What else should you do to ensure that only users in the marketing department trust certificates issued by this CA?

You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators.
You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA.
You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA. Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit. (Click the Exhibit button.) Other users in the marketing department do not report receiving the error.
You need to ensure that users in the marketing department do not continue to receive this error message. You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.
What else should you do?

You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators.

You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA.

You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA. Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit.

Other users in the marketing department do not report receiving the error.

You need to ensure that users in the marketing department do not continue to receive this error message. You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.

What else should you do?

A.
Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. Publish the root CA’s root certificate in the Trusted Root Certification Authorities section of the GPO.

B.
Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.

C.
Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the Computer Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.

D.
Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the root CA’s certificate.



Leave a Reply 0

Your email address will not be published. Required fields are marked *