Which two actions should you take? (Each correct answer presents part of the solution

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You are planning a public key infrastructure (PKI) for the company. You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.

You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied. You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003.

Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication. You want to ensure that users receive certificates that can be used to authenticate to Web sites.

Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You are planning a public key infrastructure (PKI) for the company. You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.

You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied. You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003.

Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication. You want to ensure that users receive certificates that can be used to authenticate to Web sites.

Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

A.
On the User Authentication certificate template, select the Reenroll All Certificate Holders command.

B.
Assign the Domain Users group the Allow – Issue and Manage Certificates permission for the CA.

C.
Assign the Domain Users group the Allow – Autoenroll permission for the User Authentication certificate template.

D.
Configure the CA to enable the User Authentication certificate template.

Explanation:
For users to request certificates from an enterprise CA, they must have permission to use the templates corresponding to the certificates they need.

Reference:

Dan Holme, Orin Thomas; MCSA/MCSE Self-Paced Training Kit: Upgrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, 2004, pp. 25-14.



Leave a Reply 0

Your email address will not be published. Required fields are marked *