70-640. Microsoft - 70-640 Windows Server 2008 Active Directory, Configuring



Similar documents
PassTest. Bessere Qualität, bessere Dienstleistungen!

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Audit account logon events

Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者

Next-Gen Monitoring of Active Directory. Click to edit Master title style

Enabling Useful Active Directory Auditing

Director and Windows Server 2008 (and 2003)

Installation of MicroSoft Active Directory

20410: Installing and Configuring Windows Server 2012

Installing and Configuring Windows Server 2012 MOC 20410

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Active Directory 2008 Audit Management Pack Guide for Operations Manager 2007 and Essentials 2010

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Module 2. Configuring and Troubleshooting DNS. Contents:

Active Directory Change Notifier Quick Start Guide

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

MS Installing and Configuring Windows Server 2012

Windows Logging Configuration: Audit Policy Configuration

Create, Link, or Edit a GPO with Active Directory Users and Computers

Active Directory Software Deployment

Number: Passing Score: 700 Time Limit: 145 min

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Group Policy for Beginners

Course Outline: Course Installing and Configuring Windows Server 2012

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days

Active Directory integration with CloudByte ElastiStor

Windows Firewall Exceptions Configuring Windows Firewall Exceptions for Docusnap

DeviceLock Management via Group Policy

Administering Group Policy with Group Policy Management Console

Synology NAS Server Windows ADS FAQ

Module 6: Managing and Monitoring Domain Name System

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Active Directory 2008 Operations

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

DeviceLock Management via Group Policy

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Securing Active Directory Presented by Michael Ivy

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

PLANNING AND DESIGNING GROUP POLICY, PART 1

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Managing and Maintaining Windows Server 2008 Active Directory Servers

How to monitor AD security with MOM

How To Install And Configure Windows Server 2003 On A Student Computer

Windows Server 2008 Active Directory Configuration (Exam )

How to install Small Business Server 2003 in an existing Active

EventTracker: Support to Non English Systems

Module 11. Configuring Domain Name System. Contents: Lesson 1: Install and Configure DNS in an AD DS Domain Lab A: Install the DNS Service 11-11

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services

How to connect your new virtual machine to the Internet

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Migrating Active Directory to Windows Server 2012 R2

Updating Your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Endpoint Client Installation using Group Policy (Logon Script):

Module 4: Implementing User, Group, and Computer Accounts

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Creating a Domain Tree

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

How to Configure Microsoft System Operation Manager to Monitor Active Directory, Group Policy and Exchange Changes Using NetWrix Active Directory

Hands-On Microsoft Windows Server 2008

How to Configure the Windows DNS Server

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

SSSD DNS Improvements in AD Environment

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

In the Active Directory Domain Services Window, click Active Directory Domain Services.

Network System Management. Creating an Active Directory Domain

Microsoft Virtual Labs. Active Directory New User Interface

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Active Directory Installation on Windows Server 2012

Installing Active Directory on Windows Server 2008 by Daniel Petri - January 8, 2009 Printer Friendly Version

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Enabling Auditing Manually

Corporate I.T. Services Limited Updating your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3)

The Institute of Internal Auditors Detroit Chapter Presents

Installing and Configuring Windows Server 2012

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

ACTIVE DIRECTORY DEPLOYMENT

Centrify DirectManage: Group Policy Management

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Five days

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Understand Troubleshooting Methodology

Getting Started With Delegated Administration

Using LDAP Authentication in a PowerCenter Domain

5 Configuring a DNS Infrastructure

LAB 1: Installing Active Directory Federation Services

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

Transcription:

Microsoft - 70-640 Windows Server 2008 Active Directory, Configuring 1

QUESTION: 1 You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone. What should you do? A. From the properties of the zone, modify the TTL of the SOA record. B. From the properties of the zone, enable scavenging. C. From the command prompt, run ipconfig /flushdns. D. From the properties of the zone, disable dynamic updates. Answer(s): B Explanation: http://technet.microsoft.com/en-us/library/cc753217.aspx Set Aging and Scavenging Properties for the DNS Server The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time. You can use this procedure to set the default aging and scavenging properties for the zones on a server. Further information: http://technet.microsoft.com/en-us/library/cc771677.aspx Understanding Aging and Scavenging QUESTION: 2 Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. What should you do? A. Run auditpol.exe and then configure the Security settings of the Domain Controllers OU. B. From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes. C. Enable the Audit account management policy in the Default Domain Controller Policy. D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy. Answer(s): A Explanation: http://technet.microsoft.com/en-us/library/cc731607%28v=ws.10%29.aspx AD DS Auditing Step-by-Step Guide In Windows Server 2008 you can now set up AD DS auditing with a new audit subcategory to log old and new values when changes are made to objects and their attributes... 2

The ability to audit changes to objects in AD DS is enabled with the new audit policy subcategory Directory Service Changes. This guide provides instructions for implementing this audit policy subcategory. The types of changes that you can audit include a user (or any security principal) creating, modifying, moving, or undeleting an object. The new audit policy subcategory adds the following capabilities to auditing in AD DS: When a successful modify operation is performed on an attribute, AD DS logs the previous and current values of the attribute. If the attribute has more than one value, only the values that change as a result of the modify operation are logged. If a new object is created, values of the attributes that are populated at the time of creation are logged. If the user adds attributes during the create operation, those new attribute values are logged. In most cases, AD DS assigns default values to attributes (such as samaccountname). The values of such system attributes are not logged. If an object is moved, the previous and new location (distinguished name) is logged for moves within the domain. When an object is moved to a different domain, a create event is generated on the domain controller in the target domain. If an object is undeleted, the location where the object is moved to is logged. In addition, if the user adds, modifies, or deletes attributes while performing an undelete operation, the values of those attributes are logged... In Windows Server 2008, you implement the new auditing feature by using the following controls: Global audit policy System access control list (SACL) Schema Global audit policy Enabling the global audit policy, Audit directory service access, enables all directory service policy subcategories. You can set this global audit policy in the Default Domain Controllers Group Policy (under Security Settings\Local Policies\Audit Policy). In Windows Server 2008, this global audit policy is not enabled by default. Although the subcategory Directory Service Access is enabled for success events by default, the other subcategories are not enabled by default. You can use the command-line tool Auditpol.exe to view or set audit policy subcategories. There is no Windows interface tool available in Windows Server 2008 to view or set audit policy subcategories. Further information: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx Auditpol Displays information about and performs functions to manipulate audit policies. http://servergeeks.wordpress.com/2012/12/31/auditing-directory-services/ AD Scenario Auditing Directory Services Auditing of Directory Services depends on several controls, these are: 1. Global Audit Policy (at category level using gpmc.msc tool) 2. Individual Audit Policy (at subcategory level using auditpol.exe tool) 3. System ACLs to specify which operations are to be audited for a security principal. 4. Schema (optional) this is an additional control in the schema that you can use to create exceptions to what is audited. In Windows Server 2008, you can now set up AD DS (Active Directory Domain Services) auditing with a new audit policy subcategory (Directory Service Changes) to log old and new values when changes are made to AD DS objects and their attributes. This can be done using auditpol.exe tool. 3

Command to check which audit policies are active on your machine: auditpol /get /category:* Command to view the audit policy categories and Subcategories: 4

How to enable the global audit policy using the Windows interface i.e. gpmc tool Click Start, point to Administrative Tools, and then Group Policy Management or run gpmc.msc command. In the console tree, double-click the name of the forest, double-click Domains, double-click the name of your domain, double-click Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information