###BeginCaseStudy###
Case Study: 16
Trey Research
Scenario
COMPANY OVERVIEW
Trey Research is a pharmaceutical company that has a main office and two branch offices.
The main office is located in Denver. The branch offices are located in New York and
Seattle. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
You plan to deploy a new Application named App1. App1 is developed in-house. The binary
executables and support files for App1 contain sensitive intellectual property. Users must
access App1 through document invocation. The users must be prevented from directly
copying or accessing the App1 program files.
EXISTING ENVIRONMENT
The network contains a single Active Directory domain named treyresearch.com. All servers
run Windows Server 2008 R2. All client computers run Windows 7 Enterprise. The network
contains a Web server named Web1 that hosts an intranet site. All users use Web1. Users
report that access to the content on Web1 is slow. You discover that the CPU utilization of
Web1 is approximately 90 percent during peak hours. Microsoft System Center
Configuration Manager is used to deploy updates to all of the client computers.
Existing Network Infrastructure
Each office has several file servers. The file servers have a limited amount of storage space.
Users access the data on all of the file servers. Each branch office has a WAN link to the
main office. Users in the branch office frequently access the file server in the main office.
Current Administration Model
All servers are currently administered remotely by using Remote Desktop. Help desk users
perform the following administrative tasks in the domain:
• Manage printers.
• Create shared folders.
• Manage Active Directory users.
• Modify file permissions and share permissions.
All of the help desk users are members of a global group named HelpDesk. Business Goals.
Trey Research has the following business goals:
• Minimize the cost of making changes to the environment.
• Minimize the cost of managing the network infrastructure and the servers
REQUIREMENTS
Technical Requirements
Trey Research plans to Virtualize all of the servers during the next three years. Trey
Research must meet the following technical requirements for virtualization:
• Simplify the management of all hardware.
• Allocate CPU resources between virtual machines (VMs).
• Ensure that the VMs can connect to multiple virtual local area networks (VLANs).
• Minimize the amount of administrative effort required to convert physical servers to
VMs.
Trey Research must ensure that users can access content in the shared folders if a single
server fails. The solution must also reduce the amount of bandwidth used to access the shared
folders from the branch offices. Trey Research must meet the following technical
requirements for the intranet site:
• Improve response time for users.
• Provide redundancy if a single server fails.
Security Requirements
A new corporate security policy states that only Enterprise Administrators are allowed to
interactively log on to servers.
User Requirements
Users report that it is difficult to locate files in the shared folders across the network. The
users want a single point of access for all of the shared folders in the company.
###EndCaseStudy###
You need to identify each help desk user who bypasses the new corporate security policy. What
should you do?
A.
Configure Audit Special Logon and define Special Groups.
B.
Configure Audit Other Privilege Use Events and define Special Groups.
C.
Configure Audit Sensitive Privilege Use and configure auditing for the HelpDesk group.
D.
Configure Audit Object Access and modify the auditing settings for the HelpDesk group.
Explanation:
http ://technet.microsoft.com/en-us/library/dd772635%28WS.10%29.aspx
This security policy setting determines whether the operating system generates audit events when:
A special logon is used. A special logon is a logon that has administrator-equivalent privileges and
can be used to elevate a process to a higher level.
http ://support.microsoft.com/kb/947223
Special Groups is a new feature in Windows Vista and in Windows Server 2008. The Special Groups
feature lets the administrator find out when a member of a certain group logs on to the computer.
The Special Groups feature lets an administrator set a list of group security identifiers (SIDs) in the
registry. An audit event is logged in the Security log if the following conditions are true:
Any of the group SIDs is added to an access token when a group member logs on.
Note An access token contains the security information for a logon session. Also, the token identifies
the user, the user’s groups, and the user’s rights.
In the audit policy settings, the Special Logon feature is enabled.