2.1 – Security Measures - Active Directory

Questions and Answers

What information is stored in Active Directory?

• Only computer names and IP addresses.
• List of software installed on each computer.
• Physical locations of all network cables.
• Database of network configurations, including users, computers, and printers. (correct)

Why is Active Directory considered a central database?

• It's the only database needed on the network.
• It stores information about network resources and configurations, accessible via the Active Directory service. (correct)
• It automatically backs up all user files.
• It's accessible from any operating system.

In Active Directory, what does the term 'Windows domain' refer to?

• A security protocol for encrypting network traffic.
• A specific version of the Windows operating system.
• A name associated with a group of users, computers, and resources, managed in a central database. (correct)
• A type of server hardware.

How can you determine if a computer has been added to a Windows domain?

By reviewing the domain configuration in Active Directory. (C)

What is the primary purpose of organizational units (OUs) in Active Directory?

To organize and manage users and computers in a large organization. (A)

What is a practical application of using different OUs for different departments within a company?

To apply specific policies to each department. (A)

If a company has separate OUs for each of its remote locations, what can be a likely benefit?

Application of policies based on the location of a particular site. (B)

In Group Policy Management, what is the sequence to access settings for login scripts?

User Configuration > Policies > Windows Settings > Scripts. (C)

What is the purpose of using login scripts in Active Directory?

To automate tasks like drive mapping or printer sharing when a user logs in. (B)

After creating a login script, how do you apply it to a specific group of users?

By applying the script to a specific organizational unit (OU) in Group Policy Management. (B)

In a batch file used for a login script, what command would you typically use to map a network drive?

net use (B)

If a user is not receiving the group policy updates, which command can be used on the user's computer to manually update the policies?

gpupdate (D)

What is the difference between using gpupdate and gpupdate /force?

gpupdate applies only new policies, while gpupdate /force reapplies all policies. (B)

What is the benefit of storing user files on a central network share instead of local computers?

Simplifies the process of backing up user data. (B)

How can you modify a user's profile to centralize their home folder on a network share?

By configuring the home folder settings in Active Directory Users and Computers. (C)

In the context of setting a home folder path for multiple users, what does the variable %username% represent?

The user's login name. (B)

What Group Policy setting is used to redirect standard user folders like Documents or Desktop to a network share?

Folder Redirection (B)

Where can you configure Folder Redirection settings within Group Policy?

User Configuration > Policies > Windows Settings > Folder Redirection (A)

What is a potential downside of redirecting all user folders to a network server, especially for laptop users?

Inability to access files when the user is not connected to the network. (A)

How does Windows address the potential issue of accessing redirected folders when a user is offline?

By providing options to use files in an offline mode and synchronize changes when back on the network. (D)

What is the primary benefit of using security groups to manage permissions in Active Directory?

It simplifies the process of assigning permissions to multiple users. (D)

If a user requires specific permissions to run reports in addition to their standard job functions, how would you typically manage this in Active Directory?

Create a new security group with the necessary permissions and add the user to that group. (D)

Where can you find the pre-existing and custom groups?

Active Directory Users and Computers. (C)

What is one key advantage of using group policies for managing a large network?

It centralizes device and user management, regardless of network size. (D)

What is the first step to adding a login script to Active Directory?

Write a script to perform the tasks that are to be automated. (B)

What must be selected in Group Policy Management to create a login script?

The OU that the script will run on. (A)

When creating a login script, where would you place the script file?

In a shared network location accessible by all users, such as the Netlogon directory. (D)

What should be done on a user's desktop to see if a new group policy has been applied?

Restart the computer. (D)

What is the primary purpose of a user profile in the context of Active Directory and Windows?

To store the user's desktop settings, application data, and other personalized configurations. (A)

If a user is part of the Shipping and Receiving department but needs additional access to run reports, what is the most efficient way to manage this in Active Directory?

Create a new security group named 'Shipping and Receiving Managers,' grant it report-running permissions, and add the user to this group. (D)

What is the main advantage of centralizing user home folders on a network server rather than having them stored locally on each user's computer?

