You have a single Active Directory directory service domain. All user accounts in the sales department are in an organizational unit (OU) named Sales. Your company has five public computers that are members of the domain. You notice a sales tracking application on one of the public computers. You verify that this application is assigned to users in the Sales OU through a Group Policy object (GPO). You need to ensure that when sales department users log on to the public computers, the applications that are assigned to the Sales OU are not made available on the public computers. What should you do?

You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. All client computers run Windows Vista. The computers in the sales department are located in an organizational unit (OU) named Sales. You use a Default Domain Policy to configure company user and computer settings. You configure a software restriction policy for the domain. The policy prevents users from running software that is not approved. You need to allow computers in the Sales OU to run software that is not approved while maintaining other required settings. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain with three sites. There is a domain controller at each site. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. The IT staff is organized into four groups. The IT staff works at the three different sites. The computers for the IT staff must be configured by using scripts. The script or scripts must run differently based on which site the IT staff user is logging on to and which of the four groups the IT staff user is a member of. You need to ensure that the correct logon script is applied to the IT staff users based on group membership and site location. What should you do?

You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. All client computer accounts are located in an organizational unit (OU) named Workstation. A written company policy states that the Windows 2000 Professional computers must not use offline folders. You create a Group Policy object (GPO) to enforce this requirement. The settings in the GPO exist for both Windows 2000 Professional computers and Windows XP Professional computers. You need to configure the GPO to apply only to Windows 2000 Professional computers. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain. What should you do next?

You have two Active Directory directory service forests named contoso.com and fabrikam.com. All users log on to the contoso.com domain. All servers run Windows Server 2003 and are members of the fabrikam.com domain. You create a one-way forest trust in which fabrikam.com is trusting contoso.com. Forest-wide authentication is enabled. You need to provide only selected users with access to a server in the fabrikam.com domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for your company. Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. You add eight servers for a new application. You create an organizational unit (OU) named Application to hold the servers and other resources for the application. Users and groups in the domain will need varied permissions on the application servers. The members of a global group named Server Access Team need to be able to grant access to the servers. The Server Access Team group does not need to be able to perform any other tasks on the servers. You need to allow the Server Access Team group to grant permissions for the application servers without granting the Server Access Team group unnecessary permissions. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain with three sites named Site1, Site2, and Site3. The sites and site links are configured to use Site2 to connect Site1 and Site3. Each site contains three Windows Server 2003 domain controllers. A domain controller in each site is configured as a preferred bridgehead server. All user and group accounts are created in Site1. Several new users start work in Site2. When they attempt to log on to the network, the logon fails. You confirm that the user accounts are created and are visible in Site1 and Site2. You discover that the preferred IP bridgehead server in Site2 failed. You repair the server and confirm that replication is successful to Site2. You need to ensure that the failure of a single domain controller in any site will not interfere with Active Directory replication between sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)