You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, and two Windows NT Server 4.0 domain controllers. All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All file servers for the payroll department are located in an OU named Payroll Servers.
The Payroll Servers OU is a child OU of the Finance Servers OU. The company’s written security policy for the finance department states that departmental servers must have security settings that are enhanced from the default settings. The written security policy for the payroll department states that departmental servers must have enhanced security settings from the default settings, and auditing must be enabled for file or folder deletion. You need to plan the security policy settings for the finance and payroll departments.
What should you do?
A.
Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
B.
Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to apply the Hisecws.inf security template to computer objects, and link it to the Payroll Servers OU.
C.
Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it to the Finance Servers and to the Payroll Servers OUs. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
D.
Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
Explanation:
The Securews.inf template contains policy settings that increase the security on a workstation or member server to a level that remains compatible with most functions and applications. The template includes many of the same account and local policy settings as Securedc.inf, and implements digitally signed communications and greater anonymous user restrictions.Audit Object Access
A user accesses an operating system element such as a file, folder, or registry key. To audit elements like these, you must enable this policy and you must enable auditing on the resource that you want to monitor. For example, to audit user accesses of a particular file or folder, you display its Properties dialog box with the Security tab active, navigate to the Auditing tab in the Advanced Security Settings dialog box for that file or folder, and then add the users or groups whose access to that file or folder you want to audit.Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapters 9 and 10