Basic User Strategy for enforcing restrictions that prevents any application from running that requires administrative rights, but allows programs to run that only require resources that are accessible by normal users. Certificate rule Software restriction rule that uses the signing certificate of an application to allow software from a trusted source to run or to prevent software that does not come from a trusted source from running.
Certificate rules also can e used to run programs in disallowed areas of the operating system. Disallowed Strategy for enforcing restrictions that prevents all applications from running except those that are specifically allowed. Distribution share Shared folder that is a network location from which users can download software. Also known as the software distribution point. File-activated installation Method of distributing applications whereby an application is installed when a user opens a file associated with an application that does not currently exist on the users workstation. Ash Series of bytes with a fixed length that uniquely identifies a program or ill. Hash algorithm Formula that generates a hash value. Hash rule Software restriction rule applied to an application executable that will check the file’s hash value and prevent the application from running if the hash value is incorrect. Hash value Value generated by a formula that makes it nearly impossible for another program to have the same hash. Install This Application At Logon Deployment option that allows the application to be installed immediately rather than advertised on the Start menu. MIS file Relational database file that is copied to the target computer system with the program files it deploys. In addition to providing installation information, this database file assists in the self-healing process for damaged applications and clean application removal. Network zone rule Software restriction rule that allows only Windows Installer packages to be installed if they come from a trusted area of the network. Patch files Windows Installer files with the . MSP extension that are used to apply service packs and hotboxes to installed software. Tat rule Software restriction rule that identifies software by specifying the directory path where the application is stored in the file system. Publish Option used to deploy applications. It allows users to install the applications that they consider useful to them. Repackaging Process of preparing software for . MIS distribution, which includes taking a snapshot of a clean computer system before the application is installed, installing the application as desired, and taking a snapshot of the computer after the application is installed. Elf-healing If notion that allows software to detect and correct problems, such as missing or deleted files. Software life cycle Process that takes place from the time an application is valuated for deployment in an organization until the time when it is deemed old or no longer suitable for use. System Development Life Cycle (OSDL) Structured process used to develop information systems software, projects, or components; phases include analysis, design, implementation, and maintenance.
Unrestricted Strategy for enforcing restrictions that allows all applications to run except those that are specifically excluded. . Zap file Nan-Windows Installer package that can be created in a text editor. Knowledge Assessment Matching Match the following definitions with the appropriate term. . B. C. D. E. .Zap file. Publish Assign g. Self-healing Basic User h. Distribution share hash i. .MIS file path ruler. Hash rule 1 . This feature of Group Policy software installation will automatically reinstall critical application files if they are accidentally or maliciously deleted. 2. Group Policy software installations rely on this file type to create an installation package that can be cleanly Assigned and Published and that has self-healing capabilities. i 3. This Default Security Level in Software Restriction Policies will disallow any executable that requires administrative sights to run. C 4. This Group Policy software installation option is not available in the Computer Configuration node. F 5. When deploying software with Group Policy, you need to create one or more of these to house the installation files for the applications that you wish to deploy. 6. This software restriction policy rule will prevent executables from running if they have been modified in any way by a user, virus, or piece of mallard. J 7. If you need to deploy a software installation package that does not have an . MIS file available, you can create one of these as an alternative. 8. This describes a series of bytes with a fixed length that uniquely identifies a program or file. D 9. This software restriction policy rule will allow or prevent applications from running that are located within a particular folder or suborder. 10.
