PrepAway - Latest Free Exam Questions & Answers

What should you do to make sure that the cached credentials for user accounts are only stored in their local b

ABC.comboasts a main office and 20 branch offices.
Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server
installed.
Usersin remote offices complain that they are unable to log on to their accounts.
What should you do to make sure that the cached credentials for user accounts are only stored in their
local branch office RODC server?

PrepAway - Latest Free Exam Questions & Answers

A.
Open the RODC computer account security tab and set Allow on the Receive as permission only for the
users that are unable to log on to their accounts

B.
Add a password replication policy to the main Domain RODC and add user accounts in the security group

C.
Configure a unique security group for each branchoffice and add user accounts to the respective security
group. Add the security groups to the password replication allowed group on the main RODC server

D.
Configure and add a separate password replicationpolicy on each RODC computer account

Explanation:
http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx
Password Replication Policy
When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain
controller that will be its replication partner.
The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be
permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it
refers to the Password Replication Policy to determine if the password for the account should be cached. The
same account can then perform subsequent logons more efficiently.
The Password Replication Policy lists the accounts that are permitted to be cached, and accounts that are
explicitly denied from being cached. The list of user and computer accounts that are permitted to be cached
does not imply that the RODC has necessarily cachedthe passwords for those accounts. An administratorcan,
for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate
those accounts, even if the WAN link to the hub site is offline.


Leave a Reply