You are the network administrator for your company.The network consists of a single Active Directory domain.
The domain contains an organizational unit (OU) named Webservers.The Webservers OU contains the computer accounts of 12 Windows Server 2003 computers that function as intranet Web servers.A Group Policy object (GPO) named WebserversPolicy is linked to the Webservers OU.The GPO is used to configure various settings on the computers in the OU. A global group named WebserverAdmins is a member of the Administrators local group on each intranet Web server.
You plan to install a security scanning application on each intranet Web server.The documentation for the application states that it uses a service account, which must be able to modify the HKEY_LOCAL_MACHINESYSTEM key in the registry of every computer on which the application is installed.
You create the service account in the domain.The company’s written security policy states that service accounts must be assigned only the minimum rights and permissions that they require to function.
You need to configure the intranet Web servers so that they comply with the installation requirements of the security scanning application.You also need to comply with the company’s security policy.You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A.
Add the service account to the WebserverAdmins global group.
B.
Configure the required permissions as registry security settings in the WebserversPolicy GPO.
C.
Run the regedit.exe command to add the required permissions to the registry of each intranet Web server.
D.
Run the explorer.exe command to modify NTFS permissions on the SystemrootSystem32ConfigSystem file.Assign the service account the Allow – Change permission.
E.
Configure file system security settings in the WebserversPolicy GPO to modify NTFS permissions on the SystemrootSystem32ConfigSystem file.Assign the service account the Allow – Change permission.