Microsoft-Implementing and Administering Security in a Microsoft Windows Server 2003 Network

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only lT administration personnel have physical access to. You need to restrict members of a group named Contractors from connecting to the file server computers. All other employees require access to these computers. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers and servers run Windows Server 2003. All computers are members of the domain. The domain contains 12 database servers. The database servers are in an organizational unit (OU) named DBServers. The domain controllers and the database servers are in the same Active Directory site. You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU. You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All servers are members of the domain. The company plans to deploy a new application named App1. The application runs on servers. To test the compatibility between App1 and other applications that run on the servers, you need to change several file and registry permissions in the Windows folder on the servers. A security template named TestPerms contains the file and registry permissions that need to be set for the application testing. You create a new Group Policy object (GPO) named TestApp. You import the TestPerms security template into the TestApp GPO. You link the TestApp GPO to an organizational unit (OU) that contains only the servers that are used for the test. You need to ensure that the file and registry permissions are set to the permissions in the TestPerms security template only during application testing. What should you do when the application testing ends?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Users are in the marketing, sales, or production department. A high-performance color print device named ColorPrinter1 is attached to a server named Server1. ColorPrinter1 is shared by the users in the marketing department. Only users in the marketing department are permitted to print documents on ColorPrinter1. Melanie is a user in the marketing department. Melanie is responsible for ensuring that print jobs on ColorPrinter1 print properly. She is also responsible for replacing paper and for general print device maintenance. Melanie is not permitted to modify the printer itself. You need to configure permissions for ColorPrinter1. You create a global group named Marketing. You add all marketing users to the Marketing global group. What else should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Administrators in your company use scripts to perform administrative tasks when they troubleshoot problems on client computers. They connect to the Telnet service on client computers when they run these scripts. For security reasons, All Telnet traffic is encrypted by using an IPSec policy. In addition, the Telnet service is configured for manual startup on all client computers. Administrators manually start and stop the Telnet service when they perform administrative tasks. Administrators report that they sometimes cannot start the Telnet service on client computers. You examine several client computers and discover that the Telnet service is disabled. You need to ensure that administrators can troubleshoot problems on client computers at all times. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All computers are members of the domain. The company's written security policy states that all servers must have the security settings that are specified in a security template named Verify.inf. The Verify.inf security template is copied to the Systemroot\Security \Templates folder on each server. You need to verify that the servers on the network meet the requirements in the written security policy. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. Servers on the network run Windows Server 2003. All servers are in an organizational unit (OU) named Servers, or in OUs contained within the Servers OU. Based on information in recent security bulletins, you want to apply settings from a security template named Messenger.inf to all servers on which the Messenger service is started. You do not want to apply these settings to servers on which the Messenger service is not started. You also do not want to move servers to other OUs. You need to apply the Messenger.inf security template to the appropriate servers. What should you do?

You are a security administrator for your company. The network consists of two Active Directory domains. These domains each belong to separate Active Directory forests. The domain named graphicdesigninstitute.com is used primarily to support company employees. The domain named fineartschool.net is used to support company customers. The functional level of all domains is Windows Server 2003 interim mode. A one-way external trust relationship exists in which the graphicdesigninstitute.com domain trusts the fineartschool.net domain. A Windows Server 2003 computer named Server1 is a member of the fineartschool.net domain. Server1 provides customers access to a Microsoft SQL Server 2000 database. The user accounts used by customers reside in the local account database on Server1. All of the customer user accounts belong to a local computer group named Customers. SQL Server is configured to use Windows lntegrated authentication. Your company has additional SQL Server 2000 databases that reside on three Windows Server 2003 computers. These computers are member servers in the graphicdesigninstitute.com domain. The company's written security policy states that customer user accounts must reside on computers in the fineartschool.net domain. You need to plan a strategy for providing customers with access to the additional databases. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

You are a security administrator for your company. The network consists of an Active Directory forest that contains two domains. The domains are named treyresearch.com and litwareinc.com. All Active Directory domains are running at a Windows Server 2000 mixed mode functionality level. Employees in the help desk department need to modify certain attributes of employee user accounts that reside in the treyresearch.com domain. The help desk department user accounts reside in the litwareinc.com domain. You need to create a single group named Help Desk that contains all help desk department user accounts and that can be granted access to modify the employee user accounts in the treyresearch.com domain. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. Users store files on a server named Server1. These files are confidential and must be encrypted at all times while on Server1. You configure a new certification authority (CA) and issue certificates that support Encrypting File System (EFS) to all users. Users report that they cannot encrypt files that are stored on Server1. They report that they can encrypt files that are stored locally on their client computers. You need to ensure that users can encrypt files that are stored on Server1. What should you do?