Your company has file servers located in an organizational unit named Payroll. The file
servers contain payroll files located in a folder named Payroll.
You create a GPO.
You need to track which employees access the Payroll files on the file servers.
What should you do?
A.
Enable the Audit process tracking option. Link the GPO to the Domain Controllers
organizational unit. On the file servers, configure Auditing for the Authenticated Users group
in the Payroll folder.
B.
Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On
the file servers, configure Auditing for the Everyone group in the Payroll folder.
C.
Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit.
On the file servers, configure Auditing for the Everyone group in the Payroll folder.
D.
Enable the Audit object access option. Link the GPO to the domain. On the domain
controllers, configure Auditing for the Authenticated Users group in the Payroll folder.
Explanation:
Answer) Enable the Audit object access option. Link the GPO to the Payroll organizational
unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.http://technet.microsoft.com/en-us/library/dd349800%28v=ws.10%29.aspx
Audit Policy
Establishing an organizational computer system audit policy is an important facet of
information security.
Configuring Audit policy settings that monitor the creation or modification of objects gives
you a way to track potential security problems, helps to ensure user accountability, and
provides evidence in the event of a security breach.
There are nine different kinds of events for which you can specify Audit Policy settings. If you
audit any of these kinds of events, Windows® records the events in the Security log, which
you can find in Event Viewer.
..
Object access. Audit this to record when someone has used a file, folder, printer, or other
object.
..
Process tracking. Audit this to record when events such as program activation or a process
exiting occur.
..
When you implement Audit Policy settings:
..
If you want to audit directory service access or object access, determine which objects you
want to audit access of and what type of access you want to audit. For example, if you want
to audit all attempts by users to open a particular file, you can configure audit policy settings
in the object access event category so that both successful and failed attempts to read a file
are recorded.
Further information:
http://technet.microsoft.com/en-us/library/hh147307%28v=ws.10%29.aspx
Group Policy for BeginnersGroup Policy Links
At the top level of AD DS are sites and domains. Simple implementations will have a single
site and a single domain. Within a domain, you can create organizational units (OUs). OUs
are like folders in Windows Explorer.
Instead of containing files and subfolders, however, they can contain computers, users, and
other objects.
For example, in Figure 1 you see an OU named Departments. Below the Departments OU,
you see four subfolders: Accounting, Engineering, Management, and Marketing. These are
child OUs. Other than the
Domain Controllers OU that you see in Figure 1, nothing else in the figure is an OU.
What does this have to do with Group Policy links? Well, GPOs in the Group Policy objects
folder have no impact unless you link them to a site, domain, or OU. When you link a GPO to
a container, Group Policy applies the GPO’s settings to the computers and users in that
container.