Home » Microsoft » 70-647 » What should you recommend?
Your network consists of one Active Directory domain that contains servers that run Windows Server 2008 R2. The relevant servers are configured as shown in the following table. (Click the Exhibit)
All client computers are members of the domain and run Windows 7. All users have accounts in the domain.
You need to recommend a solution that enables all client computers to automatically request and install computer certificates.
What should you recommend?
A. On Server2, implement the Network Device Enrollment Service.
B. On Server2, implement certification authority Web enrollment support.
C. On Server1, enable auto-enrollment in the User Configuration section of the Default Domain Policy.
D. On Server1, enable auto-enrollment in the Computer Settings section of the Default Domain Policy.
Correct Answer: D
Explanation/Reference:
Explanation:
To enable all client computers to automatically request and install computer certificates, you need to enable the Autoenrollment Settings Policy under Public Key Policies on Server1 in the User Configuration section of the Default Domain
Autoenrollment automatically downloads root certificates and cross-certificates from the Active Directory whenever a change is detected in the directory, or when a different domain controller is contacted. If a third party root certificate or cross-certificate is deleted from the local machine store, Autoenrollment will not download the certificates again until a change occurs in Active Directory, or a new domain controller is contacted.
Reference: Certificate Autoenrollment in Windows XP / Configuring Group Policy
http://technet.microsoft.com/en-us/library/cc732311.aspx
