The ABC.com network consists of a single Active Directory domain named ABC.com.
You deploy an enterprise certification authority (CA) on a Windows Server 2003 computer named
ABC-CA1. The primary purpose of the CA is issue company users with digital certificates to
enable them to authenticate with the new company Intranet website.
You create a new certificate template named Web Authentication. You enable the Web
Authentication certificate template on ABC-CA1 and configure the default domain group policy so
that users who log on to the domain receive a Web Authentication certificate.
The following morning users complain that they do not have certificates which can be used to
authenticate to the Intranet Web site.
How can you ensure the users are issued with a certificate?
A.
By configuring ABC-CA1 to be an Enterprise Subordinate CA of a public CA such as Verisign.
B.
By modifying the permissions of the Web Authentication certificate template to give the Domain
Users group the Allow � Autoenroll permission.
C.
By adding your Domain Admin user account to the Cert Managers group in Active Directory.
D.
By configuring the Default Domain Controllers GPO to assign the certificates to users when
they log on.
Explanation:
For users to request certificates from an enterprise CA, they must have permission
to use the templates corresponding to the certificates they need.
Reference:
Dan Holme, Orin Thomas; MCSA/MCSE Self-Paced Training Kit: UABCrading Your Certification
to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a
Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press,
Redmond, Washington, 2004, pp. 25-14.