70-215 QOTD 03/05/2004

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by AJ, May 3, 2004.

  1. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    A user named Susan needs to encryp her files that are stored on serveral W2K file servers. Because of the sensitive nature of her work, Susan is allowed to interactively log onto each of the file servers and to access her files locally. She is not allowed remote access to these files. After the files have been encrypted, she should be able to edit the files and then save the edited versions with the encryption in place.

    Which of the following should you do to provide Susan with the required functionality? (only 1 answer)

    a. Nothing needs to be done. Susan can encrypt and decrypt any file that she owns on any file server to which she has access.

    b. Enable the file servers to be trusted for delegation.

    c. Create a roaming user profile for Susan.

    d. Implement a certification authority (CA)

    Answer tomorrow :D
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  2. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    im gonna go with A
    sounds about right

    b) not sure why you would need to edit the servers in order for a user to encrypt her files

    c) again not sure why this would matter either

    d) CA isnt required for EFS as far as i recall
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  3. nugget
    Honorary Member

    nugget Junior toady

    I'll choose A too.
    I am not too sure why the others matter when she logs on locally to the fileservers anyway.
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  4. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    A sounds about right. If she's allowed to interactively log on to each individual server, then she has access rights to each separate box. Once she creates files on each server,as the owner, she can encrypt and unencrypt the files at will.
    Certifications: A+ and Network+
  5. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    A for me too
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  6. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    A for me as well, but with the proviso that she has already enabled encryption manually for the file(s). This is not set as default on w2k, and can not be used in conjunction with w2k compression.

    Also, I trust we have an up to date Recovery Agent on hand somewhere on the network , just in case Susan has a blonde day ?

    Sorry to be so picky, AJ - take it as a complement. Your really mirroring the MS question style well, so we have to be damn sure our reasoning is correct. Well done :)
    Certifications: MCP, A+, Network+
    WIP: Clarity
  7. Phil
    Honorary Member

    Phil Gigabyte Poster

    A for me too.
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  8. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    Right answer time correct answer is A

    Encrypting File System (EFS) generates a unique file encryption key for each file that is encrypted. After the file has been encrypted, the file encryption key is encrypted with the user's public key. To decrypt the file, EFS must first decrypt the file encryption key using the user's private key. Both the public and private key are associated with the user's certificate, which can be issued by either the CA or by EFS if no CA is available. The certificate and the keys are stored in the user's profile. When Susan interactively logs on to a file server for the first time, her local user profile is created on that computer. The first time she encrypts a file on that compter, a copy of her certificate will be installed in her local profile. Therefore, she can log on interactely to her domain users account from any of the file servers and encrypt and decrypt any of her files on those computers. If Susan had to encrypt and decrypt files on a remote server while she is logged on to her workstation, then the remote server would have to be trusted for delegation in order to access Susan's certificate and the associated keys in her local user profile on her workstation. A roaming user profile is a profile that is stored somewhere on a network share and is loaded whenever the user logs on to his or her domain account from different computers. The path to a roaming profile is specified in the user's account properties. If Susan were assigned to several workstations in the company from which she had to encrypt and decrypt her files on a remote file server, then the remote server would have to be trusted for delegation and Susan would have to use a roaming rpofile. In that case, her certificate would be downloaded together with the profile to that workstation that she would be using, and then the certificate would be destoyed when she logged off or when the computer was restarted.

    Try here for a step by step guide on EFS.
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.