Your network contains an Active Directory domain named contoso.com. All domain
controllers and member servers run Windows Server 2008. All client computers run
Windows 7.
From a client computer, you create an audit policy by using the Advanced Audit Policy
Configuration settings in the Default Domain Policy Group Policy object (GPO).
You discover that the audit policy is not applied to the member servers. The audit policy is
applied to the client computers.
You need to ensure that the audit policy is applied to all member servers and all client
computers.
What should you do?
A.
Add a WMI filter to the Default Domain Policy GPO.
B.
Modify the security settings of the Default Domain Policy GPO.
C.
Configure a startup script that runs auditpol.exe on the member servers.
D.
Configure a startup script that runs auditpol.exe on the domain controllers.
Explanation:
Advanced audit policy settings cannot be applied using group policy to Windows Server
2008 servers. To circumvent that we have to use a logon script to apply the audit policy to
the Windows Server 2008 member servers.
Reference1)
http://technet.microsoft.com/en-us/library/ff182311.aspx
Advanced Security Auditing FAQ
The advanced audit policy settings were introduced in Windows Vista and Windows Server
2008. The advanced settings can only be used on computers running Windows 7, Windows
Vista, Windows Server 2008 R2, or Windows Server 2008.
Note
In Windows Vista and Windows Server 2008, advanced audit event settings were not
integrated withGroup Policy and could only be deployed by using logon scripts generated
with the Auditpol.exe command-line tool. In Windows Server 2008 R2 and Windows 7, all
auditing capabilities are integrated with Group Policy. This allows administrators toconfigure, deploy, and manage these settings in the Group Policy Management Console
(GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU).