Study Guide Study Guide
Weber State University
Popular in Course
Alfreda Wisoky III
verified elite notetaker
Popular in Telecommunication
This 5 page Class Notes was uploaded by Alfreda Wisoky III on Wednesday October 28, 2015. The Class Notes belongs to Study Guide at Weber State University taught by Bus Educ in Fall. Since its upload, it has received 14 views. For similar materials see /class/230813/study-guide-weber-state-university in Telecommunication at Weber State University.
Reviews for Study Guide
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 10/28/15
70299 MCSE Guide to Implementing and Administering Security in a Windows Server 2003 Network 4 1 Chapter 4 Solutions Review Questions 1 N 9 gt V 0 gt1 00 O H 0 H 19 L 4 Which is the lowest Service Pack that must be installed on Windows NT clients and servers so they can communicate effectively with Windows Server 2003 computers that are on their default setting Answer If a Windows Server 2003 computer is configured as a domain controller with a hisecdcinf template then which operating systems can be used as domain controllers in the domain Choose all that apply Answer a c Which types of security templates should be used on Windows Server 2003 computers Choose all that apply Answer a Which types of security templates should you use with Windows XP Professional computers Answer b Which of the following are domain functional levels in Windows Server 2003 Choose all that apply Answer b d Which of the following are true when a domain is in the Windows 2000 mixed functional level Choose all that apply Answer c d Which of the following are true when a domain is in the Windows 2000 native functional level Choose all that apply Answer a b Which of the following are true when a domain is in the Windows Server 2003 functional level Choose all that apply Answer a c Which of the following is the correct acronym for the recommended organization of security groups Answer c If a password policy is set at domain level and a con icting password policy is also set at organizational unit OU level in the OU that contains the users which policy settings will result Answer a If a software security policy is set at domain level and a conflicting software policy is also set at the organizational unit OU level in the OU that contains the users which policy settings will result Answer Which of the following is the correct order of application of security policies Answer If a domain administrator applies several Group Policies at domain level and uses the No Override Enforced option on some of them but an OU administrator within the domain applies Block Inheritance to all Group Policies then which of the following will result Choose all that apply Answer b c Which of the following are valid methods of using Resulting Set of Policy RSoP in logging mode Choose all that apply 70299 MCSE Guide to Implementing and Administering Security in a Windows Server 2003 Network Lquot H 0 H gt1 so O N O N N N N L N 4 N Lquot 4 2 Answer b c Which modes of RSoP examines Group Policies that are currently applied to the Active Directory Answer c Which tool can be used to create a report that contains green check marks and redX s to compare the current security configuration of a computer with a proposed database of settings Answer c If a Windows 2003 network contains Windows NT servers and clients which of the following are options for improving security while allowing communication between all computers Choose all that apply Answer d Which of the following advanced security settings should you use to overwrite errant permission settings caused by migrating Windows NT computers with security templates to Windows 2000 or Windows Server 2003 Answer b Which of the following templates are valid to use on a computer that is a domain controller Choose all that apply Answer a b Which of the following types of templates are valid to use on a Windows 2000 Professional computer Choose all that apply Answer a Which types of computers can be used in a Windows Server 2003 domain that is in Windows Server 2003 domain functional level Choose all that apply Answer a b c Which types of domain controllers can be used in a Windows Server 2003 domain that is in Windows 2000 native functional level Choose all that apply Answer b c Which type of nesting is available in a Windows Server 2003 domain that is in Windows 2000 mixed functional level Answer a Which types of nesting are available in a Windows Server 2003 domain that is in Windows Server 2003 functional level Choose all that apply Answer b d Which feature is only available if a domain is in Windows Server 2003 functional level Answer Activities Activity 4 1 The purpose of the activity is to have the students investigate further the predefined templates available in Windows 2000 and Windows Server 2003 They will read how templates started with Windows NT 40 SP 4 what they do and how they can affect communication with Windows NT servers and clients and then examine templates in the software on your own computer Activity 4 2 70299 MCSE Guide to Implementing and Administering Security in a Windows Server 2003 Network 43 The purpose of the activity is to have the students investigate domain functional levels you will examine the tools that are used to change domain functional levels on Windows Server 2003 Activity 4 3 The purpose of the activity is to have the students investigate group scopes that are available on Windows Server 2003 in the Windows 2000 mixed functional level versus those that are available in the Windows 2000 native functional level and above Activity 4 4 The purpose of the activity is to have the students install the Group Policy Management Console from the Internet and then examine the effect of using the Block Inheritance and No Override Enforce features Activity 4 5 The purpose of the activity is to have the students use a simple version of RSoP to determine the effective settings for the computer that they are logged onto and the user account with which they are logged on Activity 4 6 The purpose of the activity is to have the students use a simple version of gpresult to determine the effective settings for the computer that they are logged onto and the user account with which they are logged on Activity 4 7 The purpose of the activity is to have the students take the Security Configuration and Analysis tool to the next level They will configure a database of settings using a security template and then compare the database of settings to the current configuration of the computer They will be able to see the changes that the tool makes and compare the database settings with the computer settings in a real configuration Activity 4 8 The purpose of the activity is to have the students learn how to apply a new security template to a group of computers in a domain or an OU by using Group Policy Case Projects Case Project 4 1 Administrators have the option of using highlysecure templates to strengthen their networks from attacks by intruders from the outside and from within the network itself These templates can provide the foundation for security when only Windows 2000 and Windows Server 2003 servers are utilized If any