You enable key archival on the C

Your network contains an Active Directory domain named adatum.com. All servers run
Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You enable key archival on the C

Your network contains an Active Directory domain named adatum.com. All servers run
Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You enable key archival on the C

A.
The CA is configured to use custom certificate templates for Encrypted File System (EFS)
certificates.
All users plan to encrypt files by using EFS.
You need to ensure that the private keys for all new EFS certificates are archived.
Which snap-in should you use?
Share and Storage Management

A.
The CA is configured to use custom certificate templates for Encrypted File System (EFS)
certificates.
All users plan to encrypt files by using EFS.
You need to ensure that the private keys for all new EFS certificates are archived.
Which snap-in should you use?
Share and Storage Management

B.
Security Configuration wizard

C.
Enterprise PKI

D.
Active Directory Administrative Center

E.
Certification Authority

F.
Group Policy Management

G.
Certificate Templates

H.
Authorization Manager

I.
Certificates

Explanation:
http://technet.microsoft.com/en-us/library/cc753826.aspx
Configure a Certificate Template for Key Archival
The key archival process takes place when a certificate is issued. Therefore, a certificate
template must be modified to archive keys before any certificates are issued based on this
template.
Key archival is strongly recommended for use with the Basic Encrypting File System (EFS)
certificate template in order to protect users from data loss, but it can also be useful when
applied to other types of certificates.
To configure a certificate template for key archival and recovery
1. Open the Certificate Templates snap-in.
2. In the details pane, right-click the certificate template that you want to change, and then
click Duplicate Template.
3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of
your certification authorities (CAs) and client computers are running Windows Server 2008
R2, Windows Server 2008, Windows 7, or Windows Vista.
4. In Template, type a new template display name, and then modify any other optional
properties as needed.
5. On the Security tab, click Add, type the name of the users or groups you want to issue the
certificates to, and then click OK.
6. Under Group or user names, select the user or group names that you just added. Under
Permissions, select the Read and Enroll check boxes, and if you want to automatically issue
the certificate, also select the Autoenroll check box.
7. On the Request Handling tab, select the Archive subject’s encryption private key check
box.



Leave a Reply 0

Your email address will not be published. Required fields are marked *