MCSE 2003 Security 70-290 exam demo

May.27, 2009 in IT Technology

70-290 Exam Demo is Powered by Pass4sure.

1. Configure Policies

1. Open Active Directory Users And Computers.
2. Select the domain node, Contoso.com
3. From the Action menu, choose Properties.
4. On the Group Policy tab, select Default Domain Policy and then click Edit.
5. Navigate to Computer Configuration, Windows Settings, Security Settings, AccountPolicies, and finally Account Lockout Policy.
6. Double-click the Account Lockout Duration policy.
7. Select the Define This Policy Setting check box.
8. Type 0 for the duration, then click Apply.
The system will prompt you that it will configure the account lockout threshold and reset counter policies. Click OK.
9. Click OK to confirm the settings, and then click OK to close the Policy dialog box.
10. Confirm that the Account Lockout Duration policy is zero, the threshold is 5, andthe reset counter policy is 30 minutes.
11. Close the Group Policy Object Editor window.
12. Click OK to close the Properties dialog box for the contoso.com domain.
13. Select the Domain Controllers container, under the domain node.
14. From the Action menu, click Properties.
15. On the Group Policy tab, select Default Domain Controllers Policy and click Edit.
16. Navigate to Computer Configuration, Windows Settings, Security Settings, LocalPolicies, and finally Audit Policy.
17. Double-click the Audit Account Logon Events policy.
18. Select Define These Policy Settings, select both Success and Failure, and thenclick OK.
19. Double-click the Audit Logon Events policy.
20. Select Define These Policy Settings, select both Success and Failure, and thenclick OK.
21. Double-click the Audit Account Management policy.
22. Select Define These Policy Settings, select Success, and then click OK.
23. Close the Group Policy Object Editor window.
24. Click OK to close the Properties dialog box for the Domain Controllers Propertiesdialog box.

2. Create a User Profile Template

1. Create a user account that will be used solely for creating profile templates. Use the following guidelines when creating the account:
Text Box Name Enter
First Name Profile
Last Name Account
User Logon Name Profile
User Logon Name (Pre-Windows 2000) Profile
2. Log off of Server01.
3. Log on as the Profile account.
4. Customize the desktop. You might create shortcuts to local or network resources, such as creating a shortcut to the C drive on the desktop.
5. Customize the desktop using the Display application in Control Panel. On the Desktop page of the Display Properties dialog box, you can configure the desktop background and, by clicking Customize Desktop, add the My Documents, My Computer, My Network Places, and Internet Explorer icons to the desktop.
6. Log off as the Profile account.

3.Exporting the Users from an Organizational Unit

In this exercise, you will export the entire contents of an OU named Marketing, complete with all its users, from the contoso.com domain.
1. In the contoso.com domain (Server01 is a domain controller for contoso.com), create an OU named Marketing.
2. In the Marketing OU, add two or three users. These users may be named whatever you choose.
3. Open a command prompt and type the following LDIFDE command (the character : indicates continuation to the next line)
ldifde -f marketing.ldf -s server01 :-d “ou=Marketing,dc=contoso,dc=com” :-p subtree -r : “(objectCategory=CN=Person,CN=Schema,CN=Configuration,:DC=contoso,DC=com)” Figure 4-4 shows the code in action.

Figure 4-4 Output of LDIFDE export–Marketing OU

This creates a LDIF file named Marketing.ldf by connecting to the server named Server01 and executing a subtree search of the Marketing OU for all objects of the category Person.

4. Configuring NTFS Permissions

1. Open the c:\docs folder that was shared in Lesson 1’s practice.
2. Create a folder called Project 101.
3. Open the ACL editor by right-clicking Project 101, choosing Properties, and click_ing the Security tab.
4. Configure the folder so that the folder allows the access outlined in the table below. This will require you to consider and configure, inheritance and permis_sions for groups.
Security Principal Access
Administrators Full Control
Users in the Project101 Team Can read data, add files and folders, and have full control of the files and folders they create.
Managers Can read and modify all files, but cannot delete any files that they did not create. Managers should have full control of the files and folders they create
System Services running as the System account should have full control
When you believe you have configured correct permissions, click Apply and click Advanced. Compare the Advanced Security Settings dialog box to the dialog box shown in Figure 6-10.
To configure these permissions, you must disallow inheritance. Otherwise, all users, not just those in the Project 101 group, will be able to read files in the Project 101 folder. The parent folder, c:\docs, is propagating the Users: Allow Read & Execute per-mission. The only way to prevent this access is to deselect the Allow Inheritable Per-missions From The Parent… option. Notice that the requirements did not specify that you needed to prevent Users from reading, but it was also not indicated that Users required read access, and it is a security best practice to permit only the minimum required access. After disallowing inheritance, the Advanced Security Settings dialog box should look like the dialog box in Figure 6-10.

Figure 6-10 The Permissions tab of the Advanced Security Settings dialog box

The option to allow inheritance has been deselected and all permissions are shown as . Administrators, System, and Creator Owner have full control. Remem_ber that when Creator Owner has full control, a user who creates a file or folder is given full control of that resource. The Project 101 group is listed as having a special permission entry. If you select that entry and click View/Edit, you will see the specific permissions assigned to the Project 101 group should match the dialog box shown in Figure 6-11.

Figure 6-11 Special permissions for the Project 101 group

The Managers have Allow: Read, Write & Execute permission. This template includes the permissions to create files and folders and, like Project 101 team members, if a manager creates a resource, Managers are given the Creator Owner permissions for that resource. This permission set does not allow Managers to delete other users’ files. Remember that the Modify permissions template, which you did not assign, does include the Delete permission.

Tags: 70-290 exam demo, MCSE 2003

Welcome

Hi, Visitor.
Welcome To My Blog. It's The IT Certification World. Let's Work Together!

Recent Posts
Blogroll
Archives
- January 2010 (4)
- November 2009 (1)
- October 2009 (4)
- September 2009 (4)
- August 2009 (2)
- July 2009 (13)
- June 2009 (17)
- May 2009 (8)
- April 2009 (24)
- March 2009 (58)
- February 2009 (70)
- January 2009 (28)
- December 2008 (43)
- November 2008 (21)

IT Certification

Including any IT exam information