You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network. You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.
Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.
B.
Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.
C.
Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
D.
Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.
E.
Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.
Explanation:
We need to ensure that the connections made to the servers by the users in the finance“A Composite Solution With Just One Click” – Certification Guaranteed 135 Microsoft 70-293 Exam
department and in the research department meet the security guidelines stated by the written security policy. The computers in these departments use Windows XP Professional. We can therefore enable IPSec communication between the servers and the clients in the finance and research departments. However, the sales users use Windows NT, which cannot use IPSec. Therefore, to ensure that the NT clients can still communicate with the servers, we should enable the Server (Request Security) IPSec policy on the servers and the Client (Respond only) IPSec policy for the client computers.
Reference:
Dan Holme, and Orin Thomas, MCSA/MCSE Self-Paced Training Kit: Upgrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, 2004, Chapter 5 and 11.