Your network contains an Active Directory domain named contoso.com. The domain functional level is
Windows Server 2012 R2.
You need to secure several high-privilege user accounts to meet the following requirements:
Prevent authentication by using NTLM.
Use Kerberos to verify authentication request to any resources.
Prevent the users from signing in to a client computer if the computer is disconnected from the domain.
What should you do?
A.
Create a universal security group for the user accounts and modify the Security settings of the group.
B.
Add the users to the Windows Authorization Access Group group.
C.
Add the user to the Protected Users group.
D.
Create a separate organizational unit (OU) for the user accounts and modify the Security settings of the OU.