ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 4 question 25 discussion

Actual exam question from Microsoft's MD-100
Question #: 25
Topic #: 4
[All MD-100 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:

Lab Instance: 11145882 -


You need to ensure that all the current and future users in the Active Directory domain can establish Remote Desktop connections to Client1. The solution must use the principle of least privilege.
To complete this task, sign in to the required computer or computers.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
Step 1. Add Remote Desktop Users to the Remote Desktop Users Group.
1. Open Server Manager.
2. From Tools menu, select Active Directory Users and Computers
3. Double click at your domain on the left and then select Builtin.
4. Open Remote Desktop Users on the right pane.
5. At Members tab, click Add.
6. Type the AD users that you want to give Remote access to the RDS Server and click OK.
7. After selecting the remote desktop users, click OK again to close the window.
Step 2. Allow the log on through remote desktop Services.
1. Open Group Policy Editor. To do that:
a. Simultaneously press the Windows
+ R keys to open run command box.
b. Type gpedit.msc and press Enter.
2. In Group Policy Editor navigate to: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
3. At the right Pane: double click at Allow log on through Remote Desktop Services.
4. Click Add User or Group.
5. Type remote and then click Check Names.
6. Select the Remote Desktop Users and click OK.
7. Click OK at 'Select users, computersג€¦' window.
8. Finally click OK again and close Group Policy Editor.
Reference:
https://www.wintips.org/fix-to-sign-in-remotely-you-need-the-right-to-sign-in-through-remote-desktop-services-server-2016/
by Anthony_2770 at Oct. 27, 2020, 5:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AnoniMouse
Highly Voted 3 years, 11 months ago
The question asks: [the current and future users in the Active Directory domain can establish Remote Desktop connections to Client1] let me say it again slowly... TO CLIENT1... not to the whole world and all computers of the domain. By default, Administrators have remote access even if they are not specified explicitly. So it is sufficient to connect to Client1, and add DOMAIN USERS to the local group of client1 called [Remote Desktop Users]. End of the story
upvoted 35 times
Miki77
2 years, 1 month ago
can we do this using Computer Management ?
upvoted 1 times
...
...
redadz
Highly Voted 4 years, 5 months ago
STEP1 in the Solution must be done on CLIENT1 not DC. Add domain users to Remote Desktop Users Security Group
upvoted 6 times
amymay101
4 years, 4 months ago
yes I agree, this has to be done on client1 not the domain controller
upvoted 1 times
Junhhhch
4 years, 1 month ago
Why do you guys think it has to be done on Client1? it is editing permissions for domain users(groups). it doesn't really matter where it has done
upvoted 2 times
...
...
...
dlast
Most Recent 2 years, 1 month ago
Domain Users need to be added to the local Remove Desktop Users group. Adding Domain Users to the locale policy "Allow log on through Remote Desktop Services" is not enough, because the "Remote Desktop Users" group will also provide policy right "Access this computer from the network".
upvoted 1 times
...
flabezerra
2 years, 6 months ago
Client1 > Computer Management > Local Users and Groups > Groups > Remote Desktop Users This is exactly the principle of least privilege. Domain > Active Directory Users and Groups > Builtin > Remote Desktop Users This could not be the principle of least privilege because it would involve all computers of the domain. LGPO > Computer Configuration > Allow log on through Remote Desktop Services You won't need to touch anything there, because the Remote Desktop Users group is already allowed inside there.
upvoted 2 times
...
Barrybobslee_111
2 years, 8 months ago
1. Connect to Client1 2. Open Settings 3. Enable Remote Desktop 4. Open “Select Users that can remotely access this PC” 5. Add “Domain Users” Note: Remote Desktop Users is already added to “Allow log on through Remote Desktop Services” by default.
upvoted 1 times
...
ChristiaanM
2 years, 10 months ago
You need to ensure that all the current and future users in the Active Directory domain can establish Remote Desktop connections to Client1. The solution must use the principle of least privilege. To complete this task, sign in to the required computer or computers.
upvoted 1 times
...
raduM
2 years, 10 months ago
add domain user to client1 remote desktop users
upvoted 1 times
...
adeshtall
3 years, 2 months ago
Guys this question states "all the current and future users in the Active Directory domain" we are dealing with users in active directory domain who can remote to client 2 , we need to configure in the domain and also on client 2 computer.
upvoted 2 times
...
BAbdalla
3 years, 8 months ago
The solution must be applied only Client1 guys! The Correct is connect in Client1 and Add Domain Users (default domain group that have all users of domain) in Remote Desktop Users (default local group of Client1 that enable users to connect remotly in this PC). It's very easy and simple. If you configure like the explanation, you will are enabling access remote for all users in all computers of domain and the principle of least privilege will be forgoted.
upvoted 3 times
...
OnyxxOr
3 years, 9 months ago
So it seems the group policy OR the settings app routes are fine (according to comments)... I think the principle of least privilege is key and addressed by not going for Domain Users (Which was my feeling too) in the Remote Desktop Users group but rather selecting the Domain's Remote Desktop Users group. The RDP config part though pretty much depends on if the Lab marking is clever enough to know the various ways to skin this cat?
upvoted 1 times
...
vasskliss
4 years ago
Settings/System/Remote Desktop/User Accounts/Select users/Add Domain Users OR gpedit/computer configuration/windows settings/security settings/local policies/user rights assignment/allow log on through remote desktop services/add user or group/add domain users Which is right?
upvoted 1 times
...
ad2531
4 years, 4 months ago
do you also need to put domain administrators in too?
upvoted 1 times
...
Anthony_2770
4 years, 6 months ago
The solution does not address future users as well. It appears that the whole users group needs to be added to Remote Desktop Users in ADUC.
upvoted 2 times
Anthony_2770
4 years, 5 months ago
I meant add in domain users to the Remote Desktop Users in ADUC. This addresses the issue of all current users and future users being able to access Remote Desktop
upvoted 3 times
Perycles
4 years ago
...and don't forget to active Remote Desktop on computer 2 , not only add Domain Users in Remote Desktop Group.
upvoted 1 times
...
...
forummj
4 years, 6 months ago
Settings – System – Remote Desktop – User Accounts – Select users… – Add Domain Users This will be all users current or future as long as they are on the Domain.
upvoted 20 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago