setting.
Windows Server 2008系统安装教程
Windows Server 2008系统安装教程 安装Windows Server 2008系统,微软官方给出了主机的推荐配置: Windows Server 2008 Beta3 提供了三种安装方法: 1、用安装光盘引导启动安装; 2、从现有操作系统上全新安装; 3、从现有操作系统上升级安装。 主要介绍用安装光盘引导启动安装,其他方法安装也差不多的! 首先将电脑第一启动设置为光驱启动,由于主板厂商的不同,我们无法确定您的设定方式与我们完全相同,所以本部分请使用者自行参考主板说明书的"BIOS配置设定"章节.
Part 2.正在启动安装程序正在启动安装程序,加载boot.wim,启动PE环境,稍候片刻..... ↑启动安装程序 安装程序启动安装程序启动,选择您要安装的语言类型,同时选择适合自己的时间和货币显示种类及键盘 和输入方式。
4.点击“现在安装”,开始安装 ↑现在安装 Part5.输入“产品密钥” 输入“产品密钥”,许可协议,废话当然接受。当然您也可以不在这里输入“产品密钥”,而直接点击下一步,这时会出现一个警告,点击“否”即可。然后在出现的列表中选择你所拥有的密钥 代表的版本,同时把下面的复选框的勾打上。
7.选择安装类型 选择安装类型,升级or 自定义(推荐),当然如果您选择的是“用安装光盘引导启动安装”,你们升级是不可用的。
↑选择安装类型 Part8.设置安装分区 下面就可以设置安装分区了。安装Windows Server 2008的话你需要一个干净的大容量分区,否则安装之后分区容量就会变得很紧张。需要特别注意的是,Windows Server 2008只能被安装在NTFS格式分区下,并且分区剩余空间必须大于8G。如果您使用了一些比较不常见的存储子系统,例如SCSI、RAID、或者特殊的SATA硬盘,安装程序无法识别您的硬盘,那么您需要在这里提供驱动程序。点击“加载驱动程序”图标,然后按照屏幕上的提示提供驱动程序,即可继续。当然,安装好驱动程序后,您可能还需要点击“刷新”按钮让安装程序重新搜索硬盘。如果您的硬盘是全新的,还没有使用过,硬盘上没有任何分区以及数据,那么接下来还需要在硬盘上创建分区。这时候您可以点击“驱动器选项(高级)”按钮新建分区或者删除现有分区(如果是老硬盘的话)。同时,您也可以在“驱动器选项(高级)”您可以方便的进行磁盘操 作,如删除、新建分区,格式化分区,扩展分区等等.
用户组及文件夹权限的初步设置
实验一:文件夹权限的初步设置 实验目的: 1.掌握文件夹权限初步设置方法。 实验内容: 1.用管理员登录,在C盘建一个文件夹,选中这个文件夹-右键-属 性-安全-高级——把“允许把来自父系的可继承权限传播给该对象” 前面的“√”去掉,再选删除,确定。双击该文件夹,能否打开(不能),为什么(任何用户都没有权限打开)?再进入该文件夹的ACL,为管理员添加写权力,双击该文件夹,能否打开(不能)。复制一个文件,选中该文件夹后,粘贴。(等下一步能够进入文件夹时看它时否存在)再进入该文件夹的ACL,为管理员添加只读属性,双击该文件夹,能否打开(能),是否已经有一个文件(存在),这时新建一个文件夹,能否改名(不能更改)。 为该管理员授什么权力,管理员才可能改变该文件夹中文件的名字(修改权限)。通过这个题大家要知道,在NTFS系统下,文件只有获得明确的授权以后,才可以使用,并且不可超出给定的权力。另外要知道读、写、修改权力的区别。 2.建立2个用户,再建一个组,把其中1个用户加入到这个组,在C 盘建一个文件夹,允许该组完全控制,管理员打开该文件夹(不能)?以组中的一个用户登录,能否打开该文件夹(可以)?以组中不包括的用户登录,能否打开该文件夹(不能)?如果不删除everyone,管理员能否打开该文件夹(可以)。 二、思考题 1.删除用户的提示信息是什么?
