MCSE Windows server 2003- P13

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

Thêm vào BST

Báo xấu

87
lượt xem 15
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

MCSE Windows server 2003- P13: Windows Server 2003 is, of course, more secure, more reliable, more available, and easier to administer than any previous version of Windows. Let’s take a close look at the platform and how it compares to Microsoft Windows 2000. This lesson provides a brief overview of the Windows Server 2003 family, focusing on the differences among the product editions: Web Edition, Standard Edition, Enterprise Edition, and Datacenter Edition.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: MCSE Windows server 2003- P13

Objective 2.7 Troubleshoot User Authentication 15-35 Objective 2.7 Troubleshoot User Authentication Without proper authentication, a user will be unable to access network resources, and, in some cases, will not be able to log on to his or her local computer. At the root of authentication is the combination of username and password which comprise the user’s credentials. If there is a mismatch between what the user believes his or her cre dentials to be and what the authenticating system expects, the user will not be able to connect to that resource. If that resource is the local computer, the user will not be able to log on at all. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-36 Chapter 15 Managing Users, Computers, and Groups (2.0) Objective 2.7 Questions 1. A traveling user has been away from the office for several months. The laptop com puter with which the user travels is not configured for dial-in access to the corporate network because it is used mostly for presentations and client documentation. Upon returning to the office and connecting to the corporate network, the user is unable to log on to his or her computer using a local account, and is presented with the “Log on Failed” dialog box. What should you do? A. Reset the user’s password in Active Directory. B. Reset the user’s computer account in Active Directory. C. Use the password reset disk for that user to reset the password on the local computer. D. Disconnect the computer from the network, and then restart the computer. 2. A user has returned from an extended business trip, and reconnects his or her com puter to the network. The user is able to log on, but is not able to connect to any net- work resources. You examine the accounts associated with the user in Active Directory Users And Com puters, and note that the computer account for the user’s laptop is marked with a red “X” icon. What should you do to solve the problem? A. Reset the user’s password in Active Directory. B. Reset the laptop computer account in Active Directory. C. Delete the laptop computer account from the domain, join the laptop to a work- group, then rejoin the laptop to the domain. D. Delete and recreate the laptop computer account. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 2.7 Troubleshoot User Authentication 15-37 3. You are the systems administrator for a medium-sized organization that runs a single Windows Server 2003 domain. The Default Domain Group Policy object has the fol lowing password policy settings: 10 Passwords Remembered. Maximum Password Age 10 days Minimum Password Age 2 days Minimum Password Length 10 characters A group of 40 developers who work in a department in your organization has lobbied management for a separate set of password policies specific to its members. The devel opers want the minimum password age set to 0 days and the maximum password age set to 28 days. Which of the following methods will allow you to alter the password policy for this group of developers? A. Create a child domain of the current domain and move the developers’ accounts to this domain. Edit the Default Domain GPO of the child domain and implement the separate password policy requested by the developers. B. Create a separate OU and move the 40 developers’ user accounts into this OU. Create and edit a new GPO, implementing the separate password policy requested by the developers via this GPO. Apply the GPO to the newly created OU hosting the developers’ accounts. C. Resubnet the network and create a new site within Active Directory. Place all the 40 developers’ workstations onto this new subnet. Create and edit a new GPO, implementing the separate password policy requested by the developers via this GPO. Apply the GPO to the newly created site hosting the developers’ computer accounts. D. Edit the Local GPO on each of the developer’s workstations, implementing the separate password policy requested by the developers via this GPO. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-38 Chapter 15 Managing Users, Computers, and Groups (2.0) Objective 2.7 Answers 1. Correct Answers: C A. Incorrect: The “Logon Failed” dialog box appears only if a password reset disk has been created for an account on the local computer. The domain user account is not involved in this problem. B. Incorrect: The “Logon Failed” dialog box only appears if a password reset disk has been created for an account on the local computer. The domain computer account is not involved in this problem. C. Correct: The password reset disk is created for local user accounts, and can be used when a user is trying to access a local computer account with the incorrect credentials, as in this case. D. Incorrect: The computer’s connection to the network or any network interaction does not cause the “Logon Failed” dialog box to appear. 