It simplifies the process of backing up user data, as all files are in a central location. (C)

How can an administrator pre-create home folders for all users in an OU on a network share named \\server\homes?

Use a script that iterates through each user in the OU, creating a folder with the user's username as the folder name. (A)

If a user is working offline with files redirected through Folder Redirection, what happens when they reconnect to the network?

The changes are automatically synchronized between the local copy and the network server. (B)

What is the purpose of specifying a root path when configuring Folder Redirection in Group Policy?

To specify the network share where the redirected folders will be placed. (D)

What is the function of the Netlogon directory in Active Directory?

Storing logon scripts. (D)

What is the purpose of the gpupdate /force command?

To ensure that all policies for that user are updated. (D)

After modifying a user's profile in Active Directory Users and Computers, what is the next step to apply the changes?

Log off and then log back on. (A)

What happens after adding a user to a security group?

The user needs to log off and back on to receive the rights and permissions. (B)

What should be done for a Windows 10 computer to obtain an evaluation version of Windows?

Download an evaluation version from Microsoft. (A)

How does Active Directory primarily ensure network security when a user attempts to log in?

By cross-referencing the provided credentials against those stored in its central database. (A)

What is a key benefit of managing a domain database through organizational units (OUs)?

It enables the application of specific policies to different sets of users and computers. (A)

In an Active Directory environment, what should you do to ensure a newly created group policy object (GPO) is applied to users in a specific OU?

Ensure the GPO is linked to the specific OU. (D)

If a user is not receiving an expected login script, what is the most likely first step in troubleshooting the issue?

Verify the script is correctly assigned to the user's OU in Group Policy Management. (A)

How can administrators ensure that users automatically have a specific network drive mapped each time they log in to the domain?

By creating a login script through Group Policy Management that maps the drive. (A)

What is the outcome of configuring a user's home folder to a network share using the %username% variable?

Each user gets a uniquely named folder within the network share based on their username. (D)

What benefit does Folder Redirection offer in managing user data within a domain environment?

It allows administrators to centrally manage and back up user documents and settings. (B)

What is a potential challenge when redirecting user folders to a network server, especially for mobile users?

Inability to access files when not connected to the network. (C)

How does Windows mitigate the issue of accessing redirected folders when a user is offline?

By using Offline Files, which caches copies of the files locally and synchronizes changes when back online. (B)

What is the primary reason for utilizing security groups to manage permissions in Active Directory?

To simplify the process of assigning rights to multiple users simultaneously. (B)

Where can you configure settings, like login scripts and folder redirection, within Group Policy?

Group Policy Management Editor (B)

What command is used to manually refresh Group Policy settings on a user's computer?

gpupdate (D)

An IT administrator modifies a group policy to prevent access to the Control Panel. What command should be run on a client computer to immediately apply this change without requiring a logoff?

gpupdate (A)

Which directory within the Active Directory domain stores login scripts that are replicated to domain controllers?

SYSVOL (A)

You need to apply a single, specific setting to a small group of users without affecting others in their OU. What is the recommended approach?

Use security filtering on a Group Policy Object (GPO). (D)

Flashcards

Active Directory

A database of everything configured on a network, including users, computers, and printers.

Windows Domain

A name associated with a group of users, computers, and printers on a network.

Organizational Units (OUs)

A way to manage users and computers in a large organization by grouping them.

Login Scripts

Automates tasks using scripts when a user logs in, like mapping drives or sharing printers.

Centralized Shared Drive

A centralized network share for users to store files, ensuring data backup and protection.

Folder Redirection

Redirects folders like ‘Documents’ to a network server, centralizing user data and enabling backups.

Security Groups

Streamlines permission management by assigning rights to groups instead of individual users.

gpupdate

A Windows utility that updates group policies.

gpupdate /force

Used with 'gpupdate' to ensure all group policies update.

