What should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend changes to the Active Directory environment that support the plan to
establish Trey Research.
What should you recommend?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend changes to the environment to resolve the logon issues that were reported
by the users from the China domain.
What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a solution for the users’ personal documents that meets the museum’s
security requirements.
What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a network access solution for the remote users that meets the museum’s
technical requirements.
What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You are evaluating implementing a remote access solution for the Woodgrove Bank network. You
need to recommend a security solution for the client computers that meets the company’s security
requirements. What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You are evaluating the deployment of a separate Active Directory site in each office. You need to
recommend changes to the Active Directory infrastructure to support the new sites. What should
you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You need to recommend changes to the Active Directory infrastructure of Woodgrove Bank. The
changes must support the company’s planned changes. What should you include in the
recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You are evaluating the deployment of a read-only domain controller (RODC) in the planned satellite
office. You need to ensure that the RODC can replicate changes from the domain controllers in the
main office. What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You need to recommend a public key infrastructure (PKI) solution that meets the company’s security
requirements. What should you include in the recommendation?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 7
Woodgrove Bank
Company Overview
Woodgrove Bank is an international investment banking institution. Woodgrove Bank has a partner
company named Contoso, Ltd.
Physical Location
Woodgrove Bank has a main office and 10 branch office. Each branch office has a WAN link to the
main office.
Existing Environment
Active Directory Environment
The Woodgrove Bank network contains an Active Directory forest named woodgrovebank.com. The
forest contains multiple domains and one Active Directory site. The functional level of the forest is
Windows Server 2003.
Each office has domain controllers for the forest root domain. Each office also contains domain
controllers for at least one other domain.
The Contoso network contains an Active Directory forest. The forest contains one domain named
contoso.com. The functional level of the domain is Windows Server 2003.
Network Infrastructure
The woodgrove Bank network contains the following applications and servers:
• A line-of-business application named App1.
• Servers that run either Windows Server 2003 or Windows Server 2008.
• Domain controllers in the main office run Windows Server 2003.
• An enterprise root certification authority (CA) that runs Windows Server 2003. The
certificate revocation list (CRL) is published to an internal Web site.
All client computers in the contoso.com run a 64-bit version of Windows 7.
Security Model
Users in Woodgrove Bank’s research department are required to use smart card authenticate to log
on to the network.
Requirements
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Provide Contoso users access to App1.
• Deploy a satellite office that will have one domain controller.
• Provide users in both companies access to the resources in either forest by using a single set
of credentials.
• Implement e-mail notification for department managers when new versions of shared
documents are saved to a network location.
Technical Requirements
All users in the planned satellite office must always attempt to authenticate to their local domain
controller first.
Security Requirements
• Woodgrove Bank must meet the following security requirements:
• Server in contoso.com must be able to trust certificates issued by the CA of
woodgrovebank.com.
• App1 must only be available to Contoso users when the users are connected to the
Woodgrove Bank network.
• Users in contoso.com must be able to automatically enroll for certificates from the CA of
Woodgrove Bank.
• Internal auditors must have full administrative rights on all client computers in the finance
department.
• Only client computers that have Microsoft Forefront EndPoint Protection installed must be
able to remotely connect to the Woodgrove Bank network.
###EndCaseStudy###
You need to recommend a solution for App1 that meets the company’s security requirements.
What should you include in the recommendation?