What should you do?

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows 2000 Professional, Windows XP Professional, or Windows NT Workstation 4.0.The company wants to increase the security of the communication on the network by using IPSec as much as possible. The company does not want to upgrade the Windows NT Workstation 4.0 client computers to another operating system. The servers use a custom IPSec policy named Domain Servers. The rules of the Domain Servers IPSec policy are shown in the exhibit.

You create a new Group Policy object (GPO) and link it to the domain. You configure the GPO to assign the predefined IPSec policy named Client (Respond Only).

After these configuration changes, users of the Windows NT Workstation 4.0 computers report that they cannot connect to the servers in the domain.You want to ensure that Windows NT Workstation 4.0 client computers can connect to servers in the domain.

What should you do?

Exhibit:

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows 2000 Professional, Windows XP Professional, or Windows NT Workstation 4.0.The company wants to increase the security of the communication on the network by using IPSec as much as possible. The company does not want to upgrade the Windows NT Workstation 4.0 client computers to another operating system. The servers use a custom IPSec policy named Domain Servers. The rules of the Domain Servers IPSec policy are shown in the exhibit.

You create a new Group Policy object (GPO) and link it to the domain. You configure the GPO to assign the predefined IPSec policy named Client (Respond Only).

After these configuration changes, users of the Windows NT Workstation 4.0 computers report that they cannot connect to the servers in the domain.You want to ensure that Windows NT Workstation 4.0 client computers can connect to servers in the domain.

What should you do?

Exhibit:

A.
Activate the default response rule for the Domain Servers IPSec policy.

B.
Change the All IP Traffic rule in the Domain Servers IPSec policy to use the Request Security (Optional) filter action.

C.
Install the Active Directory Client Extensions software on the Windows NT Workstation 4.0 computers.

D.
Change the All IP Traffic rule in the Domain Servers IPSec policy to use a preshared key for authentication.

E.
Install the Microsoft L2TP/IPSec VPN Client software on the Windows NT Workstation 4.0 computers.

Explanation:
The exhibit shows that the server has the “Require Security” IPSec policy. The Windows NT Workstation clients are unable to use IPSec, and so cannot communicate with the server. We can fix this by changing the IPSec policy to Request Security (Optional). This will configure the server to use IPSec whenever possible, but to allow unsecured communications if required.

Reference:

“A Composite Solution With Just One Click” – Certification Guaranteed 141 Microsoft 70-293 Exam
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructur* Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 10, pp. 728-739



Leave a Reply 0

Your email address will not be published. Required fields are marked *