Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts.

Q.

 

Why is Active Directory given so much discussion in this chapter? This isn't a book for an Active Directory exam.

A.  True, but this book is intended to be fairly self-standing. Active Directory permeates Windows 2000 through and through, and a basic understanding of it will go a long way toward helping you understand and configure security for a Windows 2000 network.

Q.

 

Can I use the Security Configuration and Analysis snap-in to analyze the security configuration of a domain or OU?

A.  Not at this time. This capability should be added in the future. However, at present, you can test scenarios against the current configuration for the local machine.

Q.

 

I would like to use scripts to analyze a number of computers in my domain. What tool would I use to accomplish this task?

A.  The secedit.exe command-line tool allows the administrator to analyze a number of machines by creating scripts that can be automated. You can then view the results of the analysis by opening the database file against which the analysis was run.

Q.

 

Why have the changes I made to the security policy on the local computer not taken effect?

A.  A: Effective policy depends on whether a computer is a member of a domain or an OU. Policy precedence flows in the order in which policies are applied. First the local policy is applied, then site policy is applied, then domain policy is applied, and finally OU policy is applied. If there are conflicts among the policies, the last policy applied prevails.

Q.

 

Can I migrate my existing Windows NT 4.0 policies to Windows 2000?

A.  No. The NT policies were stored in a .pol file, which included things such as group memberships. There is no way for the Windows 2000 Group Policy Model, which is centered on Active Directory, to interpret the entries in the .pol file. Microsoft recommends configuring the settings in the old .pol files in Active Directory. You can do this easily using the security settings extension to the Group Policy Editor. The Windows NT 4.0 .pol files were created by the System Policy Editor, which used .adm files as templates for the options configured in system policy. These files are compatible with Windows 2000 .adm files. However, you should not import these templates, because you might damage the Registries of client machines. This means that after a Registry setting is set using Windows NT 4.0 .adm files, the setting will persist until the specified policy is reversed or the Registry itself is directly edited.



MCSE. MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide Exam 70-214
MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)
ISBN: 1931836841
EAN: 2147483647
Year: 2003
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net