2.一个用户可不可以属于不同的组(可以)?同一个组中的用户权力是否相同(不同)? 3.如何使一个文件夹只允许某一个用户访问?(属性→安全→编辑→添加→高级→立即查找→只选择一个用户→确定.) 管理员能不能打开它?(不能) 09计师本2 黄昊090801251
windows_2003server共享文件夹权限设置问题
windows 2003server共享文件夹权限设置问题 WINDOWS-2003-SERVER共享设置很罗唆,罗索的代价是换来点点安全,个人认为WINDOWS、NETWARE、UNIX、LINUX这些服务器操作系统里还是UNIX、LINUX最好,安全简单易于操作。WIN2003SERVER用在普通服务器和简单管理上还是不错的,毕竟是窗口界面,易于操作。写这些很麻烦,光截图就够我受的,希望能给与你一些帮助,共同交流学习!以下灌水贴多,不要怪罪! (图片截取、软件环境来自Windows 2003 Server企业正版用户,XP来自正版专业版) W2003设置共享文件有4种方式,你可以看系统帮助文件有介绍的,在索引里键入“共享”查看相关主题,里面介绍了3种方法,文件夹直接设置,计算机管理共享设置,命令行设置。我贴些图是介绍文件夹共享设置和计算机管理设置。首先你要开启部分网络共享服务,在管理工具的服务项目里找。安全设置服务里可以设置网络登陆用户帐号保留的时间长短,
先开始设置文件共享。 假设你的公司有老板,部门经理,普通人员访问共享,老板可以查看所有共享并修改,部门经理查看所有共享但不能修改,普通人员只能查看部门制定的文件,怎样让他们有不同权限和级别,关键看你对他们用户权限的定义。 假设老板取用户名为ADMIN,部门经理取名为:EASY,普通人员取名为:TEMP, 那么首先打开【开始】【管理工具】【计算机管理】中的【本地用户和组】,一一将这些用户添加进去,记住这三个用 户均要设置密码,并且密码均不一样。
当ADMIN EASY TEMP 帐号都添加进去后,记住把用户列表里的Guest Everyone用户停用了,就是右键点击属性,把账户已禁用这个复选框打上勾。 当所有用户都已添加完成时,然后就是给这些用户赋予权限了,赋予权限的不同,所操作共享的级别也不同。 点击计算机管理左边目录树的组文件夹,在右边窗口空白处点击右键,选择添加新组。
Win7下Ms_Sql_Server2008安装图解
Win7常用软件安装之Ms Sql Server2008安装图解 注意: 1. 先走控制面板里找到iis安装,步骤如下 点“程序”, 点“打开或关闭Windows功能”
在“Internet information servers 可承载的web核心”上打勾,点确定,ok 2. 安装vs2008sp1,在微软官网可下载,要先安装vs后才可以安装sp1,下载安装 打开
安装vs sp1成功,继续sqlservers2008安装: 安装SQL2008的过程与SQL2005的程序基本一样,只不过在安装的过程中部分选项有所改变,当然如果只熟悉SQL2000安装的同志来说则是一个革命性的变动。 -------------------------------------------------------------- 开始学习数据库,准备安装SQL Server 2008,在微软网站找到了下载地址,3.28G,之所以这么大,是因为该ISO 文件同时包含了IA64、64、x86 三种版本,x86 约占1.5G 多一些,直接下载地址如下: https://www.docsj.com/doc/e818752075.html,/download/B/8/0/B808AF59-7619-4A71-A447-F597DE74A C44/SQLFULL_CHS.iso 如果你的机器上已安装有Visual Studio 2008,在安装之前最好安装Visual Studio 2008 SP1,为什么这么做?偶也不知道,只是SQL Server 2008 发行说明中有此一条,我也没试过不安装SP1 有什么后果。 开始安装,启动,出现了一个CMD 窗口,真不知道微软的开发人员是怎么想的,用命令行程序做载入和系统检查,而且这个CMD 窗口会一直持续到安装结束。 安装程序风格变化很大,相较2005 也有很大变化:
服务器文件共享权限设置方法说明
服务器文件共享权限设置方法说明 随着企业的发展,利用计算机进行信息化管理变得越来越重要。员工进行计算机协同工作时,很多文件、资料需要共享。然而普通的共享方式对于很多信息是不安全的,因此我们需要对共享的权限进行控制,让不同身份的用户对文件夹、文件具有不同的访问权限。 下面就是设置权限访问的具体实施方法: 一、需求分析 1、为每个部门建立一个文件夹,文件夹允许对应部门的人员进行完全权限的访问,领导可进行只读访问,其他人员不能访问。 2、建立“常用软件”文件夹,计算机管理人员可以进行完全权限访问,其他人员进行只读访问。 3、建立“公司发文”文件夹,发文人员进行读写访问,其他人员进行只读访问。 4、建立“中转站”文件夹,用于人员之间的资料互换,所有人员具有读写权限。 5、建立“常用报表”文件夹,其中设立各类报表的子文件夹,并对子文件夹设立权限。 需要修改其中内容的人员具有读写权限,只需查看的人员具有只读权限,其他人员无权访问。(具体人员和相关访问权限另附) 二、设备配置 1、购买一台服务器计算机,并建好局域网。 2、服务器上安装Windows服务器操作系统,如Windows Server 2003。 3、安装文件服务器,文件服务器是Windows Server的一个组件。 4、服务器上至少有一个NTFS格式的磁盘分区,用于存放共享的资源。 三、文件夹建立 1、在NTFS格式的分区上建立一个文件夹作为共享根目录。 2、在根目录下建立各个分目录文件夹。如常用软件、常用报表、中转站、人力部、技术部、进出口部等。 3、在分目录下建立子目录文件夹。如常用报表下的生产日报表、船期表、纸样图等。 四、建立用户和组
