How should you configure Group Policy for the ABC_Admin and ABC_Sales OU?

You are working as an administrator for ABC.com. The network consists of a single Active
Directory domain named ABC.com. All server run Windows Server 2003 and all client computer
run Windows XP Professional.
The ABC.com departments are organized into organizational units (OUs). The Administration OU
is named ABC_ADMIN, and the Sales OU is named ABC_SALES. All file servers for all
departments are located in their respective OUs. The ABC_SALES OU is a child OU of the
ABC_ADMIN OU.
A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be

highly secure. All communications with ABC-ADMIN servers should be encrypted. The security
policy also states that auditing should be enabled for file and folder deletion on Sales servers.
Communications with the Sales servers should not be encrypted.
How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? Choose three.

You are working as an administrator for ABC.com. The network consists of a single Active
Directory domain named ABC.com. All server run Windows Server 2003 and all client computer
run Windows XP Professional.
The ABC.com departments are organized into organizational units (OUs). The Administration OU
is named ABC_ADMIN, and the Sales OU is named ABC_SALES. All file servers for all
departments are located in their respective OUs. The ABC_SALES OU is a child OU of the
ABC_ADMIN OU.
A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be

highly secure. All communications with ABC-ADMIN servers should be encrypted. The security
policy also states that auditing should be enabled for file and folder deletion on Sales servers.
Communications with the Sales servers should not be encrypted.
How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? Choose three.

A.
Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_ADMIN
OU.

B.
Configure a GPO to enable the Audit object access audit policy on computer objects. Link this
GPO to the ABC_SALES OU.

C.
Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_Sales
OU.

D.
Configure a GPO to enable the Audit object access audit policy on computer objects. Link this
GPO to the ABC_ADMIN OU.

E.
Block group policy inheritance on the ABC_ADMIN OU.

F.
Block group policy inheritance on the ABC_SALES OU.

Explanation:
The Hisecws.inf security template increases security on a server. One of the
security settings is to require secure encrypted communications. A GPO with this template needs
to be applied to the ABC_ADMIN OU. We dont want those settings applying to the ABC_SALES
OU though so we need to block inheritance on the ABC_SALES OU. We need to apply a GPO to
the ABC_SALES OU to apply the auditing settings.
Audit Object Access
A user accesses an operating system element such as a file, folder, or registry key. To audit
elements like these, you must enable this policy and you must enable auditing on the resource
that you want to monitor. For example, to audit user accesses of a particular file or folder, you
display its Properties dialog box with the Security tab active, navigate to the Auditing tab in the
Advanced Security Settings dialog box for that file or folder, and then add the users or groups
whose access to that file or folder you want to audit.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft
Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapters 9
and 10



Leave a Reply 0

Your email address will not be published. Required fields are marked *