Your network contains an Active Directory domain named contoso.com. All servers run Windows
Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root
certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined
client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The
solution must not prevent other users from logging on to the domain.
Which tool should you use?
A.
Active Directory Administrative Center
B.
Certificate Templates
C.
The Security Configuration Wizard
D.
The Certificates snap-in
Explanation:
To disable or enable a user account using Active Directory Administrative Center
1. To open Active Directory Administrative Center, click Start , click Administrative Tools , and then
click Active Directory Administrative Center .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type dsac.exe .
2. In the navigation pane, select the node that contains the user account whose status you want to
change.
3. In the management list, right-click the user whose status you want to change.
4. Depending on the status of the user account, do one of the following:
To disable the user account, click Disable .
To enable the user account, click Enable .
Disable or Enable a User Account
I’m so confused why this question exists in “Advanced Configuration” test. This is something for helpdesk folk… I was overthinking it like “Maybe they mean Certificates Snap-in so you can revoke his certificate,” or something like that, lol.
1
1
Obviously, you’re not qualified to be a MCSA. Certificates snap-in is unrelated. You’d need the Certificate Authority console instead.
This question tests your knowledge of certs and revoking certs. Considering the keyword is to prevent USER1 immediately from logging on, revoking certs won’t help and thus you’d need to use either ADUC or ADAC (preferred choice) to disable the account. This isn’t for the typical helpdesk as they’ll need to understand how certs work, in order to make a judgement on what the best choice of action is.
1
7
Fuck, you are a cunt Ricky!!
3
1
lol, you made my day 😀
2
0
Yup. I’m a cunt who got 920/1000 for 412.
0
3
I’m also the same cunt who got 850/1000 for MCSE, studied only for a week. You’re welcome for the answers btw, just know that it’s validated from a cunt like me 🙂
0
5
There are nice ways of saying things, and ways of being a jackass when responding….test score has no bearing on that.
4
0
Looking back at my reply, I wasn’t being clear. In response to Joseph’s comment on “revoking” certs, this is only done in the Certificate Authority console, NOT with using the Certificate snap-in.
However, the question asked about preventing the user from “logon” immediately. Revoking certs won’t do shit and it will take time for this change to propagate out anyway. The best approach is to disable the user account using ADUC or ADAC. Hope that’s clear.
2
0
Microsoft say there are no trick questions. THIS is a trick question. Mentioning smart cards and Certificate Authorities to get you to think about revoking the certificate and publish an updated CRL, when all you need to do it disable the user account.
0
0
I don’t think it’s a trick.
Such situations also happen in real life. I was once often confronted with n00bs or people’s half knowing versions about tech issues quite similar to this one. Ever did 2nd or 3rd level IT support? Then you should know 😀
Even though I’m happy enough to have IT support left far behind concentrating on engineering tasks these days, from time to time some team leader or department head bugs me with complicated stories not knowing how plain and simple stuff could be 😀
0
0
This is obviously a trick question. Yes, disabling the account is the quickest and easiest way. BUT, considering they mentioned Certificate related things .. that leads your mind to consider revoking certs via the snap in.
However, completely disabling the account will prevent any form of log in/usage altogether.
Pretty sneaky by MS..
0
0
pretty MS by Sneaky lol
0
0
Does seem like a trick question, made me do a double take…but comes down to basic practice of disabling the account, at which point it doesn’t matter if they have a certificate (smart card) or not.
0
0