What should you recommend?

###BeginCaseStudy###
Case Study: 13
Blue Yonder Airlines
Scenario
COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six
satellite offices. The main office is located in Sydney. The branch offices are located in
London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch
office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following
server roles installed:
• File server
• Print server
• Read-only Domain Controller (RODC)
Each satellite office will have a local support technician who performs the following tasks:
• Manages printers.
• Manages server backups.
• Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory
objects. The solution must ensure that the attributes of the deleted objects are restored to the
same state they were in before they were deleted. You plan to deploy a custom sales
Application named App2 to the portable computers of all company sales consultants. The
setup program of App2 requires local administrative privileges. App2 will be updated
monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
• Minimize server downtime.
• Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server
2008. All client computers were recently replaced with new computers that run Windows 7
Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The
functional level of the domain is Windows Server 2008. All domain controllers run Windows
Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of
the users in all of the offices.

A Group Policy is used to assign an Application named App1 to all of the users in the
domain.
The branch offices contain public computers on which temporary employees can browse the
Internet and view electronic brochures. When the employees log on to the public computers,
they must all receive the same user settings. App1 must not be installed on the public
computers. The computer accounts for all of the public computers are in an organizational
unit (OU) name Public.
REQUIREMENTS
Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO)
App1ied.
You plan to implement Network Access Protection (NAP) by using switches and wireless
access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
• Only authorized Applications must be run.
• Automatic updates must be enabled and App1ied automatically.
Users must be denied access to the local hard disk drives and the network shares from the
public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.

Each user is allocated 1 GB of storage on the Users share in their local office. Each user must
be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
• Sales consultants must use the latest version of the Application.
• When a new version of App2 is installed, the previous version must be uninstalled. Sales
consultants must be able to run App2 when they are disconnected from the network.
###EndCaseStudy###

You need to recommend a solution for managing the public computers in the branch offices. What
should you recommend?

###BeginCaseStudy###
Case Study: 13
Blue Yonder Airlines
Scenario
COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six
satellite offices. The main office is located in Sydney. The branch offices are located in
London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch
office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following
server roles installed:
• File server
• Print server
• Read-only Domain Controller (RODC)
Each satellite office will have a local support technician who performs the following tasks:
• Manages printers.
• Manages server backups.
• Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory
objects. The solution must ensure that the attributes of the deleted objects are restored to the
same state they were in before they were deleted. You plan to deploy a custom sales
Application named App2 to the portable computers of all company sales consultants. The
setup program of App2 requires local administrative privileges. App2 will be updated
monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
• Minimize server downtime.
• Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server
2008. All client computers were recently replaced with new computers that run Windows 7
Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The
functional level of the domain is Windows Server 2008. All domain controllers run Windows
Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of
the users in all of the offices.

A Group Policy is used to assign an Application named App1 to all of the users in the
domain.
The branch offices contain public computers on which temporary employees can browse the
Internet and view electronic brochures. When the employees log on to the public computers,
they must all receive the same user settings. App1 must not be installed on the public
computers. The computer accounts for all of the public computers are in an organizational
unit (OU) name Public.
REQUIREMENTS
Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO)
App1ied.
You plan to implement Network Access Protection (NAP) by using switches and wireless
access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
• Only authorized Applications must be run.
• Automatic updates must be enabled and App1ied automatically.
Users must be denied access to the local hard disk drives and the network shares from the
public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.

Each user is allocated 1 GB of storage on the Users share in their local office. Each user must
be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
• Sales consultants must use the latest version of the Application.
• When a new version of App2 is installed, the previous version must be uninstalled. Sales
consultants must be able to run App2 when they are disconnected from the network.
###EndCaseStudy###

You need to recommend a solution for managing the public computers in the branch offices. What
should you recommend?

A.
Create a GPO that is linked to the domain and configure security filtering for the GPO.

B.
Create a GPO that is linked to the Public OU and configure security filtering for the GPO.

C.
Create a GPO that is linked to the Public OU and enable loopback processing in the GPO.

D.
Create a GPO that is linked to the domain and enable block inheritance on the Public OU.

Explanation:

http ://support.microsoft.com/?id=231287
Group Policy applies to the user or computer in a manner that depends on where both the user and
the computer objects are located in Active Directory. However, in some cases, users may need policy
applied to them based on the location of the computer object alone. You can use the Group Policy
loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user
logs on to.
http ://technet.microsoft.com/en-us/windowsserver/cc817587
Managing Terminal Services
What is loopback processing?
Group Policy loopback processing can be used to alter the application of GPOs to a user by including
GPOs based on the location of the computer object. The typical way to use loopback processing is to
apply GPOs that depend on the computer to which the user logs on.



Leave a Reply 0

Your email address will not be published. Required fields are marked *