Your company has an Active Directory directory service domain. All file servers run Windows Server 2003 and are located in the FilePrint organizational unit (OU). You create a security template named FilePrint.inf that modifies existing audit settings and disables unwanted services.
You need to apply the FilePrint.inf security template to all file servers, and you must ensure that the security settings applied by the template cannot be overwritten.
What should you do?

You are a network administrator for your company. You need to test a new application. The application requires two processors and 2 GB of RAM. The application also requires shared folders on the application server and requires the installation of software on the client computers. You create the test plan. You assemble a server in the test lab. You install Windows Server 2003, Web Edition on the server. You install the application on the server. You install the client software components for the application on
20 client computers in the test lab. You test the application. You discover that only some of the client computers can run the application. You turn off the client computers that ran the application successfully, and you test again. The client computers that failed in the first test now run the application successfully.
You need to identify the cause of the failure and update your test plan. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers.
The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements.
What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named Servers that contains all of the company’s Windows Server 2003 resource servers. The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers. You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf. The Server.inf template contains hundreds of settings, including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains security settings, none of which contain file or registry permissions settings. The resource servers operate at near capacity during business hours.
You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.
What should you do?

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You install a Windows Server 2003 Enterprise root certification authority (CA). Users are unable to auto-enroll by using an existing version 2 User certificate template that has two registration authorities assigned. Users have the Enroll and Read permissions for the template.
You need to ensure that all users can auto-enroll by using the template. What should you do?

Your company has a single Active Directory directory service forest with three domains. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI). You plan to deploy one root certification authority (CA), one policy CA, and two issuing CAs. You need to manage the health of all the CAs simultaneously. Which console should you use?

Your company has a single Active Directory directory service domain. The company uses a public certification authority (CA). Several stand-alone servers that run Windows Server 2003 reside on a dedicated network segment. The stand-alone servers do not have access to the Internet. You need to specify the IPSec authentication method to use for the stand-alone servers. Which method should you use?

Your company has a single Active Directory directory service domain. You have one primary DNS server and four secondary DNS servers. All DNS servers run Windows Server 2003. The DNS zone is not Active DirectoryCintegrated. Client computers are configured to use only secondary DNS servers for name resolution. Client computers are receiving stale information in response to host name inquiries. You find out that the primary DNS server returns correct information. You need to ensure that client computers can correctly resolve host names. What should you do?