The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
You are deploying a WAP in one of the company’s locations. You need to ensure that wireless
connectivity meets the company’s requirements. What should you recommend? (Choose all that
apply.)
Which two actions should you perform in sequence?
###BeginCaseStudy###
Case Study: 12
Tailspin Toys
Scenario:
Background
You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and
distributes children’s toys. The network environment includes a server infrastructure running
on Windows Server 2003 Service Pack (SP) 2 and Windows Server 2008 R2, Active
Directory with the forest and domain levels set at Windows Server 2003, and Active
Directory Certificate Services (AD CS) running on Windows Server 2008 R2. The company
has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA). The company
sites, network connectivity, and site technologies are shown in the following table.
The company’s domain controller layout and details are shown in the following table.
The company’s client computer configuration details are shown in the following table.
The company uses Microsoft SharePoint 2010 as the company intranet and as a document
repository for company-related Microsoft Office documents. The URL for the intranet is
intranet.tailspintoys.com. There is a Group Policy object (GPO) that applies to all client
computers that allows employees who are connected to the corporate network to go to the
intranet site without having to enter authentication information.
All users are using Microsoft Internet Explorer 8. All users have enabled the Internet
Explorer SmartScreen Filter and the Internet Explorer phishing filter. All of the desktop
support technicians are members of a security group named Desktop Admins. The Desktop
Admins group is a member of the local Administrators group on all client computers. The
desktop support technicians use the Microsoft Diagnostics and Recovery Toolset to perform
various troubleshooting and repairs.
All Windows 7 client computers have a directory named tailspintoys\scripts in the root of the
operating system drive. The directory contains four unique .vbs files named scriptl.vbs,
script2.vbs, script3.vbs, and script4.vbs.
Software Environment
• An existing GPO named AppLockdown applies to Windows 7 machines and uses
AppLocker to ensure that:
No .bat files are allowed to be run by users and rules are enforced
• An existing GPO named RestrictApps applies to Windows XP client computers and
uses a Software Restriction Policy to ensure that:
No .bat files are allowed to be run by users and rules are enforced
Data Protection Environment
• Some users at the Manufacturing site use EFS to encrypt data.
• A user account named EFSAdmin has been designated as the Data Recovery Agent
(DRA).
• The DRA certificate and private key are stored on a portable USB hard drive.
As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in
a month to perform the yearly audit. To prepare for the audit, management has asked you to
participate in an internal review of the company’s existing security configurations related to
network security and data security. The management team has issued the following
requirements:
New software requirements
• All installation programs must be digitally signed.
• Minimum permissions must be granted for installation of programs.
Internet Explorer requirements
• Users must not be able to bypass certificate warnings.
• Users must not be able to add Internet Explorer add-ons unless the add-ons are
approved by IT.
Data protection requirements
• All portable storage devices must use a data encryption technology. The solution must
meet the following requirements:
Allow all users a minimum of read access to the encrypted data while working from their
company client computers.
Encrypt entire contents of portable storage devices.
Minimize administrative overhead for users as files and folders are added to the portable
storage devices.
• Recovery information for client computer hard drives must be centrally stored and
protected with data encryption.
###EndCaseStudy###
DRAG DROP
You create an exception to the existing add-on company policy for Microsoft Internet Explorer. You
need to modify the Group Policy to ensure that users can manage specific Internet Explorer add-ons.
Which two actions should you perform in sequence? (To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.)
Which two actions should you perform in sequence?
###BeginCaseStudy###
Case Study: 12
Tailspin Toys
Scenario:
Background
You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and
distributes children’s toys. The network environment includes a server infrastructure running
on Windows Server 2003 Service Pack (SP) 2 and Windows Server 2008 R2, Active
Directory with the forest and domain levels set at Windows Server 2003, and Active
Directory Certificate Services (AD CS) running on Windows Server 2008 R2. The company
has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA). The company
sites, network connectivity, and site technologies are shown in the following table.
The company’s domain controller layout and details are shown in the following table.
The company’s client computer configuration details are shown in the following table.
