You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named Servers that contains all of the company’s Windows Server 2003 resource servers.

The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers. You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf.

The Server.inf template contains hundreds of settings, including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings, none of which contain file or registry permissions settings.

The resource servers operate at near capacity during business hours. You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named Servers that contains all of the company’s Windows Server 2003 resource servers.

The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers. You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf.

The Server.inf template contains hundreds of settings, including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings, none of which contain file or registry permissions settings.

The resource servers operate at near capacity during business hours. You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.

What should you do?

A.
On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Create a Group Policy object (GPO) and link it to the Workstations OU. Import the Workstation.inf template into the GPO.

B.
Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object (GPO).

C.
On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object (GPO).

D.
Create a Group Policy object (GPO) and link it to the domain. Import both the Server.inf and the Workstation.inf templates into the GPO.

Explanation:
The question states that you need to apply the baseline security templates so that the settings will be periodically enforced. To accomplish this you must create a scheduled task so that the performance impact on resource servers is minimized. Furthermore, the question also states that Workstation.inf is a baseline security template for client computers. Therefore, the GPO has to be linked to the OU that contains the client computers, and the Workstation.inf template must be imported to the said GPO so that it can be applied.

Secedit.exe is a command line tool that performs the same functions as the Security Configuration And Analysis snap-in, and can also apply specific parts of templates to the computer. You can use Secedit.exe in scripts and batch files to automate security template deployments.

You can create a baseline security configuration in a GPO directly, or import a security template into a GPO. Link the baseline security GPO to OUs in which member servers’ computer objects exist.

Reference:

Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapter 10

Dan Holme, and Orin Thomas, MCSA/MCSE Self-Paced Training Kit: Upgrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, Chapter 9



Leave a Reply 0

Your email address will not be published. Required fields are marked *