You have a single Active Directory directory service domain. Web servers are located in an organizational unit (OU) named Web. You need to enforce strong passwords for administrators who log on to domain controllers. You must enforce account lockout policy for administrators who log on locally to Web servers. What should you do?
A.
Configure password and account lockout policy settings in the Default Domain Controllers Policy.
B.
Configure password and account lockout policy settings in the Default Domain Policy.
C.
Configure password policy settings in the Default Domain Controllers Policy. Configure account lockout policy settings in a new Group Policy object (GPO), and then link the GPO to the Web OU.
D.
Configure password policy settings in the Default Domain Policy. Configure account lockout policy settings in a new Group Policy object (GPO), and then link the GPO to the Web OU.