Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, openGroup Policy Managementfrom theAdministrative Toolsmenu or by typinggpmc.mscin the Run box.
In the left pane, expand your domain and right-click onGroup Policy Objects. SelectNewto create a new GPO.
In theNew GPOdialog box, enterGPO1as theNameof the new GPO and clickOK. You can also optionally select a source GPO to copy the settings from.
Close theGroup Policy Management Editorand return to theGroup Policy Managementconsole. Right-click on the new GPO and selectScope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
Under theSecurity Filteringsection, click onAuthenticated Usersand then click onRemove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
Click onAddand then type the name of the group that you want to apply the GPO to, such asMemberServers. ClickOKto add the group to the security filter. You can also click onAdvancedto browse the list of groups available in the domain.
To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and selectLink an Existing GPO. Select the GPO that you created, such asGPO1, and clickOK. You can also change the order of preference by using theMove UpandMove Downbuttons.
Task 1
You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1.
To create a group-managed service account (gMSA) named gMSA1 and make it available on SRV1, you can follow these steps:
Step 1: Create the Key Distribution Services Root Key First, you need to create the KDS Root Key, which is required for the gMSA to function. You can do this with the following PowerShell command:
Add-KdsRootKey --EffectiveTime ((get-date).addhours(-10))
Note: The -EffectiveTime parameter is set to 10 hours in the past to ensure immediate effect.
Step 2: Create the gMSA Next, use the New-ADServiceAccount cmdlet to create the gMSA:
New-ADServiceAccount -Name gMSA1 -DNSHostName gmsa1.domain.com -PrincipalsAllowedToRetrieveManagedPassword SRV1$
Replace domain.com with your actual domain name.
Step 3: Install the gMSA on SRV1 Now, you need to install the gMSA on the server SRV1. Run the following command on SRV1:
Install-ADServiceAccount -Identity gMSA1
Step 4: Test the gMSA To ensure that the gMSA is installed correctly and ready for use, perform a test using:
Test-ADServiceAccount -Identity gMSA1
If the test returns True, the gMSA is correctly installed and ready for use on SRV1.
Step 5: Configure the Service to Use the gMSA Finally, configure the service that requires the gMSA to use gMSA1 by setting the service's logon account to domain\gMSA1$ and leave the password field blank.
Task 2
You need to ensure that you can manage SRV1 remotely by using PowerShell
To manage SRV1 remotely using PowerShell, you'll need to set up PowerShell Remoting. Here's a step-by-step guide:
Step 1: Enable PowerShell Remoting on SRV1 On SRV1, run the following command to enable PowerShell Remoting:
Enable-PSRemoting -Force
This command configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.
Step 2: Configure the TrustedHosts List (If Needed) If you're managing SRV1 from a computer that is not part of the same domain, you'll need to add the managing computer's name to the TrustedHosts list on SRV1:
Set-Item wsman:\localhost\Client\TrustedHosts -Value 'ManagingComputerName' -Concatenate -Force
Replace ''ManagingComputerName'' with the name of your managing computer.
Step 3: Start a Remote Session From your managing computer, start a remote session with SRV1 using the Enter-PSSession cmdlet:
Enter-PSSession -ComputerName SRV1 -Credential (Get-Credential)
This command prompts you for credentials and then starts a remote session with SRV1.
Step 4: Run Remote Commands Once the remote session is established, you can run any PowerShell command as if you were directly on SRV1. For example:
Get-Service
This command gets the status of services on SRV1.
Step 5: Exit the Remote Session When you're finished, exit the remote session:
Exit-PSSession
By following these steps, you should be able to manage SRV1 remotely using PowerShell. Make sure you have the appropriate administrative privileges to perform these actions.
Task 3
You need to run a container that uses the mcr.microsoft.com/windows/servercore/iis image on SRV1. Pott 60 on the container must be published to port 5001 on SRV1 and the container must run in the background.
To run a container on SRV1 using the mcr.microsoft.com/windows/servercore/iis image, publish port 60 on the container to port 5001 on SRV1, and ensure it runs in the background, you can follow these steps:
Step 1: Pull the IIS Image First, pull the IIS image from the Microsoft Container Registry:
docker pull mcr.microsoft.com/windows/servercore/iis
Step 2: Run the Container Next, run the container with the required port mapping and ensure it runs in the background using the -d flag:
docker run -d -p 5001:60 --name iis_container mcr.microsoft.com/windows/servercore/iis
This command will start a container named iis_container using the IIS image, map port 60 inside the container to port 5001 on SRV1, and run the container in detached mode.
Step 3: Verify the Container is Running To verify that the container is running and the port is published, use the following command:
docker ps
This will list all running containers and show the port mappings.
Step 4: Access the IIS Server You can now access the IIS server running in the container by navigating to http://<SRV1_IP>:5001 in a web browser, where <SRV1_IP> is the IP address of SRV1.
By following these steps, you should be able to run the IIS container on SRV1 with the specified port mapping and have it running in the background.
Task 4
You need to run a container that uses the mcrmicrosoft.com/windows/servercofe/iis image on SRV1. Port 80 on the container must be published to port 5001 on SRV1 and the container must run in the background
To run a container on SRV1 using the mcrmicrosoft.com/windows/servercofe/iis image, publish port 80 on the container to port 5001 on SRV1, and ensure it runs in the background, you can follow these steps:
Step 1: Pull the IIS Image First, pull the correct IIS image from the Microsoft Container Registry:
docker pull mcr.microsoft.com/windows/servercore/iis
Step 2: Run the Container Next, run the container with the required port mapping and ensure it runs in the background using the -d flag:
docker run -d -p 5001:80 --name iis_container mcr.microsoft.com/windows/servercore/iis
This command will start a container named iis_container using the IIS image, map port 80 inside the container to port 5001 on SRV1, and run the container in detached mode.
Step 3: Verify the Container is Running To verify that the container is running and the port is published, use the following command:
docker ps
This will list all running containers and show the port mappings.
Step 4: Access the IIS Server You can now access the IIS server running in the container by navigating to http://<SRV1_IP>:5001 in a web browser, where <SRV1_IP> is the IP address of SRV1.
By following these steps, you should be able to run the IIS container on SRV1 with the specified port mapping and have it running in the background. Please replace mcrmicrosoft.com/windows/servercofe/iis with the correct image name mcr.microsoft.com/windows/servercore/iis as shown in the commands above.
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 230 Questions & Answers