2. Correct Answers: B A. Incorrect: The user’s password would not affect the computer account, as the icon indicates, in Active Directory. B. Correct: The password between the laptop and the domain computer account has become unsynchronized and must be reset. C. Incorrect: This would solve the problem, but might cause other problems if there are permissions set on resources for this laptop computer. Also, this process would take much more time than a computer password reset. D. Incorrect: This would compound the problem by not only having unsynchro nized passwords, but mismatched SIDs as well. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 2.7 Troubleshoot User Authentication 15-39 3. Correct Answers: A A. Correct: Password policies apply domain-wide. The only method by which users can have separate password policies is if their user accounts reside in different domains. A child domain does not inherit the password policy of its parent domain. B. Incorrect: Password policies apply domain-wide. Password policies applied at the OU level do not override the password policies set at the domain level. If this set of steps is taken, the password policies will remain as they did before at the domain level. C. Incorrect.: Password policies apply domain-wide. Password policies applied at the site level do not override the password policies set at the domain level. If this set of steps is taken, the password policies will remain as they did before at the domain level. D. Incorrect: Password policies apply domain-wide. Password policies applied at the local level do not override the password policies set at the domain level. If this set of steps is taken, the password policies will remain as they did before at the domain level. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16 Managing and Maintaining Access to Resources (3.0) Access to resources requires proper identification and proper permissions. There is no additional configuration to be done to access files across a network than to make sure that the resource is accessible (shared) and that the user has appropriate permissions to accomplish the desired action (read, write, delete, and so on). This transactional process of analyzing the user’s access token involves reading the entries on the access control list (ACL) of the resource, and comparing the list with the security identifiers (SIDs) on the token. If the security services governing the resource access process determine that the combination of SIDs and their permissions is sufficient to perform the requested task, permission and access is granted; if not, access to the resource is denied. Such permission-based access is accomplished by the operating system based upon the file system that is installed on the storage device where the resource resides. On a FAT32 file system, for example, even if the operating system version is Windows Server 2003, permissions cannot be set at the file system level: NTFS permissions are required for this type of permission assignment. Share permissions, however, can be set regardless of the file system on which the resources are stored. The operating system alone controls the share permissions, which are valid for any entity attempting to access the resource from across the network. Terminal Services provides a different type of access to resources, in that it presents a local environment to the user over the network. The creation and use of this virtual local environment requires additional permissions and configuration, but the resource access to files and folders is still governed by network (share) and file system (NTFS) permissions. The understanding of these additional configuration needs and possibili ties is key to the proper use of Terminal Services. Testing Skills and Suggested Practices The skills that you need to master the Managing and Maintaining Access to Resources objective domain on Exam 70-290: Managing and Maintaining a Microsoft Window Server 2003 Environment include ■ Configure access to shared folders. ❑ Practice 1: Set permissions for individual users and groups. Create increas ingly complex sets of group memberships and permission assignments so as to make a 2–3 layer set of permissions using multiple group memberships for a user account, and nested memberships for groups. 