This GPO software installation method can be used to automatically install an application when a computer starts up or a user logs in. B Multiple Choice Circle the correct choice. 1. Which of the following rule types apply only to Windows Installer packages? A. Hash rules b. Certificate rules c. Internet zone rules d. Path rules Internet Zone rules in a Software Restriction Policy can only be applied to Microsoft Software Installation files, which are installer files that end in a . MIS file extension. 2. Which file type is used by Windows Installer? A. .Info b. Bat c. .Ms d. MIS file Microsoft Software Installation files end in a . MIS file extension. 3. Which of the following is not one of the Default Security Levels that can be used with a software restriction policy? A. Basic User b. Unrestricted c. Restricted d. Disallowed Restricted is not a default security level that can be applied within a Software Restriction Policy. 4. As part of your efforts to deploy all new applications using Group Policy, you discover that several of the applications you wish to deploy do not include the necessary installer files. What can you use to deploy these applications? . Software restriction policies b. .MIS files c. .Mad files d. .Zap files If an application that you want to deploy via GPO does not possess an MIS installer file, you can create a ZAP installation file that will have limited capabilities within GPO software installation. 5. Which of the following describes the mathematical equation that creates a digital “fingerprint” of a particular file? . Hash rule b. Hash algorithm c. Software restriction policy d. Path rule A hash algorithm describes the mathematical equation used to create a digital fingerprint, or hash, of a particular file. 6.
Which of the following rules will allow or disallow a script or a Windows Installer file to run on the basis of how the file has been signed? A. Path rule b. Hash rule c. Network zone rule d. Certificate rule A certificate rule within a Software Restriction Policy will allow or prevent executables from running on the basis of the PKZIP certificate used with the software. 7. You wish to deploy several software applications using Group Policy, such that the applications can be manually installed by the users from the Add/ Remove Programs applet in their local Control Panel. Which installation option should you select? . Assign b. Disallowed c. Publish d. Unrestricted By Publishing software via GPO, users have the option to add the published software manually via the Add/Remove programs Control Panel applet. 8. You have assigned several applications using Goops. Users have complained that there is a delay when they double-click on the application icon, which you know s the result of the application being installed in the background. What option can you use to pre-install assigned applications when users log on or power on their computers? A. Install when the application falls out of scope b.
Install This Application At Logon c. Advanced Installation Mode When publishing software via GPO, the Install this application at logon option automatically installs all assigned software when the user first logs on, preventing subsequent delays when double-clicking a file associated with an assigned application for the first time. 9. Which of the following is used to evolve information systems software through a structured process that includes analysis, design, implementation, and maintenance? A. Hash algorithm b. System Development Life Cycle c. Software Restriction Policy d.
Group Policy Object The OSDL is used to analyze, deploy, and maintain an organization’s process for deploying mission-critical and line-of-business applications over time. 10. Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that has not been explicitly enabled by the Active Directory administrator? A. Basic User b. Restricted c. Disallowed d. Power User The Disallowed default security level within a Software Restriction Policy prevents any software from running that an administrator has not explicitly permitted to run.
Lesson 10 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Common Information Management Object Model (COM) Database used through Windows Management Instrumentation that contains information gathered when a computer starts and becomes part of the network. This information includes hardware, Group Policy Software Installation settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings. Springiest Command-line tool that enables administrators to create and display a Resultant Set of Policy (RSVP) query from the command line.
Group Policy Modeling Group Policy Management feature that uses the Resultant Set of Policy snap-in to simulate the effect of a policy on the user environment. Group Policy Results Feature in Group Policy Management that is equivalent to the Logging mode within the Resultant Set of Policy MAC snap-in. Rather than simulating policy effects, such as the Group Policy Modeling Wizard, Group Policy Results obtains Resultant Set of Policy (RSVP) information from the client imputer to show the actual effects that policies have on the client computer and user environment.
Logging mode Rest Taint Set of Policy (RSVP) mode that queries existing policies in the hierarchy that are linked to sites, domains, domain controllers, and organizational units. This mode is useful for documenting and understanding how combined policies are affecting users and computers. The results are returned in an MAC window that can be saved for later reference. Planning mode Resultant Set of Policy (RSVP) mode that allows administrators to simulate the effect of policy settings prior to implementing them on a imputer or user. Resultant Set of Policy (RSVP) Query engine that looks at Goops and then reports its findings.
