| Author |
70-218 Q of the Day Tuesday 7/02
|
|
| mrfixit 2003-07-02, 8:29 am |
| Okay, I gave everyone a break yesterday. Now for a "tough" one! 
Ruscorp is the administrator of his company's single Windows 2000 Domain. The domain contains eight departmental organizational units. Each OU is controlled by a separate administrative group. During a routine security audit, Ruscorp discovers that the local Administrators groups on member servers contain users who are not administrators. Ruscorp wants to ensure that the local Administrators group on every server contains only valid administrator accounts from the appropriate department.
What should he do?
A) Configure Group Policy for each OU to specify the appropriate membership for the local Administrators group on the servers in that OU.
B) Configure Group Policy for the domain to specify the appropriate membership for the local Administrators group on the servers in that OU.
C) Configure Group Policy for the default Domain Controller OU to specify the appropriate membership for the local Administrators group on the servers in that OU.
D) In each OU, create a new child OU container that holds all of the appropriate Administrator user accounts for that OU. Configure a Group Policy for each of these new child OUs to specify the appropriate membership for the local Administrators group on the servers in that OU.
See you tomorrow! | |
| jeff50ho 2003-07-02, 10:07 am |
| I am not positive. I will say
B.) | |
| kklentz 2003-07-02, 12:47 pm |
| D. | |
| CmptrDude1 2003-07-02, 6:20 pm |
| If I'm understanding the question correctly, I would think D. would be an appropriate solution. | |
|
|
| stbourne 2003-07-03, 1:49 am |
| I'll say D also....
separating the two groups | |
| isles1 2003-07-03, 7:06 am |
| When I read the question, I was expecting one of the answers to mention the use of restricted groups, but this is not the case.
D) seems to be the best choice since it seems to imply the use of restricted groups with the creating of the child OUs, etc.. | |
| mrfixit 2003-07-03, 7:58 am |
| And the answer is:
Ruscorp is the administrator of his company's single Windows 2000 Domain. The domain contains eight departmental organizational units. Each OU is controlled by a separate administrative group. During a routine security audit, Ruscorp discovers that the local Administrators groups on member servers contain users who are not administrators. Ruscorp wants to ensure that the local Administrators group on every server contains only valid administrator accounts from the appropriate department.
What should he do?
D) In each OU, create a new child OU container that holds all of the appropriate Administrator user accounts for that OU. Configure a Group Policy for each of these new child OUs to specify the appropriate membership for the local Administrators group on the servers in that OU.
You must make the configuration at OU level. This is because you must specify the appropriate local administrators for each OU.
I'll post one more for today, and give the answer on Monday. |
|
|
|