Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.
- What risk do you run by making every administrator a member of the Administrators group in a Windows 2000 domain?
- Does the implementation of restricted groups assure that additional users can never be added to a restricted group without modifying the definition of the group?
- If you decide to make help desk personnel members of the Account Operators group so that they can reset passwords for an organization, what issues does that raise?
- What issues are faced for remote administration if an account requires the use of a smart card for logon?
- When features such as Terminal Services or the RunAs service are used, it's possible for several different credentials to be active at the workstation. What methods can you use to determine what security context a process is running under?
- An administrator of the network prefers working at a UNIX workstation. While that person knows that he could perform all administrative tasks from a Windows 2000 workstation, what types of tasks is the administrator limited to at the UNIX workstation using Telnet to administer the network? What are the security risks?