You are the Exchange administrator for your company. The network consists of a single Active Directory domain.
The Exchange organization contains eight servers that run Exchange Server 2003.
All Exchange servers are member servers, and all are located in the Computers container in Active Directory.
Written company security policies specify the audit settings, event log settings, and security policy settings that must be applied to all Exchange servers.
You need to ensure that the Exchange servers comply with the written security policies.
Your solution must require the minimum amount of administrative effort to maintain. What should you do?
A.
Create the policy settings by using the Local Security Policy tool. Apply the policy settings to the Exchange servers.
B.
Create a security template that matches the policy requirements. Run Secedit.exe to apply the template to the Exchange servers.
C.
Create a new organizational unit (OU) and move all Exchange servers into the OU. Create a Group Policy object (GPO) that applies the policy settings. Link the GPO to the OU.
D.
Create a new Group Policy object (GPO) that defines the policy settings for the Exchange servers. Link the GPO to the Domain Controllers organizational unit (OU). Set a filter on the GPO to apply only to the Exchange servers.
Explanation:
This question is not really an Exchange question, but instead a Group Policy question. The fact that these are Exchange Servers has no bearing on the question or its answer. The easiest solution is to place all the Exchange servers into their own OU, then create a GPO and apply it to the OU.
Incorrect Answers:
A. Applying the policy settings to one computer at a time is administrative intensive, and invites mistakes in implementation. Therefore, this is not the best answer.
B. Creating a security template and applying the template to the Exchange servers also involves a lot of administration, and as more servers are added, the template must be added to each one. That disqualifies this as a possible answer.
D. Creating a GPO and linking it to the domain controllers OU will not work due to the fact that the Exchange servers are in the Computers OU. It would be impossible to filter it to the Exchange Servers for that reason alone. Additionally, a group policy can�t be filtered to one computer. It must be in an OU for filtering to apply.