Active Directory Permissions for Horizon Environment | 3V0-752 Exam Answer

Minimum Permission Requirements for Delegating to an AD Service Account

Question

An architect is designing Active Directory (AD) permissions for a Horizon environment that will use pre-existing computer accounts.

The AD Security Team has restrictions about the use of service accounts.

What two sets of minimum permission are needed to delegate to an AD service account? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

BC.

https://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.administration.doc%2FGUID-ED99E026-5D70-4ADF-B4BC-

In a Horizon environment that uses pre-existing computer accounts, Active Directory (AD) permissions need to be set to allow access to these accounts. However, the AD Security Team may have restrictions on the use of service accounts, which means that certain minimum permissions need to be delegated to an AD service account. The question asks for two sets of minimum permissions that are required for this purpose.

Option A: Create Computer Objects, Delete Computer Objects These permissions are used to create and delete computer objects in Active Directory. While they may be necessary for some scenarios, they are not required for a service account that is used to manage pre-existing computer accounts.

Option B: List Contents, Read All Properties These permissions allow a user or service account to view the properties and attributes of an object in Active Directory. In this case, the service account needs to be able to read the properties of the pre-existing computer accounts in order to manage them. Therefore, this set of permissions is a possible answer.

Option C: Read Permissions, Reset Password The "Read Permissions" permission allows a user or service account to view the permissions that have been set on an object in Active Directory. The "Reset Password" permission allows a user or service account to reset the password of an object in Active Directory. While these permissions may be necessary in some scenarios, they are not required for managing pre-existing computer accounts.

Option D: Write Permissions, Change Password The "Write Permissions" permission allows a user or service account to modify the permissions that have been set on an object in Active Directory. The "Change Password" permission allows a user or service account to change the password of an object in Active Directory. While these permissions may be necessary in some scenarios, they are not required for managing pre-existing computer accounts.

Therefore, the two sets of minimum permissions that are needed to delegate to an AD service account for managing pre-existing computer accounts are:

  1. List Contents, Read All Properties
  2. Read Permissions, Reset Password

Note that other permissions may be required depending on the specific needs of the Horizon environment and the AD Security Team's restrictions.