You have a single Active Directory directory service forest named contoso.com. You have a domain controller named DC1 in the Domain Controllers organizational unit (OU). You change a public key Group Policy setting in the Default Domain Controllers Policy. You need to apply the public key Group Policy change to DC1 immediately. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory
domain. The company’s written domain administration policy requires that help desk employees must have
the ability to reset passwords. The help desk employees must be able to reset passwords for all user
accounts except for members of the Domain Admins global group and members of the Executives global
group. The help desk employees must not have any other administrative rights in the domain. All help desk
employees are members of the Help Desk global group. All members of the Domain Admins group are
located in an organizational unit (OU) named AdminsOU. All members of the Executives group are located
in an OU named ExecutiveOU. All other user accounts are located in an OU named EmployeesOU. The
relevant portion of the OU design for the domain is shown in the exhibit.

You need to configure the permissions for the help desk employees as defined by the written domain administration
policy. What should you do?

You are a network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain
named fabrikam.com. All servers run Windows Server 2003. All client computers run Windows XP
Professional. The company restricts all users so that they can use only authorized applications. All domain
users are authorized to use the Microsoft Office suite of applications. Members of a security group named
CRM Users are also authorized to use a customer relationship management (CRM) application. You
configure Group Policy objects (GPOs) as shown in the exhibit.

The Office Applications GPO has only the Microsoft Office applications listed as allowed applications. The CRM
Application GPO has only the CRM application listed as an allowed application. The CRM Application GPO
has security settings so that it applies only to members of the CRM Users security group. Users who are
members of the CRM Users security group report that they cannot run the CRM application. You need to
reconfigure the domain to meet the following requirements: All users must be able to run the Microsoft
Office applications. Members of the CRM Users security group must be able to run the CRM application. All
users must be prevented from running unauthorized software.Which two actions should you take? (Each
correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. The company consists of two subsidiaries named
Contoso, Ltd., and Fabrikam, Inc. The network consists of a single Active Directory forest that contains
three domains. The domain and site configuration is shown in the exhibit.

A computer named DC1.asia.contoso.com is a domain controller in the asia.contoso.com domain. DC1.asia.
contoso.com is also a global catalog server and the preferred bridgehead server for AsiaSite. The Active
Directory database on on DC1.asia.contoso.com contains 1 GB of data. The Asia departments in the
company are implementing an Active Directory-enabled application. You expect size of the database on
DC1.asia.contoso.com to increase by 200 MB. Active Directory stops responding on DC1.asia.contoso.com.
You discover that the hard disk has less than 5 MB of space remaining. You need to configure DC1.asia.
contoso.com so that Active Directory can restart. You also need to configure the server so that additional
space is available on the hard disk for the additional data that will be added to the Active Directory database.
What should you do?

You have a single Active Directory directory service domain. You use a Group Policy object (GPO) to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO, and you link the GPO to an organizational unit (OU). You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do?

Your company uses a third-party application that is packaged as a Windows Installer file (MSI) and deployed through a Group Policy object (GPO). You are deploying an update to all client computers that have the application installed. You place the MSI file in a shared folder on a file server. You need to ensure that when the new version is installed, users do not lose any personal settings that they made in the existing version. What should you do?

You are the network administrator for Southridge Video. The network consists of a single Active Directory domain named southridgevideo.com. The domain contains one domain controller. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company uses Group Policy objects (GPOs) to configure user and computer settings. The Active Directory database and the SYSVOL shared folder are stored on separate hard disks. The hard disk containing the SYSVOL folder fails. Some Group Policy settings are still applied, but new users do not receive the Group Policy settings. You replace the failed disk. You discover that there are no valid backups of the SYSVOL folder. You have a list of GUIDs and friendly names for each GPO. On the new disk, you create a new shared folder named SYSVOL in the same location as the previous SYSVOL folder. You need to configure the network so hat the user and computer settings will be applied to all users. Which three courses of action should you take? (Each correct answer presents part of the solution. Choose three.)

You have a single Active Directory directory service domain. All client computers run either Windows XP or Windows Vista and are in an organizational unit (OU) named Client Computers. You create a new Group Policy object (GPO) named Secure Desktop to apply security settings. You link the GPO to the Client Computers OU. You examine a users client computer and find that the security settings have not been applied. You need to ensure that the security settings in the GPO are applied immediately after linking the GPO to the OU. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The following table shows the types and quantities of Windows Server 2003 Web and database servers in the domain. The computer accounts for the Web and database servers are located in the default Computers container. The domain also includes many organizational units (OU) that contain other computer accounts. Your company plans to use Group Policy objects (GPOs) to centrally apply security settings to the Web and database server computers. The settings need to be applied as follows: Some security settings need to apply to all Web and database servers. Some security settings need to apply to the nonproduction servers only. Some security settings need to apply to the production servers only and must not be overridden. Other security settings need to apply to specific server types only. You need to create an organizational unit (OU) structure to support the GPO requirements. You want to create as few GPOs and links as possible while using only the default security permissions for GPO links. You also want to limit the number of GPO links to one link per GPO. What should you do?

You are the network administrator for your company. The network structure is shown in the exhibit.

The functional level of both forests is Windows Server 2003. All three domains are Active Directory domains. Domain3 contains a computer named Server1. A shared folder on Server1 is named Share1. Users in an organizational unit (OU) named Accounts in Domain2 need access to Share1. However, whenever the users in the Accounts OU attempt to connect to Share1, they receive an error message stating that access was denied. You need to ensure that users in the Accounts OU can connect to Share1. What should you do?