You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company.
You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.
What should you do?
A.
Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow – Write permission.
B.
Assign the Certificate Managers role to the Cert Administrators group.
C.
Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow – Modify permission.
D.
Add the Cert Administrators group to the Cert Publishers group in the domain.
Explanation:
To be able to issue, approve and revoke certificates, the Cert Administrators group needs to be assigned the role of Certificate Manager. The Certificate Manager approves certificate enrollment and revocation requests. This is a CA role, and is sometimes referred to as CA Officer.Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp.
11-4 to 11-8.Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructur* Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 12, p. 890