Windows Server 2008 R2文件服务器群集
一、准备工作: 注:此实验可在VMWare WorkStation中完成!(一)服务器相关参数: 1. DC Server OS: Windwos Server 2008 R2 AD Name: https://www.docsj.com/doc/e818752075.html, Hostname: Mail IP: 192.168.1.226/24 dg: 192.168.1.1 DNS: 192.168.1.226 DNS: 202.96.209.133 2. Node FileServer OS: Windwos Server 2008 R2 AD Name: https://www.docsj.com/doc/e818752075.html, Hostname:FileSVR Heartbeat: 10.0.0.1/8 IP: 192.168.1.224/24 dg: 192.168.1.1 DNS: 192.168.1.226 DNS: 202.96.209.133 3. Node SQLServer OS: Windwos Server 2008 R2 AD Name: https://www.docsj.com/doc/e818752075.html, Hostname: SQLSVR Heartbeat: 10.0.0.2/8 IP: 192.168.1.225/24 dg: 192.168.1.1 DNS: 192.168.1.226 DNS: 202.96.209.133 4. Cluster Node Server IP: 192.168.1.203/24 Hostname: ClusterServer FS 二、安装文件服务角色: 注:在FilesSVR和SQLSVR服务器上分别安装文件服务
1. 开始 ---> 所有程序 ---> 管理工具 ---> 服务器管理器 ---> 角色 ---> 添加角色 ---> 文件服务 2. 点击下一步……直到下图为止
文件夹无法访问拒绝访问:您无权查看或编辑目前 (该文件夹名) 的权限设置。
问题描述: 原来安装了win7和xp双系统(前几天瞎折腾的),后来重新换为XP(折腾),然后原来设置为win7桌面的一个D盘里的文件夹就无法访问了。具体现象如下所述。 双击文件夹,提示: 无法访问d:/用户拒绝访问 去掉简单文件夹共享复选框后,然后右键-属性,点击“安全”选项卡时,提示: 您无权查看或编辑目前(该文件夹名)的权限设置;但是,您可以取得所有权或更改审核设置 可能的原因: NTFS格式分区下,重新装系统前win7系统对该文件夹设置了访问权限,在重新装为xp 系统之后找不到win7下的那个用户了,所以需要重新设置用户及其权限. 参考解决方案: 用管理员账号登陆,在文件夹的属性里,找安全-高级-所有者,然后指定一个管理员账号,同时选择“ 替换子容器及对象的所有者”点应用,然后再给这个文件夹添加管理员权限即可。详细的步骤参考如下: 1、在工具-文件夹选项中取消“使用简单共享”。见图一所示:
图一 2、右键单击您希望获得其所有权的文件夹,然后单击“属性”,选择“安全”标签,此时出现一个提示,说你现在不能编辑权限,但是可以取得所有权或者更改权限设置。见图二所示: 图二
3、点击确定,单击下面的“高级”,然后单击“所有者”选项卡。如图三所示: 图三 4、在“名称”列表中,单击您的用户名,如果您是作为管理员登录的,请单击“Administrator”,或者单击“Administrators”组。如果您希望获得该文件夹内容的所有权,请单击以选中“替换子容器及对象的所有者”复选框。如图四所示:
图四 5、点击确定,可以看到“安全”下的组或“用户名称”列表下已经加入了管理员用户。确定后该文件夹即可正常打开了。如图五所示:
电脑共享文件夹权限设置
共享文件夹权限设置问题 WINDOWS-2003-SERVER共享设置很罗唆,罗索的代价是换来点点安全,个人认为WINDOWS、NETWARE、UNIX、LINUX这些服务器操作系统里还是UNIX、LINUX最好,安全简单易于操作。WIN2003SERVER用在普通服务器和简单管理上还是不错的,毕竟是窗口界面,易于操作。写这些很麻烦,光截图就够我受的,希望能给与你一些帮助,共同交流学习!以下灌水贴多,不要怪罪! (图片截取、软件环境来自Windows 2003 Server企业正版用户,XP来自正版专业版) W2003设置共享文件有4种方式,你可以看系统帮助文件有介绍的,在索引里键入“共享”查看相关主题,里面介绍了3种方法,文件夹直接设置,计算机管理共享设置,命令行设置。我贴些图是介绍文件夹共享设置和计算机管理设置。 首先你要开启部分网络共享服务,在管理工具的服务项目里找。安全设置服务里可以设置网络登陆用户帐号保留的时间长短, 先开始设置文件共享。 假设你的公司有老板,部门经理,普通人员访问共享,老板可以查看所有共享并修改,部门经理查看所有共享但不能修改,普通人员只能查看部门制定的文件,怎样让他们有不同权限和级别,关键看你对他们用户权限的定义。 假设老板取用户名为ADMIN,部门经理取名为:EASY,普通人员取名为:TEMP, 那么首先打开【开始】【管理工具】【计算机管理】中的【本地用户和组】,一一将这些用户添加进去,记住这三个用户均要设置密码,并且密码均不一样。 当ADMIN EASY TEMP 帐号都添加进去后,记住把用户列表里的Guest Everyone用户停用了,就是右键点击属性,把账户已禁用这个复选框打上勾。 当所有用户都已添加完成时,然后就是给这些用户赋予权限了,赋予权限的不同,所操作共享的级别也不同。 点击计算机管理左边目录树的组文件夹,在右边窗口空白处点击右键,选择添加新组。 