You need to deploy a new line of business application

###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.

The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.

The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.

All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###

Your network contains an Active Directory domain. The domain contains a Remote Desktop Services
server that runs Windows Server 2008 R2. All client computers run Windows 7. You need to deploy a
new line of business application. The deployment must meet the following requirements:
– Users must have access to the application from the company portal.
– Users must always have access to the latest version of the application.
– You must minimize the number of applications installed on the client computers.
What should you do?

###BeginCaseStudy###
Case Study: 18
Tailspin Toys
Scenario
General Background
You are the Windows server administrator for Tailspin Toys. Tailspin Toys has a main office
and a manufacturing office. Tailspin Toys recently acquired Wingtip Toys and is in the
beginning stages of merging the IT environments. Wingtip Toys has a main office and a sales
office.
Technical Background
The companies use the network subnets indicated in the following table.

The Tailspin Toys network and the Wingtip Toys network are connected by a point-to-point
dedicated 45 Mbps circuit that terminates in the main offices.
Tailspin toys
The current Tailspin Toys server topology is shown in the following table.

The Tailspin Toys environment has the following characteristics:
• All servers are joined to the tailspintoys.com domain.
• In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
• An Active Directory security group named “Windows system administrators” is
used to control all files and folders on TT-PRINT01.
• A Tailspin Toys administrator named Marc has been delegated rights to multiple
organizational units (OUs) and object in the tailspintoys.com domain.
• Tailspin Toys developers use Hyper-V virtual machines (VMs) for development.
There are 20 development VMs named TT-DEV01 through TT-DEV20.
Wingtip Toys
The current Wingtip Toys server topology is shown in the following table.

All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
• All domain zones must be stored as Active Directory-integrated zones.
• Only DNS servers located in the Tailspin Toys main office may communicate with
DNS servers at Wingtip Toys.
• Only DNS servers located in the Wingtip Toys main office may communicate with
DNS servers at Tailspin Toys.
• All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
• All wingtiptoys.com resources must be resolved from the Tailspin Toys offices.
• Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys
computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met:
• Tailspin Toys IT security administrators must be able to create, modify, and delete
user objects in the wingtiptoys.com domain.
• Members of the Domain Admins group in the tailspintoys.com domain must have full
access to the wingtiptoys.com Active Directory environment.
• A delegation policy must grant minimum access rights and simplify the process of
delegating rights.
• Minimum permissions must always be delegated to ensure that the least privilege is
granted for a job or task.
• Members of the TAILSPINTOYS\HeIpdesk group must be able to update drivers and
add printer ports on TT-PRINT01.
• Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print
job on TT-PRINT01.
• Tailspin Toys developers must be able to start, stop, and Apply snapshots to their
development VMs.
IT Security
You must ensure that the following IT security requirements are met:
• Server security must be automated to ensure that newly deployed servers
automatically have the same security configuration as existing servers.
• Auditing must be configured to ensure that the deletion of user objects and OUs is
logged.
• Microsoft Word and Microsoft Excel files must be automatically encrypted when
uploaded to the Confidential document library on the Tailspin Toys Microsoft SharePoint
site.
• Multifactor authentication must control access to Tailspin Toys domain controllers.
• All file and folder auditing must capture the reason for access.
• All folder auditing must capture all delete actions for all existing folders and newly
created folders.
• New events must be written to the Security event log in the tailspintoys.com domain
and retained indefinitely.
• Drive X:\ on TT-FILE01 must be encrypted by using Windows BitLocker Drive
Encryption and must automatically unlock.
###EndCaseStudy###

Your network contains an Active Directory domain. The domain contains a Remote Desktop Services
server that runs Windows Server 2008 R2. All client computers run Windows 7. You need to deploy a
new line of business application. The deployment must meet the following requirements:
– Users must have access to the application from the company portal.
– Users must always have access to the latest version of the application.
– You must minimize the number of applications installed on the client computers.
What should you do?

A.
Publish the application to the users by using a Group Policy object (GPO).

B.
Publish the application as a RemoteApp. Enable Remote Desktop Web Access (RD Web Access).

C.
Assign the application to the client computers by using a Group Policy object (GPO).

D.
Deploy the application by using Microsoft System Center Configuration Manager (SCCM) 2007 R2.

Explanation:

http ://technet.microsoft.com/en-us/library/cc753844%28WS.10%29.aspx
http ://technet.microsoft.com/en-us/library/cc730673%28WS.10%29.aspx
Terminal Services RemoteApp (TS RemoteApp)
Terminal Services RemoteApp (TSRemoteApp) enables organizations to provide access to standard
Windows®-based programs from virtually any location to users with computers running
WindowsVista®, WindowsServer®2008, or WindowsXP with Service Pack3 (SP3). TSRemoteApp is
also available to users with computers running WindowsXP with Service Pack2 (SP2), Windows
Server2003 with Service Pack1 (SP1), or Windows Server2003 with SP2 that have the new Remote
Desktop Connection (RDC) client installed.
What does TSRemoteApp do?
RemoteApp programs are programs that are accessed remotely through Terminal Services and
appear as if they are running on the end user’s local computer. Users can run RemoteApp programs
side by side with their local programs. A user can minimize, maximize, and resize the program
window, and can easily start multiple programs at the same time. If a user is running more than one
RemoteApp program on the same terminal server, the RemoteApp programs will share the same
Terminal Services session.
Users can run RemoteApp programs in a number of ways. They can:
Double-click a Remote Desktop Protocol (.rdp) file that has been created and distributed by their
administrator.
Double-click a program icon on their desktop or Start menu that has been created and distributed by
their administrator with a Windows Installer (.msi) package.
Double-click a file whose extension is associated with a RemoteApp program. (This can be configured
by their administrator with a Windows Installer package.)
Access a link to the RemoteApp program on a Web site by using TSWeb Access.
The .rdp files and Windows Installer packages contain the settings needed to run RemoteApp
programs. After opening the RemoteApp program on a local computer, the user can interact with
the program that is running on the terminal server as if it were running locally.
Key scenarios for TSRemoteApp

TSRemoteApp is especially useful in scenarios such as the following:
Remote users. Users often need to access programs from remote locations, such as while working
from home or while traveling. If you want users to access RemoteApp programs over an Internet
connection, you can allow access through a Virtual Private Network (VPN), or you can deploy
TSRemoteApp together with Terminal Services Gateway (TSGateway) to help secure remote access
to the programs.
Branch offices. In a branch office environment, there may be limited local IT support and limited
network bandwidth. By using TSRemoteApp, you can centralize the management of your
applications and improve remote program performance in limited bandwidth scenarios.
Line-of-business (LOB) applications deployment. Companies often need to run consistent
LOB applications on computers that are running different Windows versions and configurations.
Instead of deploying the LOB applications to all the computers in the company, which can be
expensive in terms of time and cost, you can install the LOB applications on a terminal server and
make them available through TSRemoteApp.
Application deployment. With TSRemoteApp you do not have to deploy and maintain different
versions of the same program for individual computers. If employees need to use multiple versions
of a program, you can install those versions on one or more terminal servers, and users can access
them through TSRemoteApp.
Roaming users. In a company with a flexible desk policy, users can work from different computers. In
some cases, the computer where a user is working may not have the necessary programs installed
locally.
By using TSRemoteApp, you can install the programs on a terminal server and make them available
to users as if those programs were installed locally.



Leave a Reply 0

Your email address will not be published. Required fields are marked *