You need to ensure that only members of OU1 can run the Remote Desktop Protocol files

Your company has an Active Directory domain. The company runs Remote Desktop Services.
Standard users who connect to the Remote Desktop Session Host Server are in the TSUsers
organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to
the Remote Desktop Session Host Server. You need to ensure that only members of OU1 can run the
Remote Desktop Protocol files. What should you do?

Your company has an Active Directory domain. The company runs Remote Desktop Services.
Standard users who connect to the Remote Desktop Session Host Server are in the TSUsers
organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to
the Remote Desktop Session Host Server. You need to ensure that only members of OU1 can run the
Remote Desktop Protocol files. What should you do?

A.
Create a Group Policy object (GPO) that configures the Allow .rdp files from unknown publishers
policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the
TSUsers OU.

B.
Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and
users default .rdp settings policy setting in the Remote Desktop Client Connection template to
Disabled. Apply the GPO to the TSUsers OU.

C.
Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and
users default .rdp settings policy setting in the Remote Desktop Client Connection template to
Enabled. Apply the GPO to the TSAdmins OU.

D.
Create a Group Policy object (GPO) that configures the Specify SHA1 thumbprints of certificates
representing trusted .rdp publishers policy setting in the Remote Desktop Client Connection
template to Enabled. Apply the GPO to the TSAdmins OU.

Explanation:
To ensure that only members of the TermSerAdmin OU can run the Remote Desktop Protocol files,
you need to enable the Allow .rdp files from valid publishers and users default .rdp settings policy
setting in the Remote Desktop Client Connection template. This policy setting allows you to specify
whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with
a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as
the issuers in the client’s Third-Party Root Certification Authorities certificate store. This policy
setting also controls whether the user can start an RDP session by using default .rdp settings (for
example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying
an .rdp file). If you enable this policy setting, users can run .rdp files that are signed with a valid
certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC
client. When a user starts an RDP session, the user is asked to confirm whether they want to
connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid
certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and
specifying the remote computer name. When a user tries to start an RDP session, the user receives a
message that the publisher has been blocked Reference: Remote Desktop Connection Client
http://technet2.microsoft.com/windowsserver2008/en/library/76fb7e12-b823-429b-9887-
05dc70d28d0c1033.mspx?mfr=true



Leave a Reply 0

Your email address will not be published. Required fields are marked *