You need to implement Encrypting File System (EFS) for all client computers

Your network consists of an Active Directory domain. The domain controllers run Windows Server 2008 R2.
Client computers run Windows 7.
You need to implement Encrypting File System (EFS) for all client computers.
You want to achieve this goal while meeting the following requirements:
You must minimize the amount of data that is transferred across the network when a user logs on to or off
from a client computer.
Users must be able to access their EFS certificateson any client computers.
If a client computer’s disk fails, EFS certificatesmust be accessible.
What should you do?

Your network consists of an Active Directory domain. The domain controllers run Windows Server 2008 R2.
Client computers run Windows 7.
You need to implement Encrypting File System (EFS) for all client computers.
You want to achieve this goal while meeting the following requirements:
You must minimize the amount of data that is transferred across the network when a user logs on to or off
from a client computer.
Users must be able to access their EFS certificateson any client computers.
If a client computer’s disk fails, EFS certificatesmust be accessible.
What should you do?

A.
Enable credential roaming.

B.
Enable roaming user profiles.

C.
Enable a Data Recovery Agent.

D.
Issue smart cards to all users.

Explanation:
CREDENTIAL ROAMING
Credential roaming allows X.509 certificates, certificate requests, and private keys specific to a user in AD DS
to be stored independently from the user profile and used on any computer on the network.
Digital certificates and private keys involve comparatively small amounts of data that need to be stored in a
secure manner. Credential roaming policy provides ameans for managing the use of these credentials on
multiple computers in a manner that addresses the secure storage and size requirements of digital certificates
and private keys. In Windows Server 2008 R2 and Windows Server 2008, credential roaming policy includes
stored user names and passwords as well as certificates and keys.
Domain controllers should be running Windows Server2003 SP1 or later (at least one running 2008 or 2008
R2). Clients used for credential roaming must also be running Windows XP SP2 or later, and Windows Server
2003 SP1 or later.
http://technet.microsoft.com/en-us/library/cc754877.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *