You need to ensure that User1 can connect to Server1 and authenticate to the domain

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 and has the Remote Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1 requires Challenge
Handshake Authentication Protocol (CHAP) for remoteconnections.
CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain.
What should you do from Active Directory Users and Computers?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 and has the Remote Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1 requires Challenge
Handshake Authentication Protocol (CHAP) for remoteconnections.
CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain.
What should you do from Active Directory Users and Computers?

A.
From the properties of Server1, select Trust this computer for delegation to any service (Kerberos only).

B.
From the properties of Server1, assign the Allowed to Authenticate permission to User1.

C.
From the properties of User1, select Use KerberosDES encryption types for this account.

D.
From the properties of User1, select Store password using reversible encryption.

Explanation:
The Store password using reversible encryption policy setting provides support for Applications that
useprotocols that require the user’s password for authentication. Storing encrypted passwords in a waythat
isreversible means that the encrypted passwords canbe decrypted. A knowledgeable attacker who is able
tobreak this encryption can then log on to network resources by using the compromised account. For this
reason,never enable Store password using reversibleencryption for all users in the domain unless
Applicationrequirements outweigh the need to protect password information.
If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or
InternetAuthentication Services (IAS), you must enable this policy setting. CHAP is an authentication
protocolthat is used by remote access and network connections. Digest Authentication in Internet Information
Services(IIS) also requires that you enable this policy setting.
If your organization uses CHAP through remote access or IAS, or Digest Authentication in IIS, you
mustconfigure this policy setting to Enabled. This presents a security risk when you App1y the settingthrough
GroupPolicy on a user-by-user basis because it requires the appropriate user account object to be opened in
ActiveDirectory Users and Computers.
http://technet.microsoft.com/pt-pt/library/hh994559%28v=ws.10%29.aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *