Exam Prep Questions

An administrator has defined a MetaFrame user policy that she wants to apply to all users who belong to the Customer Service group. When she logs on as a member of this group , the defined rules are not being applied as expected. Why might the policy rules not be applied properly? (Choose all that apply.)

Answers A and D are correct. If a policy with a higher priority explicitly disables these policies, the net result is that the policy is canceled out and the configuration change is not applied to the user's session. It is also possible that the policy itself has a status set to Disabled. In this case, the policy is completely ignored and no rules are applied. Answer B is incorrect because a lower-priority policy rule takes precedence only if a higher-priority rule is set to Not Configured. Answer C is incorrect because such a setting does not exist in the server farm properties. All aspects of MetaFrame user policies are managed through the Policies object in the Management Console for MPS.

The following table shows three policies, their ranking as shown in the Management Console, and the state defined for the rule Turn Off Desktop Wallpaper. Assuming that the desktop wallpaper behavior has not been modified by any other group policy or Terminal Server setting, what would the rule's final state be if a user had User Policy #1 and User Policy #2 applied during his or her logon to the farm?

Answer B is correct. Because User Policy #1 has a higher ranking than User Policy #2, the state of the rule defined in User Policy #1 ultimately dictates what the setting will be. Answer A is incorrect because the filter does not apply User Policy #3 to the user. Answer C is incorrect for the same reason that Answer B is correct.

The following table shows three policies, their ranking as shown in the Management Console, and the state defined for the rule Turn Off Client Printer Mapping. Assuming that client printer mapping is enabled for all users and that no other group policy modifies this setting, what would the rule's final state be if a user was assigned all three user policies?

Answer A is correct. Even though User Policies #1 and #2 have a higher ranking than User Policy #3, neither one has this rule defined. The not configured state has no effect on a policy setting (enabled or disabled) made lower down in the policy ranking.

Because of this, User Policy #3 enables turning off client printer mapping, and no other policy overrides this setting.

Bob, the administrator, has configured his MetaFrame environment to allow sales staff on the road to connect into the environment via the Web Interface for MetaFrame Presentation Server. This configuration allows these users to connect from any device, whether from their laptop or a remote PC. To help secure the environment, Bob wants to set up user policies that take effect when the sales staff attempt to connect remotely. Knowing that the internal network is 192.168.10.0 and that users connect both internally and externally using the Web Interface, choose all the filters listed that would need to be applied to ensure that this policy is applied only when the users connect remotely.

Answers A and B are correct. The IP Address range ensures that if a user is connecting from an IP address located on the internal network, the extra security settings are not enforced. Likewise, using the wildcard WI_* ensures that all Web Interface clients otherwise receive the policy settings defined. Answer C is not a valid server setting and is therefore incorrect. Answer D, while a valid setting, would effectively deny anyone from accessing this policy, counteracting the settings that should apply to Web Interface users who are connecting externally.

Given the following list, select all that are valid MetaFrame user policy rules.

Answers A, B, and C are correct. These three answers represent valid MetaFrame user policy rules. Answer D is incorrect. There are Port rules to turn off COM and LPT ports, but no rule exists to turn off USB ports.

As part of your MetaFrame implementation, you have configured the default shadowing for your server not to display a notification to the user, and to allow remote input. The environment requires that shadowing be configured so that users in the Customer Service group can be shadowed by Terminal Server Administrators (who have full administrator access to the MetaFrame server) without being prompted to accept the request. At the same time, you must ensure that the two managers Alice and Bob, who are also in the Customer Service group, receive notification when they are being shadowed . From the following list, select the filter that would correctly, and most effectively, configure this scenario.

Answer D is correct. Because shadowing has been configured by default on the server not to require notification, and because the administrators have access to shadow users on a MetaFrame server, the only policy rule that must exist is one that will force the managers to be notified when a shadow request is being initiated. Answer D does this by filtering on the two managers (Alice and Bob) and then setting the rule that shadowing is prohibited without first notifying the user.