设定一个组名成为KAKA,然后再点击界面上的【添加】按钮,弹出对话框,点击【高级】,弹出对话框,点击【立即查找】,这是现面就显示出刚才你添加的哪几个用户了,双击admin,返回了上一个对话框,这是你看到ADMIN用户已添加到白色的添加框里了,再点击【高级】【立即查找】,双击easy,返回上一个对话框,再点击【高级】【立即查找】,双击temp,返回上一个对话框,如图所示,这时候这三个用户就都添加进去了,点击【确定】按钮,点击下个对话框里的【创建】按钮!点击【关闭】OK! 然后你在点击目录树用户文件夹,接着返回用户对话框里,右键点击TEMP用户属性,点【隶属于】标签,发现temp用户隶属于两个组,删处Users这个隶属组,让TEMP用户直隶属于KAKA这个组,依次改了ADMIN,EASY两个用户的隶属,让这三个用户只属于KAKA组,为什么这样做,是因为如果他们属于两个组,当你设置某些文件夹共享属性时,当他们无法以KAKA组用户成员查看时,却可以换身份以其他组成员身份进入,这样你设置的共享权限密码也就失去作用了。 至此,这三个用户身份的界定以完成。开始设置他们在共享文件夹中担当的角色和级别了 假设我们在C盘有一个wmpub文件夹要设置在网络中共享,让大家都可以看到,该文件夹里面又有三个文件夹,一个caiwu一个tools一个wmiislog,3文件夹让经理和老板看到,并且老板可以修改任何一个文件
window server 2008 文件服务器配置共享文件的方法
window server 2008 文件服务器配置共享文件的方法 window server 2008这个版本的操作系统目前在很多企业的文件服务器上使用还是很频繁的,今天小编就来跟大家分享下使用window server 2008的文件服务器该如何配置共享文件供局域网内的员工使用以及是如何配置组、用户、权限的,再介绍完具体方法之后,小编还会跟大家介绍下目前主流的共享文件管理系统的操作方法供大家参考,方便大家对所在企业共享文件权限的实际情况采用最合适的解决办法。 一、window server 2008配置共享文件。 1、在电脑桌面依次点击开始—管理工具—服务器管理器。 2、在服务器管理器窗口左侧菜单中依次点击展开配置—本地组和用户,然后选中其下的用户。
3、在右侧窗口中点击右键,在弹出的窗口中点击新用户。 4、在新用户窗口中根据企业内部员工名称输入用户名和密码,最后点击创建即可。
5、根据上述新用户的创建方法,给企业内部每名员工都新建一个账号,全部新建完成后在左侧点击组。 6、在右侧窗口空白处点击右键,在弹出的菜单中点击新建组。
7、在新建组窗口组名中输入企业部门名称,然后在下方点击添加。 8、在选择用户窗口中左下方点击高级,在弹出的菜单中点击立刻查找,在搜索结果中找到并选中属于企划部分组的用户(根据实际员工分属的部门来选择),最后依次点击确定、创建返回服务器管理器,这样一个分组就建立好了。
9、通过上述方法把所有分组(部门)都建立起来,然后找到需要设置共享文件的文件,在其上方点击右键,在弹出的菜单中点击属性。 10、在属性窗口上方找到并点击共享,在共享选项卡下方找到并点击高级共享。
Windows Server 2008 R2系统安装与设置
Windows Server 2008 R2系统安装与设置 本安装及设置教程适用于使用Windows2008R2为操作系统的服务器,目的是让服务器实现下列环境。 语言脚本环境:ASP、https://www.docsj.com/doc/e818752075.html,1.1、https://www.docsj.com/doc/e818752075.html,2.0、https://www.docsj.com/doc/e818752075.html,3.0、https://www.docsj.com/doc/e818752075.html,3.5、PHP (FastCGI模式)。 数据库环境:Access、MSSQL、MySQL。 FTP环境:Ser-U 常见组件:AspJpeg、Jmail、LyfUpload、动易、ISAPI_ReWrite。 一、系统准备 操作系统:Windows2008R2原版安装文件、服务器硬件驱动程序、SQL SERVER2000安装盘、SQL SERVER2000SP4补丁,MySQL安装包,PHP压缩包,Zend Optimizer安装包,Serv-U 10.0.6,Aspjpeg 2.0,JMail 4.5,LyfUpload,动易组件 1.8.6,ISAPI_ReWrite,GHOST。 Windows2008R2和SQL SERVER2000安装文件可以购买正版光盘或其他途径获得。Windows2008R2最好是原版,SQL SERVER2000可以选择企业版或者标准版。SQL SERVER2000SP4可以直接从微软网站下载获得。服务器硬件驱动应该在购买服务器的同时附带了。 MySQL安装文件,PHP安装文件,Zend Optimizer安装文件可以到其官方网站免费下载,或到其他下载网站获得。Serv_U,Aspjpeg,Jmail,LyfUpload,动易组件,ISAPI_ReWrite和GHOST等均可以通过购买或者其他途径来获得。 二、系统安装
SQL_2008安装教程(完整版)
