What should you recommend?

Your company has a main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office.
Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administrators only their member servers. You deploy one read-only domain controller (RODC) in each branch office.

You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers.

The solution must meet the following requirements:
Branch office administrators must be granted rights on their local domain controller only.
Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows
updates.

What should you recommend?

Your company has a main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office.
Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administrators only their member servers. You deploy one read-only domain controller (RODC) in each branch office.

You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers.

The solution must meet the following requirements:
Branch office administrators must be granted rights on their local domain controller only.
Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows
updates.

What should you recommend?

A.
Add each branch office administrator to the Administrators group of the domain.

B.
Add each branch office administrator to the local Administrators group of their respective domain controller.

C.
Grant each branch office administrator Full Control permission on their domain controller computer object in Active Directory.

D.
Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control
permission on the new OU.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Homer Simpson

Homer Simpson

Domain controllers including RODCs do not have a local administrators group!

Homer Simpson

Homer Simpson

Correction! You can, but you have to use a cli. The command you need is

net localgroup Administrators /add {domain}\{user}