Erstellt von maxwell3254
vor fast 10 Jahre
|
||
A method of controlling settings across your network
contain all the Group Policy settings that you wish to implement to user and computer objects within a site, domain, or OU.
MMC snap-in that is used to create and modify Group Policies and their settings
Administrative Templates are files with the ______ extension
Config this setting on an individual GPO link forces a particular GPO's settings to flow down through the AD, without being blocked by any child OUs
directory object includes subcontainers that hold GPO policy information
Administrators find that _____ ______ implementation helps them to achieve centralized management
3 subnodes within the Computer Configuration and User Configuration nodes
Config this setting on a container object will block all policies from parent containers from flowing to this container
Allows you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain
The default mechanism for authenticating domain users in Windows Server 2008, 2003, and 2000
3 Subcategories of Local Policies
allows the admins to log successful and failed security, such as logon events, account access, and object access
allows an admin to specify group membership lists
This is a Group Policy option that provides an alternative method of obtaining the ordered list of GPOs to be processed for the user
Configured on the Sharing tab of a folder
By default, computer policies are updated in the background every ___ minutes
System Development Life Cycle contain 4 phases :
Helpful when you are deploying required applications to pertinent users and computers
allows users to install the applications that they consider useful to them
Use this option to provide all installation messages and screens for users during the installation of all packages in the GPO
By default, the Software Restriction Policies are has an ____ value in the Default Security Level setting
a series of bytes with a fixed length that uniquely identifies a program or file. Using a ___ ___ on an app executable will check the file's hash value and prevent the app from running if the hash value is not correct
identifies software by specifying the directory path where the application is stored in the file system
This info includes hardware, Group Policy Software Installation settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings
use command _______ to obtain RSoP info on computer and user policies that will affect Sseely
a command-line tool that allows you to create and display an RSoP query from the command line
Using the __ ___ ___ policy setting, you can prevent policy settings from applying to all child objects at the current level and all subordinate levels
Uses the signing cert of an app, can be used to allow software from a trusted source to run or prevent software that does not come from a trusted source from running
Only __ WMI filter can be configured per GPO
method that uses filters written in the WMI Query Language (WQL), similar to SQL, to control GPO application
Windows Server Backup supports the use of __ and __ drives as backup destinations, but doesn't support ___ ___ as backup media
Apply only to Windows Installer packages that attempt to install from a specified zone, such as a loyal comp, a local intranet, trusted sites, restricted sites, or the Internet
If you find yourself in a position where you need to restore an object or container within Active Directory that has been deleted, you perform an....
these are the specific processes or events that you want to track
to assist you with obtaining more detailed info in the event logs, you can set the event logs to record diagnostic info specific to processes related to ___ ____
this command-line tool can analyze the state of the domain controllers in the forest or enterprise and reports any problems to assist in troubleshooting
___ backup will reformat the target drive that hosts the backup files, and thus can only be performed on a loyal physical drive that does not host any critical volumes
the ___ command-line utility allows you to perform an authoritative restore
a ____ restore will restore the Active Directory objects with their original Update Sequence Number (USN), which is the number that each DC assigns to every transaction that is either originated on the DC or replicated from another DC
the ___ database is used through WMI and contains information that is gathered when a computer starts and becomes part of the network
resource record is the functional opposite of the A record, providing an IP address-to-name mapping for the system identified in the Name field using the in-addr.arpa domain name
Windows Server 2008 Active Directory clients rely on the __ ___ to locate the domain controllers they need to validate logon requests
At the top of the domain hierarchy are the__ ___ ___, which are the highest level DNS servers in the entire namespace
in a __ query, the DNS server receiving the name resolution request takes full responsibility for resolving the name
a DNS server that contains no zones and hosts no domains
Contains the master copy of the zone database, in which admins make all changes to the zone's resource records
Resource record identifies which name server is the authoritative source of info data within this domain
ACL allows a user to perform any action against a particular template; should be reserved for CA admins only
ACL allows users or computers to manually request a cert based on the template
in an ___ query, the server that receives the name resolution request immediately responds to the requester with the best info it possesses
A ___ is a DNS server that receives queries from other DNS servers that are explicitly configured to send them
forwards queries selectively based on the domain specified in the name resolution request
a read-only of the data that contains a backup copy of the primary master zone database file, stored as a identical text file on the server's local drive
A copy of a primary zone that contains SOA and NS resource records, plus the Host (A) resource records that identify the authoritative servers for the zone
is an entity, such as Windows Server 2008 server running the AD CS server role, that issues and manages digital certificates for use in a PKI
These are templates used by a CA to simplify the administration and issuance of digital cerificates
small physical devices, usually the size of a credit card or keychain fob, have a digital cert installed on them
Not integrated with Active Directory and requires administrator intervention to respond to certificate requests
Integrates with an Active Directory domain, can use certificate templates to allow autoenrollment of digital certs, as well as store the certs themselves within the AD database
this ACL allows users or computers to be automatically issued certs based on this template
these are used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security, auditing, and so on