16-1 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-2 Chapter 16 Managing and Maintaining Access to Resources (3.0) ❑ Practice 2: Configure sets of permissions on network share points. Configure NTFS permissions for the same resource, and analyze the effective resulting permissions for a user. ■ Troubleshoot terminal services. ❑ Practice 1: Configure Terminal Services in Remote Desktop for Administration mode such that various users are allowed or denied permissions. Set proper- ties for allowed users to control their profile paths, home directories, and whether their sessions can be controlled remotely through another Terminal Services session. ❑ Practice 2: Configure Group Policy for Terminal Services users to redirect local printer and drive output to the Terminal Services session. Know the pur poses and functionalities for each of these settings. ■ Configure file system permissions. ❑ Practice 1: Set permissions for individual users and groups. Create increas ingly complex sets of group memberships and permission assignments so as to make a 2–3 layer set of permissions using multiple group memberships for a user account, and nested memberships for groups. ❑ Practice 2: Configure sets of NTFS permissions on file system objects. Config ure share permissions for the same resource, and analyze the effective result ing permissions for a user. ■ Troubleshoot access to shared files and folders. ❑ Practice 1: Access the properties of a file for which you have set complex NTFS permissions for several groups of users. Select a user that is a member of more than one of the groups that you have assigned the permissions to for the file. Use the advanced button in the securities tab to access the “effective permissions” tab. Enter the user’s name to discover his or her effective per- missions to that file. ❑ Practice 2: Access the properties of a folder for which multiple groups have been given different NTFS permissions. Use the advanced button in the secu rities tab to access the “effective permissions” tab. Enter a group name to view the effective group permissions for that folder. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Chapter 16 Managing and Maintaining Access to Resources (3.0) 16-3 Further Reading This section contains a list of supplemental readings divided by objective. Study these sources thoroughly before taking the exam. Objective 3.1 Review Chapter 6, “Files and Folders.” This chapter examines share permissions, NTFS permissions, and auditing of resource access. Microsoft Corporation. Frequently Asked Questions: Security Technologies. This Web- based resource is free and can be accessed at the URL: http://www.microsoft.com /windowsserver2003/community/centers/security/security_faq.asp. Objective 3.2 Review Chapter 2, Lesson 3, “Remote Administration with Terminal Services.” This lesson discusses configuration and permission issues involved with Terminal Services, Remote Desktop, and Remote Assistance. Microsoft Corporation. Windows Server 2003, Help and Support Center: Remote Assistance. Objective 3.3 Review Chapter 6, “Files and Folders.” This chapter explores share permissions, NTFS permissions, and auditing of resource access. Microsoft Corporation. Technet; Script Center: Disks and File Systems. This Web-based resource is free, and can be accessed at the following URL: http: //www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/dfs /default.asp. Objective 3.4 Review Chapter 6, “Files and Folders.” Examine the material on troubleshooting permissions, including how to view effective permissions. Review the following article on Microsoft Technet: http://www.microsoft.com /technet/prodtechnol/windowsserver2003/proddocs/standard/acl_view_effective _permissions.asp. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-4 Chapter 16 Managing and Maintaining Access to Resources (3.0) Objective 3.1 Configure Access to Shared Folders Share permissions are set within the Windows Server 2003 operating system on net- work access points—shares—within the file system. These share permissions are assigned in the folder properties interface (Sharing tab) in Windows Explorer. Individ ual files cannot be shared. For multiple user entities, permissions are analyzed for each SID presented in the user’s access token, and the most liberal permission is granted. The exception to this liberal permission assignment is when one (or more) of the SIDs presented in the token has a deny permission assigned in the resources’ ACL; in that case, the deny permission takes precedence. If NTFS permissions are in use on the file system, the effective share permission is com pared to the effective NTFS permission, and the most restrictive permission is then assigned as the final, effective permission for the user on that resource. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders 16-5 Objective 3.1 Questions 1. Server01 is a file server running Microsoft Windows Server 2003 that is used by the accounting department to provide timesheet and expense report forms for employees. You are setting permissions on the share points for these folders, and must meet the following requirements: ■ Employee-specific forms are stored in the Forms folder. These forms should be accessible by all employees. ■ Only Authenticated Users should be able to access the forms. ■ Employees can upload completed forms to a folder named Forms\Reports \. ■ Users should only be able to read their own forms, not forms submitted by other users. ■ Supervisor-specific forms are stored in Forms\Supervisors. These forms should be accessible only by supervisors. The Forms folder is shared as Forms, the Supervisors folder is shared as Supervisors, and each user’s folder is shared as that user’s username. Supervisors are members of the Supervisors Global Group. NTFS permissions are set on all folders to Authenticated Users–Modify. Permissions are granted to the shared folders as follows: Shared Folder Share Permissions Forms Everyone, Allow Read Supervisors Supervisors, Allow Read Allow Change Which of the following requirements is met? (Select all that apply.) A. All employees can download their forms. B. All employees can upload completed forms to their folders. C. Employees can read only their own submitted forms. D. Only Authenticated Users can download forms. E. Only Supervisors can download Supervisor-specific forms. