You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers on the network either run Windows Server 2003 or Windows Server 2008 and all client computers run Windows Vista or Windows XP SP2.
You have been assigned the task to implement Encrypting File System (EFS) for all the client computers on the network and ensure that users must be able to access their EFS certificates on any client computers.
You also need to ensure that if a client computers disk fails, the EFS certificates must be accessible and only the minimum amount of data that is transferred across the network when a user logs on to or off from a client computer.
Which of the following options would you choose to accomplish the assigned task?
A.
Smart cards
B.
Credential roaming
C.
Roaming user profiles
D.
Data Recovery Agent
E.
None of the above.
Explanation:
Since credential roaming is not part of Windows XP SP2, the feature is available as a separate software update that can be deployed in Windows XP SP2 computers. The credential roaming functionality is also implemented as a core feature in Windows Vista. Credential roaming can enhance the use of Encrypting File System (EFS) in various ways, for example, roaming EFS certificates that are signed by a CA or are self-signed. With the credential roaming functionality in the CSC, managed environments can now store X.509 certificates, certificate requests, and private keys specific to a user in Active Directory, independently from the profile.
stored user names and passwords. Users typically maintain stored user names and passwords of certain Web sites or file servers that do not have a default trust relationship with the user’s computer. With credential roaming, once a domain user chooses in a Windows authentication dialog box to cache or ‘remember’ the current credentials, the user will have the same experience on any domain-joined computer that the user logs on to.