Home » Microsoft » 70-640 » What should you do?
Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web.
You configure and test new security settings for Internet Information Service (IIS) Servers on a server named IISServerA.
You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit.
What should you do?
A. Run secedit /configure /db iis.inf from the command prompt on IISServerA, then run secedit /configure / db webou.inf from the comand prompt.
B. Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.
C. Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the comand prompt.
D. Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.
Correct Answer: B
Explanation/Reference:
http://www.itninja.com/blog/view/using-secedit-to-apply-security-templates
Using Secedit To Apply Security Templates
Secedit /configure /db secedit.sdb /cfg"c:tempcustom.inf" /silent >nul
This command imports a security template file, "custom.inf" into the workstation’s or server’s local security database. /db must be specified. When specifying the default secuirty database (secedit.sdb,) I found that providing no path worked best. The /cfg option informs Secedit that it is to import the .inf file into the specified database, appending it to any existing .inf files that have already been imported to this system. You can optionally include an /overwrite switch to overwrite all previous configurations for this machine. The /silent option supresses any pop-ups and the >nul hides the command line output stating success or failure of the action.