###BeginCaseStudy###
Case Study: 4
Woodgrove Bank
Scenario:
COMPANY OVERVIEW
Overview
Woodgrove Bank is an international financial organization.
Physical Location
The company has a main office and multiple branch offices.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains one Active Directory forest. A separate domain exists for each office.
Network Infrastructure
All offices have domain controllers that are configured as DNS servers. All client computers
are configured to connect to the DNS servers in their respective office only.
The main office has the following servers and client computers:
• One Windows Server Update Services (WSUS) server.
• Client computers that run either Windows XP Service Pack 3 (SP3) or Windows 7.
• Ten file servers that host multiple shared folders. The file servers run either Windows
Server 2003 or Windows Server 2008 R2.
• One domain-based Distributed File System (DFS) namespace that has two replicas.
The DFS servers run Windows Server 2008 R2. The DFS namespace is configured to use
Windows 2000 Server mode.
Each branch office has a WAN link to the main office. The WAN links are highly saturated.
Each office has a dedicated high-speed Internet connection.
All of the client computers in the branch offices run Windows 7.
User Problems
Users report that it is difficult to find the shared folders on the network.
REQUIREMENTS
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Deploy a new Application named App1 on each client computer. App1 has a
Windows Installer package and is compatible with Windows XP, Windows Vista, and
Windows 7.
• Designate a user in each office to manage the address information of the user accounts
in that office.
• Deploy a new branch office named Branch22 that has the following servers:
• One file server named Server1.
• Two domain controllers named DC10 and DC11 that are configured as DNS servers.
Technical Requirements
Woodgrove Bank must meet the following technical requirements:
• Minimize hardware and software costs, whenever possible.
• Encrypt all DNS replication traffic between the DNS servers.
• Ensure that users in the branch offices can access the DFS targets if a WAN link fails.
• Ensure that users can only view the list of DFS targets to which they are assigned
permissions.
• Minimize the amount of network traffic between the main office and the branch
offices, whenever possible.
• Minimize the amount of name resolution traffic from the branch offices to the DNS
servers in the main office.
• Ensure that the administrators in the main office manage all Windows update
approvals and all computer groups.
• Manage all of the share permissions and the folder permissions for the file servers
from a single management console.
• Ensure that if a file on a file server is deleted accidentally, users can revert to a
previous version of the file without administrator intervention.
• Ensure that administrators are notified by e-mail each time a user successfully copies
a file that has an .avi extension to one of the file servers.
Security Requirements
Woodgrove Bank must meet the following security requirements:
• Access rights and user rights must be minimized.
• The Guest account mustoe disabled on all servers.
• Internet Information Services (IIS) must only be installed on authorized servers.
###EndCaseStudy###
You need to recommend changes to the DFS infrastructure that meet the company’s security
requirements. What should you recommend?
A.
Modify the NTFS permissions and the share permissions of the DFS targets.
B.
Modify the referrals settings of the DFS namespace and the NTFS permissions of the DFS targets.
C.
Migrate the namespace to Windows Server 2008 mode and modify the referrals settings.
D.
Migrate the namespace to Windows Server 2008 mode and enable accessbased enumeration
(ABE).
Explanation:
ABE is enabled by default and lets you hide files and folders from users who do not have access to
them.