Your network contains an Active Directory domain named contoso.com.
The domain contains two global groups named Group1 and Group2. A user named User1 is a member of
Group1
You have an organizational unit (OU) named OU1 that contains the computer accounts of computers that
contain sensitive data. A
Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named
Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table.
You need to prevent User1 from signing in to Computer1. What should you do?
A.
From Default Domain Policy, modify the Allow log on locally user right
B.
On Computer1, modify the Deny log on locally user right.
C.
From Default Domain Policy, modify the Deny log on locally user right
D.
Remove User1 to Group2.
Explanation:
https://technet.microsoft.com/en-us/library/cc957048.aspx
“Deny log on locally”
Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment
Determines which users are prevented from logging on at the computer.
This policy setting supercedes the Allow Log on locally policy setting if an account is subject to both
policies.
Therefore, adding User1 to Group2 will let User1 to inherit both policy, and then prevent User1 to sign in to
Computer1.
adding User1 to Group2 will let User1 to inherit both policy, non REMOVE, coglionazzi