Answer: C 

Explanation: 

Explanation 

Identical to F/Q33. Explanation 1: http://technet.microsoft.com/en-us/library/cc732517.aspx Certificate Web enrollment cannot be used with version 3 certificate templates. Explanation 2: http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates. 

Answer: C 

Explanation: 

Since the member server is collecting all domain controller events we just need to run the Create Basic Task Wizard on the member server, which enables us to send an e-mail when a specific event is logged. Running the wizard on every domain controller would work, but is much more work and we need to use the minimum amount of administrative effort. 

Explanation: 

http://technet.microsoft.com/en-us/library/cc748900.aspx 

To Run a Task in Response to a Given Event 

1. Start Event Viewer. 

2. In the console tree, navigate to the log that contains the event you want to associate with a task. 

3. Right-click the event and select Attach Task to This Event. 

4. Perform each step presented by the Create Basic Task Wizard. In the Action step in the wizard you can decide to send an e-mail. 

Answer: C 

Explanation: 

http://www.microsoft.com/en-us/download/details.aspx?id=3628 Group Policy PExplanation Client Side Extensions for Windows XP (KB943729) Multiple Group Policy PExplanations have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1). 

Multiple Group Policy PExplanations have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1). Group Policy PExplanations enable information technology professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. After you install this update, your computer will be able to process the new Group Policy PExplanation extensions. http://www.petenetlive.com/KB/Article/0000389.htm 

Server 2008 Group Policy PExplanations and Client Side Extensions Problem Group Policy PExplanations (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the "Client side Extensions" (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way. 

C:\Documents and Settings\usernwz1\Desktop\1.PNG 

Solution 

You may not have noticed, but if you edit or create a group policy in Server 2008 now, you will see there is a "PExplanations" branch. Most IT Pro's will have seen the addition of the "Policies" folder some time ago because it adds an extra level to get to the policies that were there before :) 

C:\Documents and Settings\usernwz1\Desktop\1.PNG 

OK Cool! What can you do with them? 

1. Computer PExplanations: Windows Settings 

Environment: Lets you control, and send out Environment variables via Group Policy. 

Files: Allows you to copy, modify the attributes, replace or delete a file (for folders see the 

next section). 

Folder: As above, but for folders. 

Ini Files: Allows you to Create, Replace, Update or Delete an ini file. 

Registry: Allows you to Create, Replace, Update or Delete a Registry value, You can either 

manually type in the Explanation use a Wizard, or extract the key(s) values you want to send 

them out via group policy. 

Network Shares: Allow you to Create, Replace, Update, or Delete shares on clients via 

group policy. 

Shortcuts: Allows you to Create, Replace, Update, or Delete shortcuts on clients via group 

policy. 

2. Computer PExplanations: Control Panel Settings 

Data Sources: Allows you to Create, Replace, Update, or Delete, Data Sources and ODBC 

settings via group policy. (Note: there's a bug if your using SQL authentication see here). 

Devices: Lets you enable and disable hardware devices by type and class, to be honest it's 

a little "clunky". 

Folder Options: Allows you to set "File Associations" and set the default programs that will 

open particular file extensions. 

Local Users and Groups: Lets you Create, Replace, Update, or Delete either local users 

OR local groups. 

Handy if you want to create an additional admin account, or reset all the local 

administrators passwords via group policy. 

Network Options: Lets you send out VPN and dial up connection settings to your clients, 

handy if you use PPTP Windows Server VPN's. 

Power Options: With XP these are Power Options and Power Schemes, With Vista and 

later OS's they are Power Plans. This is much needed, I've seen many "Is there a group 

policy for power options?" or disabling hibernation questions in forums. And you can use 

the options Tab, to target particular machine types (i.e. only apply if there is a battery 

present). 

Printers: Lets you install printers (local or TCP/IP), handy if you want all the machines in 

accounts to have the accounts printer. 

Scheduled Tasks: Lets you create a scheduled task or an immediate task (Vista or Later), 

this could be handy to deploy a patch or some virus/malware removal process. 

Service: Essentially anything you can do in the services snap in you can push out through 

group policy, set services to disables or change the logon credentials used for a service. In 

addition you can set the recovery option should a service fail. 

3. User Configuration: Windows Settings 

Applications: Answers on a Postcard? I can't work out what these are for! 

Drive Mappings: Traditionally done by login script or from the user object, but use this and 

you can assign mapped drives on a user/group basis. 

Environment: As above lets you control and send out Environment variables via Group 

Policy, but on a user basis. 

Files: As above. allows you to copy, modify the attributes, replace or delete a file (for 

folders see the next section), but on a user basis. 

Folders: As above, but for folders on a user by user basis. 

Ini Files: As above, allows you to Create, Replace, Update or Delete an ini file, on a user by 

user basis. 

Registry: As above, allows you to Create, Replace, Update or Delete a Registry value, You 

can either manually type in the Explanation use a Wizard, or extract the key(s) values you 

want to send out via group policy, this time for users not computers. 

Shortcuts: As Above, allows you to Create, Replace, Update, or Delete shortcuts on clients 

via group policy for users. 

4. User Configuration: Control Panel Settings 

All of the following options are covered above on "Computer Configuration" 

Data Sources Devices Folder Options Local Users and Groups Network Options Power Options Printers Scheduled Tasks Internet Settings: Using this Group Policy you can specify Internet Explorer settings/options on a user by user basis. Regional Options: Designed so you can change a users Locale, handy if you have one user who wants an American keyboard. Start Menu: Provides the same functionality as right clicking your task bar > properties > Start Menu > Customise, only set user by user. Explanations: http://technet.microsoft.com/en-us/library/dd367850%28WS.10%29.aspx Group Policy PExplanations 

Answer: B 

Explanation: 

Answer: D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc732110.aspx Install the Active Directory Schema Snap-In You can use this procedure to first register the dynamic-link library (DLL) that is required for the Active Directory Schema snap-in. You can then add the snap-in to Microsoft Management Console (MMC). To install the Active Directory Schema snap-in 

1. To open an elevated command prompt, click Start, type command prompt and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator and then click OK. To open an elevated command prompt in Windows Server 2012, click Start, type cmd, right click cmd and then click Run as administrator. 

