You are the administrator for a medium-sized network consisting of 30 servers running Microsoft Windows Server 2003, Standard Edition, and 1,000 computers running a mix of Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. A recent security audit recommends encrypting all network traffic. This morning you implement the Secure Server IPSec policy for the Domain Controllers security policy, and the Client IPSec policy through Group Policy objects for each departmental OU. A few minutes after you complete these changes, you begin receiving an increasing number of calls from users complaining that they cannot log on or access their network files. What should you do?
A. Change the Group Policy objects for the departmental OUs to Secure Server. B. Upgrade all Windows 2000 Professional computers to Windows XP. C. Install Directory Service Client Software on all computers running Windows 2000 Professional. D. Do nothing. The problem will correct itself.
Do nothing. the problem will correct itself. -explanation: the problem will eventually correct itself as the ou group policy objects are applied to the computers and configure them to use ipsec. the domain controllers received their policies before the computers did, and they are blocking access until the computers are configured with ipsec. by default, group policy objects are refreshed every 90 minutes with a 30-minute offset. the exception to that is the domain controller ou group policy, which refreshes every five minutes. to avoid this problem in the future, administrators should configure the departmental ou group policy settings a minimum of two hours before configuring the domain controller ou group policy settings. windows 2000 professional fully supports ipsec and does not need to be upgraded. changing the ipsec policy in the group policy objects will not decrease the refresh interval for the computers. the directory service client is not designed for windows 2000 professional, which natively supports directory service.