###BeginCaseStudy###
Case Study: 13
Blue Yonder Airlines
Scenario
COMPANY OVERVIEW
Blue Yonder Airlines has a main office and four branch offices. Each branch office has six
satellite offices. The main office is located in Sydney. The branch offices are located in
London, New York, Bangkok, and Istanbul. The main office has 1,000 users. Each branch
office has 500 users. Each satellite office has 50 to 100 users.
PLANNED CHANGES
Each satellite office will have a single server deployed. The servers will have the following
server roles installed:
• File server
• Print server
• Read-only Domain Controller (RODC)
Each satellite office will have a local support technician who performs the following tasks:
• Manages printers.
• Manages server backups.
• Manages updates on the server.
Each support technician will only be permitted to manage the server located in his office.
You plan to implement a backup and recovery solution to restore deleted Active Directory
objects. The solution must ensure that the attributes of the deleted objects are restored to the
same state they were in before they were deleted. You plan to deploy a custom sales
Application named App2 to the portable computers of all company sales consultants. The
setup program of App2 requires local administrative privileges. App2 will be updated
monthly.
BUSINESS GOALS
Blue Yonder Airlines has the following business goals:
• Minimize server downtime.
• Minimize administrative effort.
Minimize interruptions to users caused by WAN link failures.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2008 R2 or Windows Server
2008. All client computers were recently replaced with new computers that run Windows 7
Enterprise.
Users do not have local administrator rights on the client computers.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named blueyonderairlines.com. The
functional level of the domain is Windows Server 2008. All domain controllers run Windows
Server 2008.
Existing Network Infrastructure
All offices have wired and wireless networks.
The main office has a file server that stores large graphics files. The files are used by all of
the users in all of the offices.
A Group Policy is used to assign an Application named App1 to all of the users in the
domain.
The branch offices contain public computers on which temporary employees can browse the
Internet and view electronic brochures. When the employees log on to the public computers,
they must all receive the same user settings. App1 must not be installed on the public
computers. The computer accounts for all of the public computers are in an organizational
unit (OU) name Public.
REQUIREMENTS
Security Requirements
All computers in the domain must have a domain-level security Group Policy object (GPO)
App1ied.
You plan to implement Network Access Protection (NAP) by using switches and wireless
access points (WAPs) as NAP enforcement points.
The public computers must meet the following security requirements:
• Only authorized Applications must be run.
• Automatic updates must be enabled and App1ied automatically.
Users must be denied access to the local hard disk drives and the network shares from the
public computers.
Technical Requirements
The file server in each branch office is configured as shown in the following table.
Each user is allocated 1 GB of storage on the Users share in their local office. Each user must
be prevented from storing files larger than 500 MB on the Data share in their local office.
Blue Yonder Airlines must meet the following requirements for managing App2:
• Sales consultants must use the latest version of the Application.
• When a new version of App2 is installed, the previous version must be uninstalled. Sales
consultants must be able to run App2 when they are disconnected from the network.
###EndCaseStudy###
You need to implement a solution for the branch office file servers that meets the company’s
technical requirements. What should you implement on the branch office file servers?
A.
File Server Resource Manager (FSRM) quotas
B.
Network Policy Server (NPS) connection request policies
C.
NTFS disk quotas
D.
Windows System Resource Manager (WSRM) resource allocation policies
Explanation:
http ://technet.microsoft.com/en-us/library/cc766468%28WS.10%29.aspx
Establishing audit policy is an important facet of security. Monitoring the creation or modification of
objects gives you a way to track potential security problems, helps to ensure user accountability, and
provides evidence in the event of a security breach.
There are nine different kinds of events you can audit. If you audit any of these kinds of events,
Windows® records the events in the Security log, which you can find in Event Viewer.
Account logon events. Audit this to see each instance of a user logging on to or logging off from
another computer in which this computer is used to validate the account. Account logon events are
generated in the domain controller’s Security log when a domain user account is authenticated on a
domain controller. These events are separate from Logon events, which are generated in the local
Security log when a local user is authenticated on a local computer. Account logoff events are not
tracked on the domain controller.
Account management. Audit this to see when someone has changed an account name, enabled or
disabled an account, created or deleted an account, changed a password, or changed a user group.
Directory service access. Audit this to see when someone accesses an Active Directory® directory
service object that has its own system access control list (SACL).
Logon events. Audit this to see when someone has logged on or off your computer (either while
physically at your computer or by trying to log on over a network).
Object access. Audit this to see when someone has used a file, folder, printer, or other object. While
you can also audit registry keys, we don’t recommend that unless you have advanced computer
knowledge and know how to use the registry.Policy change. Audit this to see attempts to change local security policies and to see if someone has
changed user rights assignments, auditing policies, or trust policies.
Privilege use. Audit this to see when someone performs a user right.
Process tracking. Audit this to see when events such as program activation or a process exiting
occur.
System events. Audit this to see when someone has shut down or restarted the computer, or when a
process or program tries to do something that it does not have permission to do. For example, if
malicious software tried to change a setting on your computer without your permission, system
event auditing would record it.