Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1.You add the account to the
local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you.connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders,
you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer
Management.
What should you configure on Server2?
A.
From Server Manager, modify the Remote Management setting.
B.
From Local Users and Groups, modify the membership of the Remote Management Users group.
C.
From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D.
From Registry Editor, configure the LocalAccountTokenFilterPolicy registry value.
Explanation:
The LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to
remotely administer the computer.
http://support.microsoft.com/kb/942817
Really ? I don’t get it. There’s already a blocking policy linked to the domain. I would have chosen A so that the local Group policy is bypassed by the newly joined domain Group policy. Does anyone have an explanation as to why B ?
I might be wrong but I think the given answer is correct.
“Local administrator accounts other than the built-in Administrator account may not have rights to manage a server remotely, even if remote management is enabled. The Remote User Account Control (UAC) LocalAccountTokenFilterPolicy registry setting must be configured to allow local accounts of the Administrators group other than the built-in administrator account to remotely manage the server.”
https://support.microsoft.com/en-us/kb/942817
https://technet.microsoft.com/en-us/library/hh831453.aspx