What should you recommend?

Your Company has a main office and 10 branch offices. The network consists of one Active Directory
domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. Each
branch office contains one member server. Branch office administrators in each branch office are
assigned the necessary rights to administer only their member servers. You deploy one read-only
domain controller (RODC) in each branch office. You need to recommend a security solution for the
branch office Windows Server 2008 R2 domain controllers. The solution must meet the following
requirements:
• Branch office administrators must be granted rights on their local domain controller only.
• Branch office administrators must be able to administer the domain controller in their branch
office. This includes changing device drivers and running Windows updates.
What should you recommend?

Your Company has a main office and 10 branch offices. The network consists of one Active Directory
domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. Each
branch office contains one member server. Branch office administrators in each branch office are
assigned the necessary rights to administer only their member servers. You deploy one read-only
domain controller (RODC) in each branch office. You need to recommend a security solution for the
branch office Windows Server 2008 R2 domain controllers. The solution must meet the following
requirements:
• Branch office administrators must be granted rights on their local domain controller only.
• Branch office administrators must be able to administer the domain controller in their branch
office. This includes changing device drivers and running Windows updates.
What should you recommend?

A.
Add each branch office administrator to the Administrators group of the domain.

B.
Add each branch office administrator to the local Administrators group of their respective domain
controller.

C.
Grant each branch office administrator Full Control permission on their domain controller
computer object in Active Directory.

D.
Move each branch office domain controller computer object to a new organizational unit (OU).
Grant each local administrator Full Control permission on the new OU.

Explanation:
To allow branch office administrators to manage their local domain controller only, change device
drivers, and run Windows updates, you need to add each branch office administrator to the local
Administrators group of their respective domain controller. The users of Local administrator group
have administrative rights on their local domain controllers to manage several machines to perform
all necessary administrative tasks but they have restricted rights as compared to domain
administrators.
Adding a group to the local administrators group
http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/0
4/23/adding-a-group-to-the-local-administrators-group.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *