PrepAway - Latest Free Exam Questions & Answers

Sales_Temp is published to the C

PrepAway - Latest Free Exam Questions & Answers

Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008
R2 Enterprise. All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You have a custom certificate template named Sales_Temp. Sales_Temp is published to the CA.
You need to ensure that all of the members of a group named Sales can enroll for certificates that use
Sales_Temp.
Which snap-in should you use?

A.
Enterprise PKI

B.
Certification Authority

C.
Share and storage Management

D.
Certificate Templates

E.
Security Configuration Wizard

F.
Authorization Manager

G.
Group Policy Management

H.
Certificates

I.
Active Directory Administrative Center

Explanation:
Reference:
http://technet.microsoft.com/en-us/library/cc770794.aspx
Deploying Certificate Templates
After creating a new certificate template, the nextstep is to deploy the certificate template so thata certification
authority (CA) can issue certificates based on it. Deployment includes publishing the certificate template to one
or more CAs, defining which security principals have Enroll permissions for the certificate template, and
deciding whether to configure autoenrollment for the certificate template.
To define permissions to allow a specific security principal to enroll for certificates based on a
certificate template
1. Open the Certificate Templates snap-in(Certtmpl.msc).
2. In the details pane, right-click the certificate template you want to change, and then click Properties.
3. On the Security tab, ensure that Authenticated users is assigned Read permissions. This ensures thatall
authenticated users on the network can see the certificate templates.
4. On the Security tab, click Add. Add a global group or universal group that containsall security
principals requiring Enroll permissions for the certificate template, and then click OK.
5. On the Security tab, select the newly added security group, and then assign Allow for the Read and Enroll
permissions.
6. Click OK.
Permission Design
Use the following recommendations for permissions assignments:
Assign permissions only to global groups or to universal groups. It is not recommended to assign
permissions to domain local groups. Domain local groups are only recognized in the domain where they
exist, and assigning permissions to them can resultin inconsistent application of permissions. You should
not assign permissions directly to an individual user or computer account.
(…)


Leave a Reply