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-6 Chapter 16 Managing and Maintaining Access to Resources (3.0) 2. You are configuring share permissions for a shared folder on a file server. You want all Authenticated Users to be able to save files to the folder, read all files in the folder, and modify or delete files that they own. What are the correct permissions that you need to set on the shared folder to achieve your objective? (Select all that apply.) A. Authenticated Users–Full Control B. Authenticated Users–Change C. Authenticated Users–Read D. Creator/Owner–Full Control E. Creator/Owner–Change F. Creator/Owner–Read 3. You are configuring permissions for a shared folder on your network. You want all Authenticated Users to have read access to the files when attaching to the folder across the network from their computers, but only members of the Managers group should be able to read the files when logged on locally to the computer containing the files. Man agers also need the ability to change the files when logged on locally. All users are able to log on locally to the computer. What permissions do you need to set on the shared folder? (Select all that apply.) A. NTFS–Interactive–Change B. NTFS–Interactive–Read C. NTFS–Authenticated Users–Change D. NTFS–Managers–Change E. Share Permission–Network–Read F. Share Permission–Interactive–Read G. Share Permission–Managers–Change Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders 16-7 4. A folder, Documents, on Server01 is shared as Docs$. The permissions on the shared folder are set as follows: ■ Docs$ Shared Folder Permissions: Everyone–Full Control ■ Documents Folder NTFS Permissions: Authenticated Users–Read, Write; Manag- ers–Modify; Administrators–Full Control Which of the following statements regarding access to the resource are true? (Select all that apply.) A. Only Administrators can access the shared folder from the network. B. All Users can access the shared folder from the network. C. Authenticated Users can delete files in the folder. D. Managers can delete files in the folder. E. Authenticated Users can write files in the folder. F. Authenticated Users can change ownership of a file in the folder. G. Managers can change ownership of a file in the folder. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-8 Chapter 16 Managing and Maintaining Access to Resources (3.0) Objective 3.1 Answers 1. Correct Answers: A, B, and D A. Correct: All employees can access their forms through the Forms shared folder as part of the Everyone Group. B. Correct: All employees can access their user folders through the change permis sion assigned to them. C. Incorrect: Although the change permission on each username folder restricts access through that share point, any user can navigate to any individual folder through the Forms shared folder. D. Correct: In Windows Server 2003, by default, the Everyone group does not con tain the identity Anonymous Logon. E. Incorrect: Although the users will not be able to access the Supervisors shared folder directly, they can navigate to it using the Forms shared folder. 2. Correct Answers: C and E A. Incorrect: Giving Authenticated Users--Full Control permission will allow modi fication or deletion of any files in the folder, which gives more permission than required. B. Incorrect: Giving Authenticated Users--Change permission will allow modifica tion of any files in the folder, which gives more permission that required. C. Correct: Giving Authenticated Users--Read permission will allow reading of any files in the folder, which fulfills the requirement. D. Incorrect: Giving permissions for Creator/Owner–Full Control will allow users to modify or delete their own files, but would also allow them to change permissions on the files. With the ability to change permissions, the Creator/Owner could set permissions that allow other users to modify or delete files. E. Correct: Giving permissions for Creator/Owner–Change will allow users who create the file to modify or delete it, which satisfies the requirements. F. Incorrect: Giving permissions for Creator/Owner–Read will not allow users to create or modify any files in the folder, which does not satisfy the requirements. 3. Correct Answers: D and E A. Incorrect: This setting will allow any user logged on to the computer to change files. The NTFS permissions are the only permissions that apply to users logged on locally, which is what the Interactive entity group includes. