question for 70-294 Exam!

huddahudda Member Posts: 101
I was working on lab I have problem on this question, if any one know please.

Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?

Thanks

Comments

  • SmallguySmallguy Member Posts: 597
    If I understand ou correctly

    you have to right clcik on the OU > go tp properties > then iunto your policy> create new(make it a menaingfull name)> then edit it is under security settings and then LAN Manager (pretty sure)

    if memory serves me corectly you wants to use NTLM V2 /refuse LM as lm is the least secure


    I don;t have a 2003 box here right now so I'm going by memory. I looked on our 2000 DC but i'm not sure if the setingare are identical or not
  • eurotrasheurotrash Member Posts: 817
    Depending on the client OSs and then again whether authentication is meant as authentication to the domain, Kerberos would be the most secure.
    witty comment
  • baracusbaracus Member Posts: 50 ■■□□□□□□□□
    You must enforce this with a GPO. Create/link a GPO to the OU. Then configure the setting

    Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options->Network Security:Lan Manager Authentication Level

    Set this to Send NTLMv2 response only\Refuse LM & NTLM

    Hope this helps.

    hudda wrote:
    I was working on lab I have problem on this question, if any one know please.

    Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?

    Thanks
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    baracus wrote:
    You must enforce this with a GPO. Create/link a GPO to the OU. Then configure the setting

    Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options->Network Security:Lan Manager Authentication Level

    Set this to Send NTLMv2 response only\Refuse LM & NTLM

    Hope this helps.

    hudda wrote:
    I was working on lab I have problem on this question, if any one know please.

    Server in an OU named Marketing servers must be able to communicate with all client computers with the most secure authentication protocols. All member servers in the department OU must use the most secure authentication protocols. How do you do that?

    Thanks

    As _omni_ said, it all depends. If all clients were at least Windows 2000, then your response is incorrect as the most secure authentication method would be Kerberos. If your clients were NT4 SP4+, then you'd be able to use NTLMv2 as the most secure. If your clients were 9x, NT4 pre-SP4, you could still use NTLMv2 as the most secure as long as you installed the Active Directory Client Extensions on them.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • huddahudda Member Posts: 101
    Thank you very much All!
Sign In or Register to comment.