The company uses Microsoft SharePoint 2010 as the company intranet and as a document
repository for company-related Microsoft Office documents. The URL for the intranet is
intranet.tailspintoys.com. There is a Group Policy object (GPO) that applies to all client
computers that allows employees who are connected to the corporate network to go to the
intranet site without having to enter authentication information.
All users are using Microsoft Internet Explorer 8. All users have enabled the Internet
Explorer SmartScreen Filter and the Internet Explorer phishing filter. All of the desktop
support technicians are members of a security group named Desktop Admins. The Desktop
Admins group is a member of the local Administrators group on all client computers. The
desktop support technicians use the Microsoft Diagnostics and Recovery Toolset to perform
various troubleshooting and repairs.
All Windows 7 client computers have a directory named tailspintoys\scripts in the root of the
operating system drive. The directory contains four unique .vbs files named scriptl.vbs,
script2.vbs, script3.vbs, and script4.vbs.
Software Environment
• An existing GPO named AppLockdown applies to Windows 7 machines and uses
AppLocker to ensure that:
No .bat files are allowed to be run by users and rules are enforced
• An existing GPO named RestrictApps applies to Windows XP client computers and
uses a Software Restriction Policy to ensure that:
No .bat files are allowed to be run by users and rules are enforced
Data Protection Environment
• Some users at the Manufacturing site use EFS to encrypt data.
• A user account named EFSAdmin has been designated as the Data Recovery Agent
(DRA).
• The DRA certificate and private key are stored on a portable USB hard drive.
As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in
a month to perform the yearly audit. To prepare for the audit, management has asked you to
participate in an internal review of the company’s existing security configurations related to
network security and data security. The management team has issued the following
requirements:
New software requirements
• All installation programs must be digitally signed.
• Minimum permissions must be granted for installation of programs.
Internet Explorer requirements
• Users must not be able to bypass certificate warnings.
• Users must not be able to add Internet Explorer add-ons unless the add-ons are
approved by IT.
Data protection requirements
• All portable storage devices must use a data encryption technology. The solution must
meet the following requirements:
Allow all users a minimum of read access to the encrypted data while working from their
company client computers.
Encrypt entire contents of portable storage devices.
Minimize administrative overhead for users as files and folders are added to the portable
storage devices.
• Recovery information for client computer hard drives must be centrally stored and
protected with data encryption.
###EndCaseStudy###
DRAG DROP
A user lost his EFS private key and cannot access his encrypted folder. Based on the company’s
current configuration, you need to ascertain how to recover the encrypted folder. Which two actions
should you perform in sequence? (To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.)
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
After you modify Corp GPO, users cannot log on to their computers. You need to ensure that users
can log on to their computers. What should you do? (Choose all that apply.)
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
The company’s help desk technicians spend a significant amount of time researching whether
remote access issues are related to the corporate network or to Accounting group users’ Internet
connectivity. You need to recommend a solution that minimizes time spent indentifying the cause of
the remote access issues. What should you recommend?
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
You are expanding the wireless functionality by creating a guest wireless network based on the new
company requirements. You need to ensure that users can connect automatically without providing
credentials. Which security type should you use?
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
You install an application on one of the company’s test computers. The application fails to run and is
affecting other applications. You are unable to uninstall the application successfully. You need to
remove the application from the test computer without modifying user documents. What should
you do?
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
Members of the Sales Support team must contact the help desk to have their AD DS user accounts
unlocked. You need to recommend a solution to ensure that user accounts for members of the Sales
Support team are automatically unlocked 10 minutes after becoming locked. What should you
recommend?
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
You deploy a WAP in one of the company locations. Client computers connect to it by using the WiFi
GPO. You need to ensure that users cannot change the network location for the connection. Which
policy should you define?
The company has enabled password reset through OW
###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.
The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.
The company’s password policy is shown in the following table.
The company’s account lockout policy is shown in the following table.
Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.
• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###
One of the company’s client computers is configured with the company’s System Protection settings.
That computer becomes unresponsive. You run a system restore on the computer. The system
restore does not restore the computer system settings. You need to ensure that all future system
restores for the computer include system settings. You reimage the client computer with the
company’s corporate image. What should you do next?