What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information?
Active Directory
Active Directory (AD) is a centralized database that is included with the Windows Server operating system. Active Directory is used to store information about a network. It stores such things as user accounts, computers, printers, and security policies.
Match each Active Directory term on the left with its corresponding definition on the right.
Logical organization of resources
Organizational unit
Collection of network resources
Domain
Collection of related domain trees
Forest
Network resource in the directory
Object
Group of related domains
Tree
The Active Directory structure includes the following
components:
> A tree is a group of related domains that share the same contiguous DNS namespace.
> A forest is a collection of related domain trees.
> A domain is an administratively defined collection of network resources that share security policies and a common directory database.
> An organizational unit (OU) is like a folder. > An OU subdivides and organizes network resources within a domain.
> An object is a network resource as identified within Active
Directory.
What should you do to a user account if the user goes on an extended vacation?
Disable the account
Disabling the account is the best measure to protect an inactive account. This prevents the account from being used for login.
If you delete the account or the rights assigned to the account, you have to re-create the account or the rights when the user returns. Leaving the account active might expose it to attack, even if you regularly monitor it.
You are creating a new Active Directory domain user account for the Rachel McGaffey user account. During the account setup process, you assigned a password to the new account.However, you know that the system administrator should not know any user's password for security reasons. Only the user should know his or her own password.Click the option you would use in the New Object - User dialog to remedy this situation.
*Click "User must change password at next logon
When creating a new user account or resetting a forgotten password, a common practice is to reset the user account password and select User must change password at next logon. This forces the user to reset the password immediately following logon, ensuring the user is the only person who knows the password.
Enable the User cannot change password option when you want to maintain control over a guest, service, or temporary account. For example, many applications use service accounts for performing system tasks. The application must be configured with the user account name and password. In this situation, you may also need to enable the Password never expires option. The Account is disabled option is used in situations where you want to create an account in the present, but the user will not actually need the account until a future date.
Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage individual desktop workstation access.
*Click "CORPWS7"
Computer objects are used to manage access for individual computer systems in the domain, including servers, desktops, and notebooks. In this example, the desktop named CORPWS7 is represented by a corresponding computer object in the domain.
A domain (in this case, TESTOUTDEMO.com) is an administratively defined collection of network resources that share a common directory database and security policies.
An organizational unit (OU) subdivides and organizes network resources within a domain. Several OUs are displayed in this scenario, including MarketingManagers, PermMarketing, and TempMarketing.
User objects are used to manage access for individual employees. In this scenario, the employee named Tom Plask is represented by a corresponding user object in the domain.
There are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as:> Use Windows features such as BitLocker, Offline Files, and Parental Controls> Customize the Start menu, taskbar, or desktop environment> Control notifications> Restrict access to Control Panel features> Configure Internet Explorer features and optionsWhat are these settings known as?
Administrative templates
Administrative templates are registry-based settings that can be configured within a GPO to control the computer and the overall user experience. These include:
> Use Windows features such as BitLocker, Offline Files, and Parental Controls
> Customize the Start menu, taskbar, or desktop environment
> Control notifications
> Restrict access to Control Panel features
> Configure Internet
Explorer features and options
Use software restriction policies to define the software permitted to run on any computer in the domain. These policies can be applied to specific users or all users.
Security options allow you to apply or disable rights for all users the Group Policy applies to.
Use account policies to control password settings, account lockout settings, and Kerberos settings.
You want to ensure that all users in the Development OU have a common set of network communication security settings applied.Which action should you take?
Create a GPO computer policy for the computers in the Development OU.
Network communication security settings are configured in the Computer Policies section of a GPO.
Built-in containers (such as the Computers container) and folders cannot be linked to a GPO.
The Hide Programs and Features page setting is configured for a specific user as follows:| Policy - Setting |Local Group Policy - EnabledDefault Domain Policy GPO - Not ConfiguredGPO Linked to the user's organizational unit - DisabledAfter logging in, the user is able to see the Programs and Features page. Why does this happen?
The GPO linked to the user's organizational unit is applied last, so this setting takes precedence.
The GPO linked to the user's organizational unit is applied last. With this in mind, the setting that disables the policy to hide the Programs and Features page takes precedence.
In this question's scenario, Local Group Policy enables the policy to hide the Programs and Features page.
When the Default Domain Policy GPO is applied, this policy is set to Not configured. It doesn't change anything.
When the GPO linked to the user's organizational unit is applied, the setting for this policy is disabled. This reverses the setting in the Local Group Policy and makes the Programs and Features page visible to the user.
The Local Group Policy is applied first. GPOs linked to the user's domain are applied second and take precedence over settings in the Local Group Policy. GPOs linked to the user's organizational unit are applied last and take precedence over any preceding policy settings.
Group Policy Objects (GPOs) are applied in which of the following orders?
Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest).
Group Policy Objects (GPOs) are applied in the following order:
> The Local Group Policy on the computer.
> GPOs linked to the site.
> GPOs linked to the domain that contains the User or Computer object.
> GPOs linked to the organizational unit (OU) that contains the User or Computer object (from the highest-level OU to the
lowest-level OU).
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options.What should you do?
Create a GPO user policy for the Administrators OU.
Internet options are configured in the User Policies section of a GPO. Linking this policy to the Administrators OU only applies it to users in that OU because GPOs linked to OUs are applied last.
If Local Group Policies are created on the Administrator's computers, the policies are overwritten by the GPO that is linked to the domain, which applies a standard set of internet options to all users in the domain. There is already a GPO user policy linked to the domain.