Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.
- What are the differences between the default and basic security templates?
- You're upgrading your Windows 95 computers to Windows 2000. What security template is applied to the upgraded computer to achieve default Windows 2000 security? Are there any security implications you should be aware of?
- You've implemented Terminal Services on a Windows 2000 Advanced Server on your network. You notice that all users who access the terminal server are able to access common areas on the terminal server's local file system. What can you do to restrict access by the individual user accounts?
- During your migration to Windows 2000, your testing has determined that one of your existing applications isn't on the Windows 2000–certified applications list. Due to budget constraints, you can't upgrade to the latest version at this time. What options do you have to allow the application to be used in the upgraded Windows 2000 network?
- Your network uses Novell NetWare 4.11 as its operating system. You've deployed Windows 2000 Professional clients for the Engineering department and want to use security templates to ensure that consistent security configuration is applied to the Windows 2000 Professional clients. What can you do to ensure the consistent application of the security template?
- Figure 8.12 shows the status of your DC after you perform an analysis of your DC's current settings against the settings in your security template.
Figure 8.12 Analysis results for a DC
How would you rate the configuration of this computer against the settings in the security template? Give your answers in the following table.
|Setting|| Rating (Below, Meets, Exceeds)|| Rationale |
|Enforce password history|| |
|Maximum password age|| |
|Minimum password age|| |
|Minimum password length|| |
|Passwords must meet complexity requirements|| |
|Store passwords using reversible encryption|| |
- Your organization has deployed Windows 2000 using a single domain forest for your Active Directory. Once you've created security templates for each configuration of computers in your network, what would be the most efficient way to ensure that the security template is applied to all computers in the same classification?