Testlet: Lucerne Publishing
You need to recommend a solution for managing the service accounts for SQL1 and SQL2. The solution must
meet the company’s security requirements.
What should you include in the recommendation?\r\n
COMPANY OVERVIEW
Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch
office is located in San Francisco. The main officehas a satellite office located in Boston. The company has
7,500 users.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named
lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the SanFrancisco office run either Windows Vista or Windows
XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows
XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.
The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode.
The Boston office has no servers. The Boston officeconnects to the New York office by using a dedicated
hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS
Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development
costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates
before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD
Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following securityrequirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changedevery 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.
A.
Configure the service accounts as standard user accounts and perform manual password changes as
required.
B.
Configure the service accounts as managed serviceaccounts.
C.
Configure the service accounts as standard user accounts and use a Password Settings object (PSO) to
allow different password settings.
D.
Configure the service accounts as virtual accounts.
“A” – Configure the service accounts as standard user accounts and perform manual password changes as required.