###BeginCaseStudy###
Case Study: 12
Wingtip Toys
Scenario
COMPANY OVERVIEW
Wingtip Toys is an international company that has a main office and several branch offices.
The main office is located in Moscow. The branch offices are located throughout Europe. The
main office has 500 users. Each branch office has 4 to 70 users.
PLANNED CHANGES
Wingtip Toys opens a new branch office that contains a file server. You plan to promote the
file server to a Read-only Domain Controller (RODC). Wingtip Toys plans to hire a
consulting firm to manage its Web site. The consulting firm must only be permitted to
manage the Web site and must be prevented from accessing to all other server resources.
Wingtip Toys plans to purchase a high-resolution printer that will be connected to a print
server in the main office. Users must be charged for each page that they print on the printer.
You plan to present additional storage to a two node failover cluster in the main office. The
storage will be used by the file server instance.
EXISTING ENVIRONMENT
All servers run either Windows Server 2008 or Windows Server 2008 R2. All client
computers run either Windows Vista Enterprise or Windows 7 Enterprise.
Existing Network Infrastructure
The network contains an internal network and a perimeter network. The company Web site is
hosted on a standalone server in the perimeter network. The main office connects to each
branch office by using a 1-Mbps WAN link.
Existing Active Directory Environment
The network contains a single Active Directory domain named wingtiptoys.com. An Active
Directory site exists for each office. Each Active Directory site contains a single subnet. The
main office has two domain controllers. Each branch office has a single domain controller.
REQUIREMENTS
Technical Requirements
Wingtip Toys must meet the following technical requirements:
• Minimize network utilization.
• Minimize WAN link utilization.
• Ensure that the file servers can access additional storage as a local drive.
• Ensure that changes to the network are transparent to users whenever possible.
• Ensure that new storage solutions are supported by Windows Failover Clustering.
• Ensure that each user can access his Documents folder from any client computer.
• Automatically organize the files on the file servers according to the contents of the
files.
• Ensure that storage can be provisioned without causing any downtime of the file
servers.
• Ensure that the data on the file servers is protected by using Windows BitLocker
Drive Encryption (BitLocker).
Problem Statements
All users store their documents and other data in the Documents folder on their respective
client computers. The users report that when they log on to a computer that is not their own,
their documents are unavailable.
###EndCaseStudy###
You need to recommend a monitoring solution for the new printer. What should you include in the
recommendation?
A.
Data Collector Sets (DCSs)
B.
event subscriptions
C.
object access auditing
D.
Print Management filters
Explanation:
http ://technet.microsoft.com/en-us/library/cc766468%28WS.10%29.aspx
Establishing audit policy is an important facet of security. Monitoring the creation or modification of
objects gives you a way to track potential security problems, helps to ensure user accountability, and
provides evidence in the event of a security breach.
There are nine different kinds of events you can audit. If you audit any of these kinds of events,
Windows® records the events in the Security log, which you can find in Event Viewer. Account logon
events. Audit this to see each instance of a user logging on to or logging off from another computer
in which this computer is used to validate the account. Account logon events are generated in the
domain controller’s Security log when a domain user account is authenticated on a domain
controller. These events are separate from Logon events, which are generated in the local Security
log when a local user is authenticated on a local computer. Account logoff events are not tracked on
the domain controller.
Account management. Audit this to see when someone has changed an account name, enabled or
disabled an account, created or deleted an account, changed a password, or changed a user group.
Directory service access. Audit this to see when someone accesses an Active Directory® directory
service object that has its own system access control list (SACL).
Logon events. Audit this to see when someone has logged on or off your computer (either while
physically at your computer or by trying to log on over a network).
Object access. Audit this to see when someone has used a file, folder, printer, or other object. While
you can also audit registry keys, we don’t recommend that unless you have advanced computer
knowledge and know how to use the registry.
Policy change. Audit this to see attempts to change local security policies and to see if someone has
changed user rights assignments, auditing policies, or trust policies.
Privilege use. Audit this to see when someone performs a user right.Process tracking. Audit this to see when events such as program activation or a process exiting
occur.
System events. Audit this to see when someone has shut down or restarted the computer, or when a
process or program tries to do something that it does not have permission to do. For example, if
malicious software tried to change a setting on your computer without your permission, system
event auditing would record it.