2. Type the following command, and then press ENTER: regsvr32 schmmgmt.dll 

3. Click Start, click Run, type mmc and then click OK. 

4. On the File menu, click Add/Remove Snap-in. 

5. Under Available snap-ins, click Active Directory Schema, click Add and then click OK. 

6. To save this console, on the File menu, click Save. 

7. In the Save As dialog box, do one of the following: 

* To place the snap-in in the Administrative Tools folder, in File name, type a name for the snap-in, and then click Save. 

* To save the snap-in to a location other than the Administrative Tools folder, in Save in navigate to a location for the snap-in. In File name, type a name for the snap-in, and then click Save 

Answer: B 

Answer: D 

Explanation: 

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9931e32f-6302-40f0-a7a1-2598a96cd0c1/ DC promotion and adprep/forestprep 

Q: I've tried to dcpromo a new Windows 2008 server installation to be a Domain Controller, running in an existing domain. I am informed that, first, I must run adprep/forestprep ("To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the Windows\sources\adprep folder" 

A1: 

You can run adprep from an existing Windows Server 2003 domain controller. Copy the 

contents of the \sources\adprep folder from the Windows Server 2008 installation DVD to 

the schema master role holder and run Adprep from there. 

A2: to introduce the first W2K8 DC within an AD forest.... 

 (1) no AD forest exists yet: 

--> on the stand alone server execute: DCPROMO 

--> and provide the information needed 

 (2) an W2K or W2K3 AD forest already exists: 

--> ADPREP /Forestprep on the w2k/w2k3 schema master (both w2k/w2k3 forests) 

--> ADPREP /rodcprep on the w2k3 domain master (only w2k3 forests) 

--> ADPREP /domainprep on the w2k3 infrastructure master (only w2k3 domains) 

--> ADPREP /domainprep /gpprep on the w2k infrastructure master (only w2k domains) 

--> on the stand alone server execute: DCPROMO 

--> and provide the information needed 

Answer: D 

Explanation: 

http://windows.microsoft.com/en-us/windows7/windows-cardspace-for-itpros# 

BKMK_HowdoIbackupmycardsortransferthemtoanothercomputer 

Windows CardSpace for IT pros 

Microsoft Windows CardSpace. is a system for creating relationships with websites and 

online services. 

Windows CardSpace provides a consistent way for: 

Sites to request information from you. 

You to review the identity of a site. 

You to manage your information by using Information Cards. 

You to review card information before you send it. 

Windows CardSpace can replace the user names and passwords that you use to register 

with and log on to websites and online services. 

15. How do I back up my cards or transfer them to another computer? 

Cards are stored on your computer in an encrypted format. To save a backup file 

containing some or all of your cards or to use a card on a different computer, you can save 

cards to a backup card file. 

To back up your cards: 

1. Start Windows CardSpace. 

2. View all your cards. 

3. In the pane on the right of your screen, click Back up cards. 

4. Select the cards that you want to back up. 

5. Browse to the folder where you want to save the backup card file, and then give it a 

name. 

When you complete these steps, you save a file containing some or all of your cards. You 

can copy the backup card file to media such as a Universal Serial Bus (USB) storage 

device, CD, or other digital media. You can restore the backup card file on this computer or 

on another computer. 

To restore your cards 

1. Save the backup card file to the computer. 

2. Browse to the location of the file on the computer. 

3. Double-click the file, and then follow the instructions to restore the cards. 

Answer: B 

Explanation: 

http://blog.imanami.com/blog/bid/68864/Delete-or-disable-an-Active-Directory-account-One-best-practice Delete or disable an Active Directory account? One best practice. I was recently talking to a customer about the best practice for deprovisioning a terminated employee in Active Directory. Delete or disable? Microsoft doesn't give the clearest direction on this but common sense does. The case for deleting an account is that, BOOM, no more access. No ifs ands or buts, if there is no account it cannot do anything. The case for disabling an account is that all of the SIDs are still attached to the account and you can bring it back and get the same access right away. And then the reason for MSFT's lack of direction came into play. Individual needs of the customer. This particular customer is a public school system and they often lay off an employee and have to re-hire them the next month or semester. They need that account back. 

Answer: D 

Explanation: 

Since the account store has already been configured, what needs to be done is to use the account store to map an AD DS global security group to an organization claim (called group claim extraction). So that's what we need to create for authentication: an organization claim. 

Creating a resource/account partner is part of setting up the Federation Trust. 

Explanation 1: http://technet.microsoft.com/en-us/library/dd378957.aspx 

Configuring the Federation Servers [All the steps for setting up an AD FS environment are listed in an extensive step-by-step guide, too long to post here.] 

Explanation 2: http://technet.microsoft.com/en-us/library/cc732147.aspx 

Add an AD DS Account Store If user and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS as anaccount storeon a federation server in the Federation Service that authenticates the accounts. 

Explanation 3: http://technet.microsoft.com/en-us/library/cc731719.aspx 

Map an Organization Group Claim to an AD DS Group (Group Claim Extraction) When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS)account storefor an account Federation Service, you mapan organization group claimto a security group in AD DS. This mapping is called a group claim extraction.