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.1 Configure Access to Shared Folders 16-9 B. Incorrect: This setting will allow any user logged on to the computer to read files, which violates the requirements. The NTFS permissions are the only permis sions which apply to users logged on locally, which is what the Interactive entity group includes. C. Incorrect: This setting will allow any user logged on to the computer to read files, which violates the requirements. The NTFS permissions are the only permis sions which apply to users logged on locally, which is what the Interactive entity group includes. D. Correct: This setting will allow for the Managers to have change permission when logged on locally. They will also have the change permission when access ing the file from the network unless the share permissions are more restrictive. E. Correct: This setting will allow all users who access the folder from across the network to have read access. With no other share permissions assigned, the Man agers will not have any additional access to the files outside the context of their being in the Network entity group. F. Incorrect: The interactive permission, although it can be set, does not have any effect for users attaching across the network. The Interactive entity group is for users who log on locally at the console of the computer. G. Incorrect: This setting will allow the Managers to change the files from across the network, which violates the requirements: the Managers are only to be able to read and modify files when they are logged on locally to the computer. 4. Correct Answers: B, D, and E A. Incorrect: The $ in the share name hides the share from the browse list, but does not affect the permissions of the share available from the network. Although any shares created by the operating system as hidden shares to the root of a drive are configured with Administrator-only access permission, any hidden shares created manually do not have the Administrator-only access permissions set. B. Correct: The combination of Full Control shared folder permissions and Read, Write NTFS permissions allow for access from the network by Authenticated Users. C. Incorrect: Users do not have Delete or Modify permissions, which are required to delete files. D. Correct: The NTFS Modify permission allows Managers to delete files. E. Correct: The NTFS Write permission allows Authenticated Users to write files to the folder. F. Incorrect: The NTFS Read, Write permissions are insufficient to allow modifica tion of file ownership. G. Incorrect: The NTFS Modify permission is insufficient to allow modification of file ownership. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-10 Chapter 16 Managing and Maintaining Access to Resources (3.0) Objective 3.2 Troubleshoot Terminal Services Terminal Services has unique permission and configuration settings compared with share permissions on other resources. The use of Terminal Services requires User Rights (log on locally, for example) for the computer on which Terminal Services is running in addition to the explicit permission to use Terminal Services. In Windows Server 2003, all these rights and permission for the use of Terminal Services are given to the Remote Desktop Users group. The settings in Terminal Services for Remote Control, home directory, application startup, and profile settings should not be confused with the permissions and User Rights needed to access Terminal Services. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.2 Troubleshoot Terminal Services 16-11 Objective 3.2 Questions 1. You have configured several users to be able to connect to Server01 through Terminal Services, and have modified the default configuration with the Terminal Services Con- figuration console to allow for redirection of client printers. The goal is for all users of the Terminal Server to be able to print to print devices configured on their local com puter from their Terminal Server session. The users, however, report that they are unable to print to their locally configured print devices. What should you do to correct the problem? A. Enable the Client/Server data redirection setting in Group Policy for each Terminal Server client computer. B. Enable the Client/Server data redirection setting in Group Policy for the Terminal Server computer. C. Instruct the user to install the local printer from within their Terminal Server session. D. Use a logon script for the users’ Terminal Server session to add the printer. 2. You have configured several client computers with the Terminal Service client, Remote Desktop Connection, and have configured a Terminal Server in Remote Desktop for Administration (default) mode. When the users attempt to connect to the Terminal Server, they receive an error message stating that the local policy of this system does not permit them to log on interactively. What should you do to correct the problem? A. Add the users to the Remote Desktop Users group. B. Configure the User Right to Log on locally on the Terminal Server for each user. C. Enable the Group Policy setting for Client/Server data redirection. D. Enable the Terminal Services Remote Control setting for each user. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-12 Chapter 16 Managing and Maintaining Access to Resources (3.0) 3. A user has sent you a request, by e-mail, for a Remote Assistance session. You attempt to connect to the user’s computer to establish the Remote Desktop session, but cannot establish the network connection. You are able to connect to the user’s computer to access the file system through the C$ share. What is the most likely cause of the problem? A. Your user account is not a member of the local Administrators group on the user’s computer. B. You do not have the Terminal Services client installed on your computer. C. Port 3389 is not open on the firewall between your network segment and the net- work segment that the user’s computer is on. D. The user’s account in Active Directory is configured so as not to allow Remote Control. 