Win 7 win xp系统中SQL2008安装注意事项一:SQL2008 镜像下载地址 二:VS-2008 sp1补丁程序下载地址: https://www.docsj.com/doc/e818752075.html,/s?wd=vs2008%20sp1%B2%B9%B6%A1%CF%C2 %D4%D8&rsp=2&oq=VS2008%20sp1&f=1&tn=msvista_dg&ch=1 三:需要准备好sql2008的序列号 开发版(Developer): PTTFM-X467G-P7RH2-3Q6CG-4DMYB 企业版(Enterprise): JD8Y6-HQG69-P9H84-XDTPG-34MBB) 四:1.安装SQL2008 必须先安装VS-2008补丁程序sp1 2.xp系统和win7系统的sql2008的镜像是不一样的(xp镜像微软二班的老师已经 发过) 五.安装过称中出现的问题及解决方法: 1.错误: 在创建窗口句柄之前,不能在控件上调用Invoke 或BeginInvoke 解决方法: 关闭IE:如下图
2. 错误: 检测时显示"重新启动计算机". 如下图: 解决方法:如下图: 1).开始菜单,运行,输入regedit.exe打开注册表 2)在HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager中找到PendingFileRenameOperations项目,并删除它(注意在要右边窗口中)。
3. 权限不够,建议用administrator 帐号登陆安装(注:默认情况下,WIN7下是把administrator禁用,开启administrator方法:右键计算机,管理,用户然后开 administrator
Windows Server 2008 R2 WEB 服务器安全设置指南(三)之文件夹权限设置
Windows Server 2008 R2 WEB 服务器安全设置指南(三)之文件夹权限设置 通过控制文件夹权限来提高站点的安全性。 这一篇权限设置包括二个方面,一个是系统目录、盘符的权限,一个是应用程序的上传文件夹权限设置。 系统目录 确保所有盘符都是NTFS格式,如果不是,可以用命令convert d:/fs:ntfs 转换为NTFS格式。 所有磁盘根目录只给system和administrators权限,其它删除。
其中系统盘符会有几个提示,直接确定就可以了。在做这步操作之前,你的运行环境软件必须都安装好以后才能做。不然可能会导致软件安装错误,记住一点所有安全性的操作设置都必须在软件安装完以后才能进行。 站点目录 每个网站对应一个目录,并为这个网站目录加上IUSR和IIS_IUSRS权限,都只给“列出文件夹内容”和“读取”权限。 例如我在D盘根目录下创建了一个wwwroot的目录,再在里面创建了一个https://www.docsj.com/doc/e818752075.html,的目录,这个目录里面放的是我的网站程序。其中wwwroot只要继存d盘的权限即可,而https://www.docsj.com/doc/e818752075.html,这个目录,我们需要再添加二个权限,即IUSR和IIS_IUSRS。
wwwroot权限: 站点目录权限:
一般的网站都有上传文件、图片功能,而用户上传的文件都是不可信的。所以还要对上传目录作单独设置。上传目录还需要给IIS_IUSRS组再添加“修改”、“写入”权限。
经过上面这样设置承在一个执行权限,一旦用户上传了恶意文件,我们的服务器就沦陷了,但是我们这里又不能不给,所以我们还要配合IIS来再设置一下。 在iis7以上版本里,这个设置非常的方便。打开IIS管理器,找到站点,选中上传目录,在中间栏IIS下双击打开“处理程序映射”,再选择“编辑功能权限”,把“脚本”前面的勾掉就可以了。
Windows_Server_2008_文件服务器资源管理器(FSRM)
Windows Server 2008 文件服务器资源管理器(FSRM) 数据可能以静态文件的形式存在,例如办公文档、图像信息以及电子表格等;也可能以数据库、事件日志、音频、视频数据流等形式存在。在这些情况下,信息都是作为文件集的形式存在并且允许管理。随着时间的推移,存储和维护的数据越来越多,查找和访问数据困难越来越大,文件集中管理的需求越来越迫切。 Windows Server 2008的文件服务是Windows管理体系架构中重要的组成部分,在功能上有了本质的提升,同时在保证文件安全方面也有了质的飞跃。Windows Server 2008的文件服务包括分布式文件系统(DFS)、磁盘配额、文件屏蔽等几个部分。 安装文件服务 在安装Windows Server 2008时,文件服务没有作为必选组件安装,需要网络管理员根据实际情况定制安装。 启动服务器管理器后,选择“角色”功能选项,单击“添加角色”超链接,启动“添加角色”向导,在“选择服务器角色”对话框的“角色”列表中选择“文件服务”,如图1所示。 根据向导提示继续安装文件服务,在“选择角色服务”对话框的“角色服务”列表中,选择需要安装的服务。Windows Server 2008中,将文件服务器、分布式文件系统、文件服务器资源管理器、网络文件系统服务以及Windows搜索服务集成在一起,这些服务均属于文件系统中的一部分。 根据选择的角色服务,启动不同的安装步骤,直至文件服务安装完成。 分布式文件系统
分布式文件系统(DFS)作为一种服务,使得网管员可以把局域网中不同服务器上的共享文件夹组织在一起,构建成一个目录逻辑树。用户不必知道这些共享文件夹到底在哪台服务器上,也不必一一搜索并映射他们,只需访问共享的DFS根目录,就能够很轻松地访问分布在网络上的文件或文件夹。 分布式文件系统将许多不同的逻辑磁盘分区或者卷标组合在一起形成完整的层次文件系统,为实际分布在网络上的资源提供了一个逻辑上的树型文件系统结构,从而为用户提供了访问网络上共享文件夹的简便途径。最主要的是,网络内的所有用户只要记住一个逻辑名称即可。 分布式文件系统有两种方式:一种是独立的根目录分布式文件系统,另一种是域分布式文件系统。 独立的根目录分布式文件系统,目录配置信息存储在本地主服务器上,访问根或链接的路径以主服务器名称开始,独立的根目录只有一个根目标,没有根级别的容错。因此,当根目标不可用时,整个DFS 名称空间都不可访问。 域分布式文件系统中,DFS拓扑信息被存储在活动目录中,因为该信息对域中多个域控制器都可用,所以该DFS为域中的所有分布式文件系统都提供了容错,其拓扑结构如图2所示。 磁盘配额 磁盘配额是一种基于用户和分区的文件存储管理。通过磁盘配额管理,网管员可以对本地用户或登录到本地电脑中的远程用户能够使用的磁盘空间进行合理分配,每一个用户只能使用网管员分配的磁盘空间。 磁盘配额对每一个用户都是透明的,当用户查询可以使用的磁盘空间时,系统只将配额允许的空间报告给用户,超过配额限制时,系统会提示磁盘空间已满。