Use this tool to determine the effective settings for a user or computer based on the combination of the local, site, domain, domain controller, and OH policies. Windows Management Instrumentation (WHIM) Component of the Microsoft Windows operating system that provides management information and control in an enterprise environment. It allows administrators to create queries based on hardware, software, operating systems, and services. WHIM filtering Filtering method that uses filters written in the WHIM Query Language (WHQL) to control GPO application. WHIM Query Language (WHQL) Language that is similar to structured query language (SQL). . Common Information Management (COM)f. Planning mode b. Superglue. Resultant Set of Policy (RSVP) c. Group Policy Modeling h. Windows Management Instrumentation (WHIM) d. Group Policy Results i. WHIM Filtering e. Logging mode]. WHIM Query Language (WHQL) 1 . This RSVP mode allows administrators to simulate the effect of policy settings prior to implementing them on a computer or user. [FL 2. This command-line utility allows you to create and display an RSVP query from the nomad line. [b] 3. This CPM node is used to simulate the effect of a policy on the user and computer environment and replaces Planning mode in RSVP. C] 4. This method of controlling GPO application uses filters written in the WHIM Query Language (WHQL) to determine whether a particular computer should have a GPO applied to it. [i] 5. This MAC snap-in can be used in two possible modes to report actual or planned GPO settings for a particular user/ computer combination. [g] 6. This CPM node is used to report on the actual GPO settings that are applied to a particular user and computer, and places Logging mode in RSVP. [d] 7. This language, similar to Structured Query Language (SQL), is used to create WHIM filters to control the application of Group Policy. J] 8. This RSVP mode queries existing policies in Active Directory to determine the effective GPO settings that are being applied to a user or computer. [e] 9. This is used by WHIM to retrieve information about computer configuration, including hardware, Group Policy Software Installation Settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings. [a] 10. This is a component of the Microsoft Windows operating system that provides management information and control in an enterprise environment. [h] Multiple Choice 1.
Which Resultant Set of Policy mode queries existing Goops linked to sites, domains, and US to report on currently-applied GPO settings? A. Planning mode b. Logging mode c. Extant mode d. Event Viewer mode RSVP Logging mode returns reporting results in an MAC window that can be saved for later reference. 2. What provides a common framework that can be used to query servers and workstations for information about specific hardware r software, such as RAM, hard drive space, running services, and installed software? A. Common Information Management Object Model (COM) b.
Resultant Set of Policy (RSVP) c. Windows Management Instrumentation (WHIM) d. Group Policy Objects Windows Management Instrumentation (WHIM) can be used to provide management and control information across an entire enterprise through the use of command-line and script-based queries. 3. Which CPM component provides information analogous to Planning Mode in the Resultant Set of Policy MAC snap-in? A. Group Policy Modeling b. Group Policy Results c. Group Policy Management Editor d. Group Policy Object Editor The Group Policy Modeling node of the CPM can model ‘What-if? Scenarios based on user and computer group membership, site location, WHIM filtering, and other Group Policy configuration items. 4. Which tool can be used to obtain effective Group Policy information from the command line? A. Suppurated b. Seceded c. Nets d. Superglue Superglue. Exe runs from the command line to produce results similar to the Resultant Set of Policy (RSVP) Wizard, allowing you to automate the collection of this type of information through login scripts or other automation tools. . Which Resultant Set of Policy mode can be used to obtain Group Policy Modeling information? . Logging mode b. Planning mode c. Event Viewer mode d. Design mode Both Group Policy Modeling and Planning mode in the Resultant Set of Policy snap-in can be used to model potential GPO changes based on group membership, OH location, site location, and other configurable choices. 6. Which database contains information used by Windows Management Instrumentation? A. Resultant Set of Policy (RSVP) SPOOL . Common Information Management Object Model (COM) Group Policy Container (GAP) The COM database contains information gathered when a computer starts and becomes part of the network. . What is a GIG-II-based query engine that looks at a configured GPO in a forest and then reports its findings? A. Resultant Set of policy (RSVP) b. Superglue c. Suppurated d. Group Policy Management Editor The Resultant Set of Policy MAC snap-in contains two separate modes: planning mode and logging mode. 8. What language is used to write WHIM queries? A. SQL b. T-SQL c. Postscript d. WHQL The WHIM Query Language (WHQL) is a SQL-based language that has been simplified. Use WHIM filters written in WHQL to exercise fine control on Goops applied in an Active Directory environment. 9.
