3. When creating a GPO for an organizational unit called Servers, you define a par
ticular audit policy and configure it to audit successes only. When creating a GPO
for an organizational unit called Infrastructure, which is a child of the Servers organ
izational unit, you configure the same policy to audit failures only. What is the
effective value of that policy for a computer object in the Infrastructure container?
a. Undefined
b. Success only
c. Failure only
d. Success and Failure
Lesson Summary
■ When creating security configurations for servers that perform specific roles, you
can build on your secure baseline configuration.
■ An Active Directory object can receive policy settings from multiple GPOs and
apply them in a particular order.
■ Active Directory objects do not contain GPOs; they are only linked to them. You
can link a single GPO to multiple objects and make global changes by modifying
that single GPO.
■ Organizational unit objects inherit policy settings from the GPOs applied to their
parent objects.
■ Policy settings from a GPO linked directly to an object take precedence over set
tings inherited from a parent object’s GPO.
Case Scenario Exercise
You are the network infrastructure design specialist for Litware Inc., a manufacturer of
specialized scientific software products, and you have already created a basic network
design for their new office building, as described in the Case Scenario Exercise in
Chapter 1. You are currently designing a security infrastructure for the company’s com
puters running Windows Server 2003. The servers running Windows Server 2003 on
the network are as follows:
■ Three Active Directory domain controllers also running the DNS Server service
with Active Directory-integrated zones
■ Four file and print servers
■ Six Web servers running IIS
Your first task is to create a GPO for a baseline installation. This baseline GPO leaves
the audit and Event Log policies undefined but uses the System Services policies to dis
able the following services:
Alerter
Network DDE DSDM
Print Spooler
Application Management
ClipBook
Remote Access Auto Connection Manager
Distributed File System
Remote Access Connection Manager
Distributed Transaction Coordinator
Removable Storage
Fax Service
Routing And Remote Access
Indexing Service
Secondary Logon
Internet Connection Firewall (ICF)/
Smart Card
Internet Connection Sharing (ICS)
License Logging
Task Scheduler
Messenger
Telephony
NetMeeting Remote Desktop Sharing
Telnet
Network DDE
Uninterruptible Power Supply
The baseline GPO also enables the following Security Options policies:
■ Devices: Restrict CD-ROM Access To Locally Logged-on User Only
■ Devices: Restrict Floppy Access To Locally Logged-on User Only
■ Interactive Logon: Require Domain Controller Authentication To Unlock Workstation
■ Microsoft Network Client: Digitally Sign Communications (Always)
■ Microsoft Network Server: Digitally Sign Communications (Always)
To deploy the baseline GPO, you create a new organizational unit called Servers in
your Active Directory domain. You then create four organizational units beneath Serv
ers, called DomCtrlrs, DHCP, FilePrint, and WebSvrs. Your plan is to create a GPO with
role-specific settings for each of these four containers.
Based on this information, answer the following questions:
Bạn đang xem 3. - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 293 PHẦN 6 PPTX
