M3 MRAT Flashcards
What are the two ways to administer users in Lync Server 2010?
Using the Lync Server Management Shell and the Lync Server Control Panel
What are the benefits of each tool for administering users?
Lync Server Control Panel is a wizard-based UI that enables you to easily view all the policies applied to a given user or set of users. Lync Server Management Shell enables you to run scripts to automate some of your common administrative tasks.
What security best practice can be achieved with RBAC?
Least privilege
What are the steps needed to create a new role?
First, create a universal security group in Active Directory that shares a name with the role. Then create the role in Lync Server by running the New-CsAdminRole cmdlet. Finally, limit the scope of the role.
What types of scoping are available for new roles?
First, create a universal security group in Active Directory that shares a name with the role. Then create the role in Lync Server by running the New-CsAdminRole cmdlet. Finally, limit the scope of the role.
In what situation does RBAC not apply?
A user working directly on a server running Lync Server 2010 is not restricted by RBAC.
http://admin. returns
“404 not found”
Verify the simple URL assigned to Lync Server Control Panel.
Lync Server Control Panel requires authentication
Use Microsoft Internet Explorer® and add a simple URL to trusted sites.
Error with Lync Server 2010 cmdlet
Use Get-Help and Get-Help -Examples to get more detail on the cmdlet.
Cannot create new role
Verify membership in CsAdministrator.
You are troubleshooting at a client machine and need to adjust some Lync Server 2010 settings on the user’s account. What administrative tool would you use to manage the user’s account and why?
The Lync Server Control Panel. The Lync Server Control Panel is a web-based administrative tool, so you could connect to the Lync Server Control Panel from this user’s client machine to make the necessary user configuration changes quickly and easily.
You are enabling a batch of 200 user accounts for Lync Server 2010. You have a comma-delimited file that contains the user’s SAM account name and phone number. What administrative tool would allow you to create the user accounts efficiently and accurately?
The Lync Server Management Shell. The Lync Server Management Shell allows scripts to be run for user management, administration and automation.
Your company has two locations. Executives and administrative staff are in one location and all other roles are in the other location. You have hired a Lync Server 2010 administrator dedicated to supporting the executive staff. You are following best practices and creating an RBAC role. How would you scope the RBAC role? Why?
You would limit the scope of the custom RBAC role to only administer the Executive users’ OU, as follows:
New-CsAdminRole -Identity “Executive Users Administrator” -Template CsUserAdministrator -UserScopes “OU:OU=Executives, OU=Lync Tenants, DC=Domain, DC=com”
The Executive Users Administrator security group must first be created
You are locking down the security on your Lync Server 2010 servers. What roles should be allowed to access the server by usingRemote Desktop? Why?
Only CSAdministrator and CSServerAdministrator groups. RBAC restrictions work only on administrators working remotely, using either the Lync Server Control Panel or Lync Server Management Shell. A user sitting at a server running Lync Server is not restricted by RBAC, or using Remote Desktop
