In the following thought experiment, apply what you’ve learned about this objec- tive to predict what steps you need to take. You can find answers to these questions in the “Answers” section at the end of this chapter.
You are a network administrator for Adventure Works, Inc., a rapidly growing company based in Seattle that has just opened its first branch office in Denver. The network consists of a single Active Directory domain, Adventureworks.com. All servers are running either Windows Server 2008 R2 or Windows Server 2012 and all clients are running either Windows 7 or Windows 8. The two sites are linked by a site- to-site VPN.
The Seattle office and the Denver office each includes a main file server (named FSSeattle1 and FSDenver1, respectively) that is shared by all users in the local of- fice location. DFS has been configured so that the same five shares are available to authorized users in both offices. Each share is used by one company-wide depart- ment, including Finance, Sales and Marketing, Operations, Human Resources, and Research and Development.
Each office location includes employees from each of the five departments. A goal for the IT department is to address security concerns about confidential infor- mation while making all other information available to members of each department. With the preceding information in mind, answer the following questions.
1. If you wanted to limit access to some files within each department share to members of each office site, how can you best achieve this goal by using NTFS file permissions?
2. Given the information provided about the network, what changes might you need to make to ensure that DAC can be implemented on the network?
3. You want to make sure that when employees at one office designate a file in their department share as highly confidential, the file can be viewed only from computers with account properties in Active Directory that indicate the same physical delivery office name as that of the user. How might you achieve this goal by using DAC permissions only? (Describe or list resource properties, claims
Objective summary
■■ You can provide iSCSI SAN storage to clients on a network by installing and
configuring the iSCSI Target Server available in Windows Server 2012.
■
■ Windows Server 2012 includes iSCSI Initiator, which is an iSCSI client that connects to
iSCSI targets and provisions storage from those targets as apparently local disks.
■
■ To create iSCSI storage on a target server, run the New iSCSI Virtual Disk Wizard. This
wizard creates a VHD file that you must attach to a local iSCSI target. When a remote initiator later connects to this target, the VHD appears to the iSCSI client as a local disk.
■
■ You need to add an initiator to a target before you can establish a connection from the
initiator to the target.
■
■ Features on Demand is the name of a functionality in Windows Server 2012 that allows
you to reduce the footprint of your Windows Server installation by removing all of the files associated with unneeded features. To remove an unneeded feature completely from a Windows Server 2012 installation, use the Uninstall-WindowsFeature cmdlet with the -Remove option.
■
■ Data Deduplication is a component of the File And Storage Services role that reduces
the amount of space taken up by data on your disks without adversely affecting performance. When installed and enabled, Data Deduplication runs as a background process by default. You configure Data Deduplication on a per-volume basis in the File And Storage Services page of Server Manager.
■
■ Storage tiering allows you to improve performance by including both solid state and
traditional magnetic media hard disks in a storage pool. Frequently accessed data is automatically moved to the solid state disks with less frequently access data moved to the magnetic media hard disks.
Objective review
Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of the chapter.
1. You are a network administrator for Adatum.com. You are deploying a new application server named App1, and you need to provision storage for App1 from an active iSCSI target on a server named Storage1.
You enable the iSCSI Initiator service on App1. What should you do next? A. Run the Iscsicli command.
B. Run the Iscsicpl command.
C. Add App1 to the iSCSI target on Storage1.
2. You work as a network administrator for Fabrikam.com. The Fabrikam.com network includes approximately 50 servers and 600 clients. New iSCSI resources are frequently added to the network to support increased storage demands. Locating these iSCSI resources on the network is becoming increasing difficult.
You want to improve the manageability of your iSCSI resources on the network by using a central repository.
Which feature should you configure? A. An iSCSI Target
B. An iSNS Server C. An iSCSI Initiator D. A storage pool
3. Data Deduplication is enabled on the E:/ volume of a server named VHost1. You want to modify the deduplication schedule so that deduplication can run at a higher priority during the overnight hours.
Which tool should you use to configure this setting on VHost1? A. Server Manager
B. Computer Management C. Windows Explorer
Answers
This section contains the solutions to the “Thought experiments” and the “Objective review” questions in this chapter.
Objective 2.1: Thought experiment
1. You can configure a file screen to stop users from storing audio files on the file share. 2. You can run a report to determine which files haven’t been accessed after a specific
number of days. You can then move these files to the archive share.
3. You can run a duplicate files report to determine when multiple copies of a file are being stored.
4. You can use quotas to limit the amount of data a user stores on a single share.
Objective 2.1: Review
1. Correct Answers: A, D
A. Correct: You need to enable this policy setting to enable BranchCache on clients that fall within the scope of the policy.
B. Incorrect: You can use this policy setting to specify only a single hosted cache server.
C. Incorrect: You use this policy setting to enable hosted cache discovery. You want to configure clients with two specific hosted cache servers, not enable hosted cache discovery.
D. Correct: You use this policy setting to configure clients running Windows 8 or Windows Server 2012 with the names of one or more hosted cache servers. 2. Correct Answer: A
A. Correct: This cmdlet lets you generate hashes for content on BranchCache- enabled file shares to stage the data for a cache package used for preloading. B. Incorrect: This cmdlet lets you generate hashes for content on BranchCache-
enabled web servers to stage the data for a cache package.
C. Incorrect: This cmdlet lets you generate a cache package containing all the staged data.
3. Correct Answers: A, B
A. Correct: You need to use this policy setting to enable BranchCache on clients that fall within the scope of the policy.
B. Correct: You need to use this policy setting to enable clients for BranchCache if no hosted cache server is present in the branch office.
C. Incorrect: This policy setting is used to enable clients with the name of a single hosted cache server. It is not used to configure BranchCache clients to use Distributed Cache mode.
D. Incorrect: This policy setting is used to define the network latency threshold beyond which clients will attempt to retrieve content from a local cache instead of from a remote source over a WAN link. You can’t use this policy setting to configure BranchCache clients to use Distributed Cache mode.
Objective 2.2: Thought experiment
1. Create a file classification rule that assigns a specific classification when a keyword is located within the file.
2. You need to configure a user claim that will allow you to create a rule based on the user’s Active Directory attribute.
3. You use Group Policy to deploy central access policies to file servers.
4. You can configure access denied assistance to allow users to automatically request ac- cess to files they are unable to open.