You are a security administrator for your company. The network consists of a single Active Directory domain. Servers on the network run Windows Server 2003. All servers are in an organizational unit (OU) named Servers, or in OUs contained within the Servers OU.

Based on information in recent security bulletins, you want to apply settings from a security template named Messenger.inf to all servers on which the Messenger service is started. You do not want to apply these settings to servers on which the Messenger service is not started. You also do not want to move servers to other OUs.

You need to apply the Messenger.inf security template to the appropriate servers. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All computers are members of the domain.

The company’s written security policy states that all servers must have the security settings that are specified in a security template named Verify.inf. The Verify.inf security template is copied to the Systemroot\Security\Templates folder on each server.

You need to verify that the servers on the network meet the requirements in the written security policy. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.

You create two top-level organizational units (OUs). One OU is named Finance. The other OU is named Marketing. You place user and computer accounts for users in the marketing and finance departments in the corresponding OU. You create a Group Policy object (GPO) for each OU and link each GPO to the corresponding OU. The GPO linked to the Marketing OU is shown in the Marketing GPO exhibit, and the GPO linked to the Finance OU is shown in the Finance GPO exhibit. (Refer to the Exhibit.)

A client computer named Client1 is used by users in the marketing department. You reassign Client1 to users in the finance department. You move the computer object from the Marketing OU to the Finance OU. When you attempt to log on to Client1, you receive a message stating that the computer is intended for use by the marketing department only.

You need to ensure that users in the finance department do not receive the message. You want to achieve this goal without affecting users in the Marketing OU. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

Administrators in your company use scripts to perform administrative tasks when they troubleshoot problems on client computers. They connect to the Telnet service on client computers when they run these scripts. For security reasons, All Telnet traffic is encrypted by using an IPSec policy. In addition, the Telnet service is configured for manual startup on all client computers. Administrators manually start and stop the Telnet service when they perform administrative tasks. Administrators report that they sometimes cannot start the Telnet service on client computers. You examine several client computers and discover that the Telnet service is disabled.

You need to ensure that administrators can troubleshoot problems on client computers at all times. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

Users are in the marketing, sales, or production department. A high-performance color print device named ColorPrinter1 is attached to a server named Server1. ColorPrinter1 is shared by the users in the marketing department. Only users in the marketing department are permitted to print documents on ColorPrinter1. Melanie is a user in the marketing department. Melanie is responsible for ensuring that print jobs on ColorPrinter1 print properly. She is also responsible for replacing paper and for general print device maintenance. Melanie is not permitted to modify the printer itself. You need to configure permissions for ColorPrinter1.

You create a global group named Marketing. You add all marketing users to the Marketing global group. What else should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All servers are members of the domain.

The company plans to deploy a new application named App1. The application runs on servers. To test the compatibility between App1 and other applications that run on the servers, you need to change several file and registry permissions in the Windows folder on the servers. A security template named TestPerms contains the file and registry permissions that need to be set for the application testing. You create a new Group Policy object (GPO) named TestApp. You import the TestPerms security template into the TestApp GPO. You link the TestApp GPO to an organizational unit (OU) that contains only the servers that are used for the test.

You need to ensure that the file and registry permissions are set to the permissions in the TestPerms security template only during application testing. What should you do when the application testing ends?

You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers and servers run Windows Server 2003. All computers are members of the domain.

The domain contains 12 database servers. The database servers are in an organizational unit (OU) named DBServers. The domain controllers and the database servers are in the same Active Directory site. You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU.

You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

You manage the network by using a combination of Group Policy objects (GPOs) and scripts. File names for scripts have the .Vbs file name extension. Scripts are stored in a shared folder named Scripts on a server named Server1. Users report that they accidentally run scripts that are received through e-mail and the lnternet. They further report that these scripts cause problems with their client computers and often delete or change files. You discover that these scripts have .wsh, .wsf, .Vbs, or .vbe file name extensions. You decide to use software restriction policies to prevent the use of unauthorized scripts. You need to configure a software restriction policy for your network.

You want to achieve this goal without affecting management of your network. Which three rules should you include in your software restriction policy? (Each correct answer presents part of the solution. Choose three.)

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.

The company’s written security policy states the following requirements: All access to files must be audited. File servers must be able to record all security events.You create a new Group Policy object (GPO) and filter it to apply to only file servers. You configure an audit policy to audit files and folders on file servers. You configure a system access control list (SACL) to audit the appropriate files.

You need to ensure that the GPO enforces the written security policy. Which two additional actions should you perform to configure the GPO? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. Your company uses an accounting and payroll application. Twenty payroll clerks use the application to input data from their client computers to a database running on a Microsoft SQL Server 2000 computer named Server1.

You need to prevent unauthorized interception of the data as it travels over the company network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)