You plan to deploy Windows Server 2003 member servers that must use specific IP addresses. You need to ensure that the member servers can use the required IP addresses and that their TCP/IP properties can be updated dynamically. What should you do?

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates. You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory. What should you do?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are creating a security monitoring plan. You need to audit all domain authentication attempts and write these events to an event log on the local computer and also to an event log on the domain controller.
Which two settings in the Default Domain Policy should you plan to configure? (Each correct answer presents part of the solution. Choose two.)

You are the security analyst for your company. The company’s written security policy does not allow direct dial-in connections to the network. During a routine security audit, you discover a Windows Server 2003 server named Server1 that has a modem installed and is connected to an outside analog phone line.
You investigate and discover that Server1 is also running Routing and Remote Access and is used by the sales department. The modem supports the caller ID service. This remote access connection is used by an application at a partner company to upload product and inventory information to Server1. Each day at midnight, the partner application connects to Server1 and uploads the information. The connection never lasts longer than 30 minutes. The application is currently using the sales manager’s domain user account to make the connection. The partner application does not support incoming connections. The partner company has no plans to update this application to support your written security policy, and the sales department requires this updated product and inventory information to be available each morning.
Company management directs you to design a solution that provides the highest level of security for this connection until a more secure solution can be developed by the two companies. You need to design and implement a solution that will ensure that only the partner’s application can connect to your network over the dial-up connection. Your solution must prevent the connection from being used by unauthorized users, and it must allow only the minimum amount of access to the network. Which two actions should you take?
(Each correct answer presents part of the solution. Choose two.)

All servers in your company run Windows Server 2003. You discover that your public IP address is listed on an SMTP blacklist, and that one of your servers is sending unsolicited commercial e-mail that originates from outside your network. You need to ensure that the server does not continue to send the unsolicited commercial e-mail messages. What should you do?

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You control remote access to the internal network by using several custom remote access policies. You need to enforce a maximum session time for all remote connections. In the Routing and Remote Access console, you create a new remote session policy. What should you do next?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You assign an IPSec policy to a member server. Group Policy does not apply the IPSec policy when the member server communicates with a domain controller. You need to find out why Group Policy is not applying the new IPSec policy. What should you do?