A company wants to prevent employees who access the company’s Remote Desktop Session Hosts (RD Session Hosts) from introducing malware onto the corporate network.
You have the following requirements:
– Ensure that only client computers that have an up-to-date antivirus program installed can connect to the RD Session Hosts.
– Display a notification when a client computer that does not meet the antivirus requirements attempts to connect to an RD Session Host. Provide information about how to resolve the connection problem.
– Ensure that client computers can access only the RD Session Hosts.
You need to recommend a Remote Desktop Services (RDS) management strategy that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.
Deploy a Remote Desktop Gateway in a perimeter network. Install and configure a Network Policy and Access Services server. Configure the System Health Validator. Enable the Remote Desktop Gateway Network Access Protection Enforcement Client. Configure Remote Desktop Connection Authorization Policies and Remote Desktop Resource Authorization Polices.
B.
Deploy the Routing and Remote Access Service in a perimeter network to support VPN connections. Install and configure a Network Policy and Access Services server. Enable the Network Access Protection VPN Enforcement Client. Configure the System Health Validator.
Configure static routes on the VPN server to allow access only to the RD Session Hosts.
C.
Deploy a Remote Desktop Gateway in a perimeter network. Configure Remote Desktop Connection Authorization Policies and Remote Desktop Resource Authorization Polices.
Configure a logon message.
D.
Deploy the Routing and Remote Access Service in a perimeter network to support VPN connections. Configure Connection Request Policies to specify which computers can connect to the corporate network. Configure static routes on the VPN server to allow access only to the RD Session Hosts.
Explanation:
NAP with SHVs configured will ensure that teh AV is installed and up to date. if they ar not you can direct them to a quatantine/remediation server to update
http://www.techrepublic.com/article/solutionbase-configuring-network-access-protection-for-windows-server-2008/178022
RD RAP
Remote Desktop resource authorization policies (RD RAPs) allow you to specify the internal network resources (computers) that remote users can connect to through an RD Gateway server.
http://technet.microsoft.com/en-us/library/cc730630RD CAP
Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server
http://technet.microsoft.com/en-us/library/cc731544