You are a network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The company restricts all users so that they can use only authorized applications. All domain users are authorized to use the Microsoft Office suite of applications. Members of a security group named CRM Users are also authorized to use a customer relationship management (CRM) application.
You configure Group Policy objects (GPOs) as shown in the exhibit.
The Office Applications GPO has only the Microsoft Office applications listed as allowed applications.
The CRM Application GPO has only the CRM application listed as an allowed application. The CRM Application GPO has security settings so that it applies only to members of the CRM Users security group. Users who are members of the CRM Users security group report that they cannot run the CRM application.
You need to reconfigure the domain to meet the following requirements: All users must be able to run the Microsoft Office applications. Members of the CRM Users security group must be able to run the CRM application. All users must be prevented from running unauthorized software.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.
Reorder the GPOs so that the CRM Application GPO is higher in the list than the Office Applications
GPO.
B.
Add the Microsoft Office applications to the list of allowed applications in the CRM Application GPO.
C.
Create a new OU. Move the user accounts for all members of the CRM Users security group into this
OU. Link the CRM Application GPO to this OU. Enable the Block Policy inheritance setting for this OU.
Unlink the CRM Application GPO from the domain.
D.
Disable the No Override setting for the CRM Application GPO. Leave the CRM Application GPO linked
to the domain.