You are a security administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computers are members of the domain.
The company has a main office and three branch offices. Each office is configured as an Active Directory site. Each site contains domain controllers. A domain user named Kim reports that she forgot her password. She works in one of the branch offices. A des op support technician in the main office resets Kim’s password, enables the User must change password at next logon option on Kim’s user account, and then tells Kim the new password. Kim attempts to log on by using her new password and reports that she cannot change the password at logon. You investigate the problem. Kim’s user account is not locked out, and it is not disabled. Permissions for the user account are shown in the exhibit. (Click the Exhibit button.)
You need to ensure that Kim can log on and change her password. What should you do?
A.
Assign the SELF group the Allow – Reset Password permission for Kim’s user account.
B.
Assign the SELF group the Allow – Allowed to Authenticate permission for Kim’s user account.
C.
Assign the Everyone group the Allow – Allowed to Authenticate permission for Kim’s user account.
D.
Enable the Let Everyone permissions apply to anonymous users security setting in the domain.
E.
Reset Kim’s password on a domain controller in her branch office.