###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
Members of the Sales Support team must contact the help desk to have their AD DS user accounts
unlocked. You need to recommend a solution to ensure that user accounts for members of the Sales
Support team are automatically unlocked 10 minutes after becoming locked. What should you
recommend?
A.
Create a new Group Policy object with a different account lockout policy and link it to the domain.
B.
Modify the Unlock Account options for the members of the Sales security group.
C.
Create a fine-grained password policy with a different account lockout policy and apply it to the
Sales security group.
D.
Modify the Account Properties Options properties for the members of the Sales security group.
Explanation:
http://www.adaxes.com/tutorials_ActiveDirectoryManagement_ManageFineGrainedPasswordPolici
es.htm