###BeginCaseStudy###
Case Study: 17
Graphic Design Institute, Case B
General Background
You are the systems administrator for the Graphic Design Institute (GDI). GDI is a private
liberal arts and technical college with campuses in multiple cities.
Technical Background
The campus locations, users, client computers, and servers are described in the following
table.
The campuses are connected by a fully meshed WAN.
The corporate network includes Active Directory Domain Services (AD DS). Domain
controllers are located on each campus.
GDI uses Microsoft Windows Deployment Server (WDS) to distribute images by using
Preboot Execution Environment (PXE). GDI builds images by using the Windows
Automated Installation Kit (WAIK).
GDI uses Microsoft Windows Server Update Services (WSUS) to distribute and manage
Windows security updates and software updates. All private client computers and portable
computers used by faculty and staff are members of the WSUS computer group named Staff.
All shared client computers are members of the WSUS computer group named
LabComputers. All faculty and staff users are members of the global security group named
GDI_Staff. All students are members of the global security group named GDI_Students.
Specific servers are configured as shown in the following table.
The main data center is located on the Boston campus. ADMX and ADML files are centrally
stored on BODC01.
All Charlotte servers reside in the CH_Servers organizational unit (OU). CHDATA01,
CHDATA02, CHDATA03, and CHDATA04 reside in the CH_FileServers OU.
CH_FileServers is a child OU of CH_Servers.
A Group Policy object (GPO) named ServerSettings App1ies Windows Internet Explorer
settings to all servers.
Business Requirements
After successful migrations to Windows Server 2008 R2 in Boston, New Haven, and
Tacoma, GDI plans to migrate its other campuses to Windows Server 2008 R2 in advance of
a full Windows 7 client computer deployment. Server deployment on the Austin campus must
be performed on weekends by using scheduled deployments. The post-migration environment
must meet the following business requirements:
• Maximize security
• Maximize data protection
• Maximize existing resources
• Minimize downtime
Technical Requirements
The post-migration environment must meet the following security requirements:
• All updates must be distributed by using WSUS.
• All critical updates must be installed as soon as possible.
• All drives on the Minneapolis campus servers must have Windows BitLocker Drive
Encryption enabled.
The post-migration environment must meet the following data protection requirements:
• All servers must have automated backup routines.
• All backups must be replicated to the Boston data center at the end of each business
week.
• The post-migration environment must meet the following resource requirements:
• Installations and recovery must be performed remotely.
• All department volumes on file servers must have NTFS quotas.
• Minimize download time for users who open Microsoft Office documents over the
WAN.
• Ensure that users’ files are always opened from the closest file server when available.
• Users’ files must be accessible by the same path from all campuses.
###EndCaseStudy###
You are planning the migration of client computers on the Northridge campus to Windows 7. Due to
compatibility concerns, the Northridge campus servers will not be migrated to Windows Server 2008
R2. The Northridge campus uses customized options in the inters.adm and system.adm
administrative templates to handle key security restrictions. You need to ensure that the security
restrictions will be applied to the migrated client computers. What should you recommend?
A.
Copy the ADM files to \\BODC01\C$\Windows\SYSVOL\domain\policies\PolicyDefinitions and
apply them to the Northridge GPOs.
B.
Re-create the settings from the ADM files in the ADMX files on NODC01 and apply them to the
Northridge GPOs.
C.
Copy the ADM files to \\NODC01\CS\Windows\inf and apply them to the Northridge GPOs.
D.
Re-create the settings from the ADM files in the ADMX files on BODC01 and apply them to the
Northridge GPOs.