Your network contains an Active Directory domain named contoso.com.
The domain contains two global groups named Group1 and Group2. A user named User1 is a member of
Group1
You have an organizational unit (OU) named OU1 that contains the computer accounts of computers that
contain sensitive data. A
Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named
Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table.
You need to prevent User1 from signing in to Computer1. What should you do?
A.
From Default Domain Policy, modify the Allow log on locally user right
B.
On Computer1, modify the Deny log on locally user right.
C.
From Default Domain Policy, modify the Deny log on locally user right
D.
Remove User1 to Group2.
adding User1 to Group2 will let User1 to inherit both policy, non REMOVE, coglionazzi