Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:
The servers in both forests run Windows Server 2008.
A forest trust exists between the fabrikam.com forest and the contoso.com forest.
Fabrikam.com has a server named server1.fabrikam.com.
Contoso.com has a global group named ContosoSales.
Users in the ContosoSales global group access an application on server1.fabrikam.com.
You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain.
You need to implement an authentication solution to meet the following requirements:
– Users in the ContosoSales global group must be able to access server1.fabrikam.com.
– Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest.
– All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.
What should you do?
A.
Replace the existing forest trust with an external trust between the contoso.com domain and the fabrikam.com domain. On the server1.fabrikam.com computer object, grant the Allowed to Authenticate permission to the ContosoSales global group.
B.
Replace the existing forest trust with an external trust between the contoso.com domain and the fabrikam.com domain. In the local security policy of server1.fabrikam.com, assign the Access this computer from the network user right to the ContosoSales global group.
C.
Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication only for selected resources in the local domain. On the server1.fabrikam.com computer object, grant the Allowed to Authenticate permission to the ContosoSales global group.
D.
Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication only for selected resources in the local domain. In the local security policy on server1.fabrikam.com, assign the Access this computer from the network user right to the ContosoSales global group.