Windows NT servers are used you may not be able to enforce these templates and still allow effective communication between the Windows NT servers and the newer servers More specifically the following will result when a highly secure template such as hisecdcinf is used on a newer server in conjunction with servers running Windows NT 1 Domain controllers running Windows NT 40 or earlier cannot authenticate users logging onto a client computer unless they run Service Pack 4 or higher Domain controllers for the domain to which the computer is joined must run Windows 2000 or later 2 Client computers cannot communicate with computers running Windows NT 40 unless they run Service Pack 4 or higher This is also true if the client computer is configured with a secureinf template 3 Client computers cannot communicate with a server running Windows NT 40 or Windows 2000 using a target serverbased account if the time on the target server differs by more than 30 minutes from the time on the client computer This is also true if the client computer is configured with a secureinf template 4 If the server is a domain controller and a hisecdcinf template is used then all of the other domain controllers in trusted or trusting domains must be running at least Windows 2000 Server and therefore cannot run Windows NT Server If any of the above conditions prevent proper communications in your network then you have two choices You can either upgrade all of your servers to at least Windows 2000 preferably Windows Server 2003 or you can 70299 MCSE Guide to Implementing and Administering Security in a Windows Server 2003 Network 44 continue to use Windows NT 40 with Service Pack 4 or higher but you will need to use a secure template such as securedcinf instead of the highly secure one Case Project 4 2 Large organizations with many domains in multiple trees will appreciate the advantages that the Windows Server 2003 domain functional level provides Organizations that merge with other organizations will be able to use cross forest trusts after all of the domains are raised to Windows Server 2003 domain functional level and the forest is also raised to Windows Server 2003 functional level This can dramatically decrease the number of trusts that an organization has to maintain and manage Both of the forest involved in the cross forest trust must be in Windows Server 2003 forest functional level Some of the advantages of upgrading a domain to Windows Server 2003 functional level include the following I Cross forest trusts are available I Groups can be converted in regard to group type and scope You can raise the forest functional level using the Active Directory Domains and Trusts tool after all of the domains in the forest have been raised Case Project 4 3 Since security templates in Windows 2000 function in very much the same way as those in Windows Server 2003 you are not likely to have as many issues as with Windows NT Server However you should be aware that the syntax of the default security templates for Windows 2000 differs from that of Windows Server 2003 For this reason you should make sure that you do not import a Windows 2000 Server security template onto Windows Server 2003 or vice versa In other words just keep the appropriate security templates on the appropriate machines and they will communicate just fine Windows Server 2003 templates will function as intended on Windows Server 2003 machines You should take care to use the correct security template for the role of the server For example domain controllers should be assigned a hisecdcinf DC Securityinf or securedcinf template CDomain controllers will automatically be assigned a DC Securityinf template when they are first promoted You should not delete or change the default templates but instead you should create new templates as needed Case Project 4 4 Windows Server 2003 includes three tools that can be used to troubleshoot these problems Resulting Set of Policy RSoP a suite of command line utilities and the Security Configuration and Analysis lLicrosoft Management Console WC You can use the RSoP tool to determine the effective settings on the computer that you are working from or any other computer in a Windows Server 2003 domain You cannot use RSoP for any computers other than the one from which you are currently working if you are not on a Windows Server 2003 domain This means that the domain must contain at least one domain controller running Windows Server 2003 The RSoP tool has two main modes Planning Mode and Logging Mode The biggest difference between the two modes is their intended use If you want to be able to script GPO troubleshooting of multiple computers you might also want to use the gpresult tool You can use gpresult to perform almost all of the actions that are available in RSoP Logging Mode Table 4 l with one exception You cannot determine policy precedence information with the gpresult tool The gpresult command is simple to use and provides many additional switches for specific functionality You can determine significant information about Group Policies by simply typing gpresult on a command line Security Configuration and Analysis SCA is a tool that you can use to assure that the security configuration settings that you are using for multiple computers are applied as you expected and are applied the same across all computers The SCA tool is a snapin that you can add to an MNTC You can compare a database of settings to the current configuration of a computer to be sure that the settings that you expected to be applied are actually applied The SCA tool provides unmistakable green check marks and red X s to indicate whether the database setting is actually applied to the computer You can quickly scan the settings to determine the setting that might be causing a problem You should know how to configure and analyze a computer using the SCA tool Case Project 5 5 Applying security templates can sometimes be easier than removing them You should understand that the application of security template settings can sometimes cause a domino effect and that the resulting changes 70299 MCSE Guide to Implementing and Administering Security in a Windows Server 2003 Network 45 may not be reset just because you remove the security template that created them Also when you remove one security template from a computer you should immediately assign another security template to replace it Understanding how templates should be exchanged will assist you in troubleshooting a problem created when one template is exchanged for another one The process of removing a security template from a computer is generally a process of replacing it with another security template This can be accomplished by manually editing the Local Security of the computer or by applying a Group Policy that enforces a different security template You should understand how to use Group Policy to enforce the replacement of security templates within all of the computers in an OU or all of the computers within a domain To accomplish this task you should create a new Group Policy and then apply it to the container where you want enforce the new template
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'