Which node within the Group Policy Management Console provides the effective policy settings applied to a particular user/computer combination? A. Group Policy Modeling The Group Policy Results node within the CPM queries a specific user/computer combination and reports on the applied GPO settings based on the user’s and computer’s current configuration. 10. You have a Group Policy Object used to install a particular software application. Because this is a resource-intensive application, you want the software to be installed only on computers that have at east KGB of RAM.
What feature can you use to restrict the application of this GPO to computers that meet this criterion? A. Security group filtering b. WHQL filtering c. WHIM filtering d. COM filtering You can link a maximum of one WHIM filter per GPO, but you can use a single WHIM filter to control the application of multiple Group Policy Objects. Lesson 11 Active Directory Maintenance, Troubleshooting, and Disaster Recovery Key Terms Disabled MAC snap-in that is a graphical tool used to verify the current functional level and perform low-level Active Directory editing. This tool can be seed to add, delete, and edit Active Directory objects. Authoritative restore Restore operation that marks the object or container as the authoritative source of the objects in question, which will overwrite the tombstones that have been replicated to other domain controllers and effectively revive the deleted objects. Back-links Reference to an attribute within another object that will also need to be restored with the object. Bisected Command-line utility used to manage Boot Configuration Data (BCC) stores. Boot Configuration Data (BCC) Store that describes boot applications and boot application settings and replaces the boot. i file in previous versions of Windows. Boot volume Volume that hosts the Windows operating system and the registry. Bottoms. Exe Windows boot loader. Checkpoint file File used as a reference for database information written to disk. In a case in which Active Directory needs to be recovered from a failure, the checkpoint file is used as a starting point. Copy backup Backup type that retains the Application log files on the local server. This backup type should be implemented if a third-party backup tool is used in addition to Windows Server Backup. Critical volumes Volumes that should be backed up. Fragmentation Process of taking fragmented database pieces and rearranging them contiguously to make the database more efficient. Directory Services Restore Mode Special startup mode used to run an offline differentiation. Decals Command-line tool that can be used to display or modify permissions of an Active Directory object. In effect, it is equivalent to an object’s Security tab. Db. Log Log file that stores a transaction until it can be written to the actual database. A transaction log file has a default size of 10 MBA. Extensible Storage Engine (SEES) Database engine responsible for managing hangers to the Active Directory database. Argumentation Condition of a disk when data from the database is divided into pieces scattered across the disk. Garbage collection Process that removes all tombstones from the database. LDAP Graphical support tool that provides a much more detailed method of adding, removing, searching, and modifying the Active Directory database. Manual backup Backup initiated by using Server Backup or the Waveband. Exe command-line tool. Enlist Command-line tool that is typically used to verify trusts and check replication. Interrogative restore Restores a single Active Directory domain controller o its state before the backup.
This method can be used to restore a single domain controller to a point in time when it was considered to be good. Offline differentiation A manual process that defragmenters the Active Directory database in addition to reducing its size. Online differentiation Automatic process of taking fragmented database pieces and rearranging them contiguously that occurs during the garbage collection process. Performance counters Data item associated with a performance object to monitor the specific process or event to be tracked. Performance objects Reliability and Performance Monitor categories used to organize items that can be monitored.
Reliability and Performance Monitor Tool located within the Administrative Tools folder that enables administrators to collect real-time information on the local computer or from a specific computer that they have permission to access. Repaired Command-line tool that can check replication consistency between replication partners, monitor replication status, display replication metadata, and force replication events and Knowledge Consistency Checker (KC) recalculation. Restorable Active Directory Domain Services (Restorable AD ADS) Windows
Server 2008 feature that enables administrators to start, stop, and restart Active Directory, similar to any other service on a server scheduled backup Backup using the Windows Server Backup utility or the Waveband. Exe command-line tool. Scheduled backups will reformat the target drive that hosts the backup files and thus can only be performed on a local physical drive that does not host any critical volumes. System volume.
