Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional.
The network contains an enterprise certi?cation authority (CA).
You enable key archival on the CA. The CA is con?gured to use custom certi?cate templates for Encrypted File System (EFS) certi?cates.
All users plan to encrypt files by using EFS.
You need to ensure that the private keys for all new EFS certi?cates are archived.
Which snap-in should you use?
A.
Share and Storage Management
B.
Security Configuration wizard
C.
Enterprise PKI
D.
Active Directory Administrative Center
E.
Certification Authority
F.
Group Policy Management
G.
Certificate Templates
H.
Authorization Manager
I.
Certificates
Explanation:
http://technet.microsoft.com/en-us/library/cc730721.aspxhttp://technet.microsoft.com/en-us/library/cc730721
I think answer G is right. You configure a recovery agent in the Certificate Authority. You generate a custom template of the Basic EFS Template with Certificate Templates. On the property of the custom EFS Template there’s an option to archive the private key. All certificates of new user are archived. -> Certificate Template
Read the question carefully. “You enable Key archival on the CA..” Archival has been enabled and the certificate template created already. To ensure that users all get this certificate and archive their keys…I’d go for the group policy management answer to push out that certificate to all users. (F)
Actually scratch that, you do need to enable it on the certificate first. G it is!
Oops, scratch that, you do still need to enable it on the certificate template. Answer G it is then!
You need to ensure that the private keys for all new EFS certi?cates are archived.So You would need to this this on the template ,yes G is correct