Windows_Server_2008_R2安装图文教程
Windows Server 2008 R2安装图解 概述 Windows 7发布了服务器版本——Windows Server 2008 R2。同2008年1月发布的Windows Server 2008相比,Windows Server 2008 R2继续提升了虚拟化、系统管理弹性、网络存取方式,以及信息安全等领域的应用,其中有不少功能需搭配Windows 7。Windows Server 2008 R2 的出现,不只是为了再扩充Server 2008的适用性,如何以这些机制加速Windows 7在企业环境的普及化,更是重头戏。Windows Server 2008 R2 重要新功能包含︰Hyper-V加入动态迁移功能,作为最初发布版中快速迁移功能的一个改进;Hyper-V将以毫秒计算迁移时间。VMware公司的 ESX或者其它管理程序相比,这是Hyper-V功能的一个强项。并强化PowerShell对各服务器角色的管理指令。 安装 本安装过程以光盘安装方式进行讲解,其他的安装方式都具有相似性,不做过多说明。机器配置要求和Windows 7差不多。首先将电脑配置从CD-ROM启动(或者启动按快捷键调出bootmenu),出现“按任意键开始安装——”的英文提示按任意键开始进行安装过程。本教程以图解方式为主,间或文字进行说明。
出现选择安装语言等选项,我们当然是中文的,所以可以直接下一步,不用改变。
以下选择项,主要根据你的授权序列号和系统需求进行选择,当然,如果你只是进行测试性安装,你可以随便选择。本教程以企业版完全安装版进行讲解。
面安装,如果你对于条款不同意,你就可以结束安装。
如何进行共享文件夹权限设置迁移复制
如何进行共享文件夹权限设置迁移复制 首页系统网络管理共享文件夹权限设置文件权限迁移什么是权限共享权限管理 Permcopy.exesecurefilecopy4 如何进行共享文件夹权限设置迁移复制?Permcopy.exes和ecure file copy 4。同台 2003SERVER服务器,工作组管理,有个共用资料夹(里面有加了很多人的权限),移到另外一个盘中,里面多个使用者的权限还能有,如何能做到?(不用重新加一次使用权限) 我想大家都会遇到文件服务器进行更换主机或增加空间,有很多个人的共用资料夹需要进行移动,而移动后重加权限问题是个头痛的问题,如有哪位有更好的办法,能否提供出来供大家学习! xcopy方法和fsmgmt迁移工具我已经测试过,它只能把资料夹"安全性"中的权限COPY过去; 我需要的是下面这个功能的实现(前提是同台服务器): 资料夹右键"内容"--"共用"--"共用此资料夹"--"使用权限"中所新增加的使用者权限在COPY到另外一盘后,里面的使用者权限仍有; 我也清楚在同台服务器中,不能出现两个同名的共用资料夹,如果上面的功能能实现,我可以把原资料夹的共用停用后,再到新COPY过去的地方重做一次"共用此资料夹",这样我只需要把所COPY后的资料夹共用一次就OK,不用再去做对此资料夹进行"使用权限"的增加动作; 像我们公司有上百个这样的共用用户资料夹,每个共用资料夹中都有多个使用者的权限,如果遇 到服务器硬件空间升级或换新机,利用上述功能,可以大大地节省时间; 回答:根据我的研究,您可以使用带/O/X/E/H/K 开关的Xcopy 命令复制文件并保留已明确应用于这些文件的现有权限。 将一个文件夹复制到另一个文件夹中并保留其权限 1. 单击开始,然后单击运行。 2. 在打开框中,键入cmd,然后单击确定。 3. 键入xcopy sourcedestination /O /X /E /H /K ,然后按Enter,其中source 是要复制的文件的源路径,destination 是这些文件的目标路径。 如何将一个文件夹复制到另一个文件夹中并保留其权限 https://www.docsj.com/doc/e818752075.html,/kb/323007/zh-cn 另外,您可以尝试使用FSMT 来实现迁移文件夹及其权限,它提供了可简化文件服务器的迁移和将迁移对用户与商业应用程序的影响降低到最小的工具。您可以到以下网站下载FSMT:Windows Server 2003 升级协助中心 https://www.docsj.com/doc/e818752075.html,/china/windowsserver2003/upgrading/nt4/upgradeassi stance/default.mspx 文件服务器迁移工具包要求和兼容性:常见问题 https://www.docsj.com/doc/e818752075.html,/china/windowsserver2003/upgrading/nt4/tooldocs/msf st_faqs.mspx 您可以使用Permcopy.exe 工具可用来从一个共享向另一个共享复制共享权限。使用Permcopy.exe 工具将共享权限从一个共享复制到另一共享,请使用“permcopy \\source_server\share_name \\destination_server\share_name”命令,其中
服务器安装Windows server 2008 R2企业版步骤