4. All computer users in your company access several applications through a single Ter minal Server, Server01, located on the same Local Area Network segment. You are run ning a Windows Server 2003 Active Directory and DNS, and the Terminal Server is a Windows Server 2003 server. At the end of business on the previous day, you renamed the Terminal Server to App1. You verified that the server was reachable using its new name through Terminal Ser vices both as administrator and as a regular user, and through Windows Explorer. This morning, all users report that they cannot connect to the Terminal Server. You ver ify that connection to the Terminal Server is possible through Windows Explorer, but that user connection through Terminal Services is not possible. You are able to connect to the Terminal Server as Administrator. What is the most likely cause of the problem? A. The Terminal Server entry in DNS needs to be refreshed. B. The Terminal Server connection permissions need to be refreshed. C. A Terminal Services Licensing Server needs to be installed and configured. D. The Terminal Server needs to be restarted. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 3.2 Troubleshoot Terminal Services 16-13 5. You attempt to connect to Server01 through the Remote Desktop for Administration cli ent, but receive a message that you cannot connect because the number of concurrent connections has been exceeded. You can connect with the Remote Desktop for Administration client to Server02, Server03, and Server04, which are member servers in the same domain. You have administrator privileges on each of these servers. Server01 is not physically accessible to you, as it is in a remote location. What steps should you take to resolve the problem? (Select all that apply.) A. Connect to Server02 with the Remote Desktop for Administration client. B. Connect to Server01 from the Terminal Services session on Server02 with the Ter minal Services Manager. Disconnect one of the Remote sessions. C. Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client. Disconnect one of the Remote sessions. D. Open the Server01 Properties dialog box from Active Directory Users And Com puters. Configure Server01 to deny Terminal Services connections, and then reconfigure Server01 to allow Terminal Services connections. E. Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client. Open the System properties page for Server01 and configure Server01 to deny Remote Desktop Connections, and then reconfigure Server01 to allow Remote Desktop Connections. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
16-14 Chapter 16 Managing and Maintaining Access to Resources (3.0) Objective 3.2 Answers 1. Correct Answers: A A. Correct: Although set to Not Configured by default, if set to Disabled, this Group Policy setting will override the Terminal Server console settings for the property of data redirection. Changing this policy from Disabled to Enabled will correct the problem. B. Incorrect: This Group Policy setting is for local computer behavior during a Ter minal Services session from that computer. Enabling this setting for the Terminal Server computer would control outgoing Terminal Server sessions from that con- sole, not incoming from the client computers as required here. C. Incorrect: This would configure a network printer connection to the local com puter, which is not what the circumstance requires. Additional steps to share and set permissions for the printer from the local computer would have to be taken. D. Incorrect: This would configure a network printer connection to the local com puter, which is not what the circumstance requires. Additional steps to share and set permissions for the printer from the local computer would have to be taken. 2. Correct Answers: A A. Correct: The Remote Desktop Users group has the appropriate configuration and rights to allow access to the Terminal Server. B. Incorrect: This setting will remove one of the barriers to the user’s connecting to the Terminal Server, but there are permissions for connection to the Terminal Server itself that still must be set. Additionally, this action would allow the user to log on locally to the console as well, which may not be desired. C. Incorrect: This setting is for controlling how printer and drive redirection is accomplished within a user session, not for configuring logon access to the ses sion itself. D. Incorrect: This setting is for controlling how Remote Control can be used on an established Terminal Services session, not for the logon access to the session itself. 3. Correct Answers: C A. Incorrect: This is not the case, seeing as you are able to establish a connection to an administrative share point (C$) on the user’s computer. B. Incorrect: The Terminal Services client is not involved in a Remote Assistance session. The Windows Messenger Services are responsible for handling the estab lishment and usage of a Remote Assistance session. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.