Answer A actually creates a rule that allows members of the Customer Service group to shadow Terminal Server Administrators without the administrators being prompted. The only two users who cannot do this are the two managers, Alice and Bob. Answer B modifies shadowing so that members of the Customer Service group are notified before shadowing. Even though Alice and Bob are granted access to shadow Customer Service users, the fact that this policy is denied for Customer Service members means that the managers effectively have no access to perform shadowing. The Deny privilege overrides the Allow privilege. Answer C does the exact opposite of what we want. Instead of ensuring that only managers receive the notification, this rule would ensure that all members of the Customer Service group required notification, with the exception of the two managers, who would not receive this policy because they were omitted from the filter with the Deny setting.

A policy called Lockdown has been created, and the following filter settings have been defined:

• IP address range: Not defined.

• Client names : SECURE01, SECURE02, WI_*

• Server: DEVMF01

• User names: DEVAD\todd, DEVAD\ linda , DEVAD\liane

Choose the following search criteria that will allow you to successfully determine the resultant set of policies for a client.

Answer D is correct. To ensure that you do not have any partial results returned from the search, you must provide all the necessary information, even if none was included when creating the filter for the policy. Answer A is incorrect because the IP Address was omitted. Answer B is incorrect because SECURE* is an invalid client name when searching. The wildcard character is valid only when creating a filter for a policy. Answer C is incorrect because DEVAD\Domain Users will return no results; the reason is that the policy was not filtered on that group but was filtered only on the specific usernames Todd, Linda, and Liane.

When configuring ICA connections using the Citrix Connection Configuration tool, Adam, the administrator, disabled the display of desktop wallpaper. Now, within his policy called Wallpaper Exception, he has set the Visual Effects rule Turn Off Desktop Wallpaper to Disabled. But when he logs on as a user who should be assigned the policy, the desktop wallpaper is still not displayed. Select all the valid reasons why this policy is not taking effect.

The only valid answer for this question is C. Because the desktop wallpaper has been turned off at the connection level, it will remain off, regardless of the policies that are implemented. The Turn Off Desktop Wallpaper rule only turns off the wallpaper. It never turns it on. Although Answers A and B would be valid when dealing with policy troubleshooting, they are not valid reasons why the desktop wallpaper is not being displayed in this situation. Answer D is completely false. Users accessing a full desktop via the Web Interface would still see the desktop wallpaper if it was not disabled.

From the following statements regarding MetaFrame user policies, select the statements that are not true. (Select all that apply).

Answers B and C are both invalid. There is no such thing as a Default policy that is assigned to all users. Unless you create a policy, the system has no policies available by default. When new policies are created, they are automatically assigned the lowest available priority, not the highest. Answers A and D are both valid statements.

From the following statements regarding MetaFrame user policies, select the statements that are true. (Select all that apply.)

Only answer D is a truthful statement. The Auto Client Update feature can be turned off using the rule found under the Maintenance category. Answer A is invalid because Web Interface users can be filtered using the WI_* wildcard for client names. Answer B is invalid because MetaFrame does not allow you to type in server names when creating a filter. You must select it from the list provided. Answer C is also invalid because local MetaFrame server groups can be used when defining a policy filter.

A colleague asks you to help resolve an issue that she is having setting up the zone preference and failover option. Which of the following questions would you ask her to help troubleshoot the problem? (Select all that apply.)

Answers A, B, and D are all valid questions to ask. Zone preference and failover requires the Enterprise Edition of MPS, so if your colleague is running Standard or Advanced Edition, she cannot configure this option. To set this option, you must have configured the user policy properly. If the right filter is not in place, it will not behave as expected. Zone failover is supported only when there is more than one zone in the farm. When only a single zone is present, the option cannot be edited. Question C is the only one that you would not ask your colleague because no such option exists under the Properties for the server farm. All zone preference and failover settings are managed through MetaFrame user policies.