服务器创建raid10方式并安装Windows server 2008 R2企业版步骤 用U盘安装并创建RAID10(必须是四块硬盘): 一、在服务器上创建RAID10 1、在安装系统前,需要先准备好Windows server 2008 R2映像 文件并拷贝到U盘中。 2、利用U盘镜像制作工具在U盘中制作引导(例如UltraISO Portable v9.6.1.3016)。 3、将U盘插到服务器上,在启动界面显示硬盘的时候按Ctrl+H 进入Web Bios界面。 4、创建RAID10使用的程序为:MegaRAID BIOS Config Utility Physical Configuration
5、选择Configuration Wizard 6、选择New Configuration,点击Next
7、选择Manual Configuration,点击Next
8、按Ctrl选择两块硬盘,点击Add to Array 9、点击Accept DG添加一个Drive Group
10、按Ctrl选择后两块硬盘再次点击Add to Array 11、再次点击Accept DG,然后点击Next
12、在弹出的界面中有下拉框,可以看到两个组,分别是Group0、 Group1;选择第一个硬盘组,点击Add to SPAN;然后再移 动第二个组,移动完成后点击Next。 13、在弹出的界面中,Drive Cache选择Disable,Disable BGI选 择Yes,Select Size填写RAID10的容量(其容量在界面右面 就可以看到,组RAID10别选错),点击Accept
巧用cacls命令来设置文件及其文件夹权限
例一:让所有用户禁止访问D盘test文件夹。 命令:命令行界面的打开就不多说了哦。看上面。 cacls d:\test /t /p everyone:n 表示把D盘test文件夹设置成对所有用户的[无权限],n表示no,无权限的意思。其他常用权限:r 表示只读;f表示完全控制。/t表示对文件夹里面的子文件夹也同样设置权限。/p你不用管。但是要写上。不然运行不好地。 接过是:打开D盘test就提示禁止访问。因为上面写的是everyone所有用户。所有你自己也不能访问。自己要访问时只需要运行命令: cacls d:\test /t /p everyone:f 就可以了 如果你的电脑有几个账户,你是想不让其他账户访问这个文件夹,那么你可以在写命令的时候把everyone改成相应的账户名字,比如edwin等等〔看你实际的账户名啦〕。 直接用everyone所有用户设置权限。要打开时再运行命令取消限制,也不是太麻烦。至少可以提供个机会多练习练习命令行,和记住这条命令。否则时间长了忘记了又得查资料。 例二:让用户edwin不能打开e:\test\apian.rmvb 这部电影。当然也可以限制图片,程序,word文档的打开哦。命令: cacls e:\test\apian.rmvb /p edwin:n 取消限制: cacls e:\test\apian.rmvb /p edwin:f 例三:把D盘绿色软件文件夹里面的exe文件设置成只读[包括子文件夹里面的]。这样可以防止病毒感染exe 文件。 命令: d: cd d:\绿色软件 cacls *.exe /t /p everyone:r w注意上面的 “d: cd d:\绿色软件” 这两行命令表示把当前目录切换到d:\绿色软件。不可省略不写哦。 例四:把E盘根目录下设置成只读,防止病毒感染E盘根目录。因为很多U盘病毒会感染根目录,在根目录下新生成一个文件夹及文件比如 autorun.inf、setup.exe、a2de3d3.exe、autorun.exe。有些恶性病毒很厉害。弄得你重装系统都无法解决病毒问题。因为这些在非系统目录根目录的病毒存在当你单纯格式化C盘重装系统之后,第一次启动时打开D盘等非系统盘的时候病毒在次感染C盘。如果把非系统盘根目录设置成只读的话就可以防止病毒生成这些文件。当然不影响根目录下文件的删除哦。但是会影响你自己建立文件夹或在根目录下复制进文件。所有建议开始把根目录下的文件夹建立好。文件放到子文件夹里面。或者在你想在比如D盘根目录下建立一个文件夹时,先用命令行取消根目录只读。虽然有点麻烦,但是好处多余坏处哦。 命令: cacls e:\ /p everyone:r
wnowserver之安装配置文件服务器完整版
w n o w s e r v e r之安装配 置文件服务器 HEN system office room 【HEN16H-HENS2AHENS8Q8-HENH1688】
安装好server 2003之后,我们通常通过在文件夹上点击右键共享文件夹,然后配置共享权限和NTFS权限的方式可以实现文件服务器的基本功能。升级到 Server2008之后,我依然可以通过这种方式来实现简单的文件服务器功能,另外我们还可以通过安装文件服务器角色,来配置很多高级的功能。 下面是我安装配置一个简单的文件服务器,并利用“共享和存储管理”来设置文件服务器的过程。 实验说明: 文件服务器名字:fs01 客户端:win7 两个机器在同网段。 实验环境:VMware Workstation 实验目的:安装文件服务器角色,通过“共享和存储管理”功能,配置一个share共享文件夹,对所有用户共享,但是只有只读的权限,不能改写。用于放置公司的常用表格和共享的工具软件。 1、通过服务器管理器安装添加角色 2、下一步? 3、勾选“文件服务器” 4、 5、下一步 6、勾选“文件服务器”和“windows Search服务” 7、可以勾选需要索引的卷 8、确认安装项目,进行安装 9、安装 10、安装成功,关闭对话框。 11、在“服务器管理器”中,展开“角色”-----“文件服务”-----“共享和存储管理”。在管理工具里面也可以找到。 12、点击右侧的“设置共享” 13、浏览需要共享的文件夹 14、我们选择C盘的share文件夹 15、点击下一步 16、我们来更改,编辑NTFS权限 17、给予user组可读的权限 18、下一步 19、勾选“SMB”,确定共享名。下一步。 20、点击高级,可以配置一些高级选项。 21、在用户限制标签,可以限制同时连接这个共享的用户数,或者启用禁用,基于访问权限的枚举。 22、在“缓存”标签,可以设置这个共享文件夹是否可以在客户端缓存。 23、根据自己需要设置好之后,下一步 24、这个共享文件夹,我们让所有用户都只具有只读的共享访问权限。 25、由于我们还没有配置DFS,我们暂时不要将它发布到DFS命名空间