Study Notes

Active Directory Overview

• Active Directory is the foundation of most corporate networks.
• It centrally manages a database containing all network configurations, including users, computers, and printers.
• It serves as a central authentication database where user credentials are verified against stored credentials when logging into the domain.
• Centralizes access control by assigning permissions to users or groups.
• It is frequently accessed to reset passwords or manage accounts.
• The terms Active Directory and Windows domain are often used interchangeably.

Windows Domain

• A Windows domain is a named group of users, computers, printers, and network resources.
• All domain information is stored in a central database accessed through the Active Directory service.
• It provides a central point for troubleshooting and gathering network information.

Windows Server Configuration

• A Windows Server can be configured to run an Active Directory domain.
• This includes Active Directory Domain Services, DNS, and file and storage services.
• The domain can manage many users and computers through organizational units (OUs).

Organizational Units (OUs)

• OUs are used to manage users and computers in large organizations.
• Users can be grouped into single OUs or separated by department.
• The structure of OUs is customizable based on organizational needs (e.g., by country, state, building, or department).
• Policies can be applied to specific OUs, which enables different configurations for different locations or departments.
• OUs can be structured in a hierarchy to apply policies at different levels.
• Group Policy Management tool to view and manage OUs
• Active Directory Users and Computers tool shows the list of users and computers and their corresponding OUs.

Login Scripts

• Login scripts can automate tasks each time a user logs in.
• Common uses include mapping drives or sharing printers automatically.
• Scripts are applied to specific OUs via Group Policy Management.
• Located under User Configuration > Policies > Windows Settings > Scripts in the Group Policy Editor.
• Different scripts can be assigned to different OUs to customize the user experience.

Practical Example: Mapping a Drive with a Login Script

• A batch file is created containing the net use command.
• For example: net use G: SGC-ADfiles
• The script is added to the Logon properties in the Group Policy Editor for the desired OU.
• When a user in that OU logs in, the script runs and maps the drive automatically.

Managing Windows Configurations with Group Policy Editor

• A vast number of Windows configurations can be changed from the Group Policy Editor.
• Includes adding login scripts and modifying Windows behavior and appearance.
• Group policies can be viewed from the Group Policy Management front end and edited with the Group Policy Management Editor.
• Allows management of devices and users across the entire domain.
• The gpupdate utility can be used to apply policy changes without requiring a logoff; gpupdate /force updates all group policies.

Centralized User File Storage

• A central network drive can be created for users to store all their files.
• It allows network administrators to back up user data more effectively.
• User profiles can be modified to redirect the home location to this centralized network share.
• To configure, use Active Directory Users and Computers.
• Multiple users can be selected and edited at once to change their profile settings.

Home Folder Configuration

• In the Profile tab, the Home Folder option can be used to connect a drive (e.g., H:) to a specified network share.
• A variable like %username% can be used to create individual folders for each user.
• For example: SGC-ADHome%username%
• This ensures each user has a unique home directory on the network share.

Folder Redirection

• Redirects standard Windows folders (e.g., Desktop, Documents, Music) to a server location.
• Useful with laptops as Windows includes options to use files in an offline mode.
• Configured through Group Policy under User Configuration > Policies > Windows Settings > Folder Redirection.

Implementing Folder Redirection

• Create a new GPO (e.g., Documents Redirection)
• Edit the properties of the Documents folder.
• Choose the option to perform a basic redirection for all users to the same location.
• Specify a root path such as SGCHome along with the username variable.
• Each user's Documents folder will be redirected to a subdirectory named after their username.

Verifying and Applying Folder Redirection

• Before changes, check the current location of the Documents folder in Properties > Location.
• Use gpupdate /force in the Command Prompt to update the group policies.
• After the update and a logoff/logon, the Documents folder will be redirected to the specified network location.

Security Groups

• Instead of configuring individual user permissions, create security groups.
• Assign rights and permissions to the group, then add users to the group.
• Simplifies management and ensures consistent permissions across users with similar roles.
• Active Directory Users and Computers contains a number of pre-existing groups that can be supplemented with additional, custom groups.