|
Posted by djc on April 21, 2006, 9:13 am
Please log in for more thread options
ok. Thanks for the clarification, and the verification that I am on track
and that there are many people (who unfortunately work for companies like
Transcender and MeasureUP - practice exam providers) who have this wrong.
I share your issue with how a lot of these questions are crafted. The rule
of thumb I was told was that if it doesn't say anything about a config
consider them all at the defaults. I would say that helps sometimes but not
all...
anyway, I may be wrong but the way I understand it the fact that the domain
'builtin' Backup Operators group does not have domain affinity means it
*can't* be used anywhere in the domain except on domain controllers
themselves. I see it as the core relevant fact that makes the statement
incorrect, not detractor info. You *can't* directly configure the domain
'builtin' Backup Operators group with the right to backup/restore on a
member server. The group would not even be available to select. It's not
available for use outside of a DC.
I could be wrong but thats how it was explained to me before.
Thanks again for your input and helping me verify that that statement (which
I have seen several times) is wrong. I appreciate it.
>> Hi Roger,
>> I appreciate the reply but I have no idea what you are saying. I think
>> the answer is a yes/no type. Or, if its a 'depends on the situation' type
>> of answer then an explanation usually follows. ;)
>>
>> any further clarification?
>>
>
> . . . only that the statement is incorrect if the members are in the
> configuration
> they are left in by default. That Backup Operators is a built-in domain
> local
> group with a well-known SID is just detractor information - not really
> relevant.
> There are only two groups from a domain that get added to a member's
> groups or other rights/privileges when the member joins: Domain Admins
> gets added to the member's Administrators and Domain Users to its Users.
> Neither of these have bearing on backup rights. Hence, if the members of
> Backup Operators have any permission to back up a member it must be due
> to a custom configuration made after the join.
>
> You see, the problem I have with questions like the one you presented is
> that
> they (almost) never say "if things are as configured by install" or "...
> as left by
> the domain joining". So, as stated, it may or may not work as they say,
> it all
> depends on how the machine have or have not been configured.
>
> All I was saying is, if it is as the join leaves things, then no, the
> statement
> is bogus.
>
>
>>>>> "The Backup Operators group in Active Directory is a domain local
>>>>> group. If you add Joanne as a member of the domain Backup Operators
>>>>> group, she will have backup and restore rights on all member servers
>>>>> in the domain."
>>>>>
>>>>> this statement IS incorrect right?
>>>>>
>>>>
>>>> not in the default condition of a newly added member server
>>>>
>>> I guess that was less than clear. Response was assessment of quoted
>>> statement, not answer to posed question.
>>>
>>>
>>
>>
>
>
| 
XML Sitemap