SQL_Server_2008安装过程图解
SQL Server 2008 中文版安装图集 一直很期待SQL Server 2008 的发布,昨天在微软网站找到了下载地址,3.28G,之所以这么大,是因为该ISO 文件同时包含了IA64、64、x86 三种版本,x86 约占1.5G 多一些,直接下载地址如下: https://www.docsj.com/doc/e818752075.html,/download/B/8/0/B808AF59-7619-4A71-A447-F597DE7 4AC44/SQLFULL_CHS.iso 如果你的机器上已安装有Visual Studio 2008,在安装之前最好安装Visual Studio 2008 SP1,为什么这么做?偶也不知道,只是SQL Server 2008 发行说明中有此一条,我也没试过不安装SP1 有什么后果。 开始安装,启动,WOW,出现了一个CMD 窗口,真不知道微软的开发人员是怎么想的,用命令行程序做载入和系统检查,而且这个CMD 窗口会一直持续到安装结束。 安装程序风格变化很大,相较2005 也有很大变化,见图(点击看大图): 上图为安装主界面,包含了有关SQL Server 2008 的各种信息,很直观,开始安装选择:全新SQL Server 独立安装或向现有安装添加功能;
一些必需条件检查; Enterprise: JD8Y6-HQG69-P9H84-XDTPG-34MBB
然后是产品序列号输入,这也是SQL Server 首次采用此种授权管理方式;从微软网站下载的版本其实和正式版本无异,你如果有正式的序列号,在此输入即可成为正式版;当然在此处你也可以选择安装企业评估版,待以后通过上图的安装中心界面可将试用版升级为其它版本的正式版。 SQL Server 2008 企业版授权协议;
文件共享和安全设置
通过“应用到”和“权限”的结合,可以进行任意的权限设置。 文件夹共享和安全权限设置<实例:只允许用户新建文件夹和管理所建文件夹权限> 目的: 文件服务器上的一个共享文件夹Share(NTFS),需要允许域中的用户组Domain Users用户在S hare根目录下进行文件夹新建,改名,但是不允许新建文件。同时Domain Users用户组中的用户要求对自己所创建的文件夹有完全控制权限<包括删除>,并且可以对文件夹能进行权限更改。 操作: 一,共享权限设置: 选中文件夹Share ——属性——选中<共享>选项——选中<共享此文件夹>,在下方文本框中输入共享名――点击< 权限>按钮――权限对话框中默认为Everyone ――将并设置为完全控制。(这里你也可以只对Domain Users用户组授予完全控制权限)如下图: 共享权限: “读取”权限允许:
查看文件名和子文件夹名 查看文件中的数据 运行程序文件 “更改”权限除允许所有的“读取”权限外,还允许: 添加文件和子文件夹 更改文件中的数据 删除子文件夹和文件 “完全控制”权限除允许全部“读取”及“更改”权限外,还允许: 更改权限(仅适用于NTFS 文件和文件夹) 二,安全权限设置: 在属性对话框中――选中<安全>选项――点右下角的<高级>按钮――出现<高级安全设置>对话框,去除<允许父项的继承权限传播到该对象和所有子对象>前面的复选框――出现一个<安全>提示对话框,点击<复制>――此时,在<权限项目>下面的方框中――有Administrators(本地管理员组),SYSTEM,CREATOR OWNER,Users(本地普通用户组,可以删除)四个对象和相应的权限――添加――选择域中的Domain Users用户组, 确定――出现
- Windows Server 2012 R2 文件服务器安装与配置08 之工作文件夹
- Windows Server 2008 R2文件共享服务器
- Windows_Server_2008服务器配置和管理
- windows-server2008文件服务器搭建
- wnowserver之安装配置文件服务器完整版
- 实验2-1 Windows Server 2008 文件服务器资源管理器(FSRM)
- 部署windows server 2008 DFS服务器复制服务
- 用Windows_Storage_Server_2008做iSCSI存储服务器
- window server 2008 文件服务器配置共享文件的方法
- Windows server 2008R2搭建文件共享服务器(超详细版)
- windowsserver2008文件服务器搭建2种方案
- windows server r 文件服务器安装与配置
- windows2008文件服务器案例
- windows server 2008文件服务器配置磁盘配额和卷影副本
- Windows sever2008r2 文件服务器搭建
- Windows server 2008文件服务
- windows2008文件服务器案例
- Server 2008 R2 文件服务器资源管理器实验报告
- Windows Server 2008 R2文件服务器群集
- windows server 2008文件服务器搭建2种方案