Test 3 Study Questions
You are the network manager for the westsim.private domain. The SRV1 server runs all file and print services for the network. The DNS database has an A record that maps srv1.westsim.private to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the host name. Which zone should you create the record in?
16.168.192.in-addr.arpa
You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature ________________
AD-Domain-Services
Which of the following describes an additional domain?
Additional domains are second-level domains with names registered to an individual or organization for use on the Internet
You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)
Any other members of the Backup Operators group will be removed The Desktop Admins group will be made a member of the Backup Operators group
You are the systems administrator for WestSim Corporation. You have been assigned to set up a new branch office in Tulsa. The branch will be represented by a single domain. You install a single DNS server called TulsaDNS and configure a primary zone for the branch office domain. You test name resolution and find that hosts can only resolve names for hosts within the domain. You need to enable clients in the Tulsa location to resolve names for hosts in other domains within your private network. You would like to minimize traffic across the WAN link between the sites. What should you do?
Configure TulsaDNS to use forwarders
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?
Configure User Account Control (UAC) settings
You are a network engineer working for WestSim Corporation. The company has an Internet domain named westsim.com. The private network uses the namespace of private.westsim.com. Your company manages its own Domain Name System (DNS) servers that are authoritative for both of the company's name spaces. Your network consists of several subnets at multiple locations. Sites are connected with WAN links. www.private.westsim.com is an intranet web server that is commonly used throughout the company. You want to ensure that users can always access this server by name, even if an authoritative DNS server is not available. What should you do?
Configure each client computer's HOSTS file with an entry for www.private.westsim.com
You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the host name of all clients that try to access three sensitive servers in the accounting department. The application has been working for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP address but not the host name for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?
Create a primary reverse lookup zone for subnet 192.168.5.0
You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department use a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?
Create a restricted group named AcctMagic. Add the Accounting domain group as a member
You are system administrator with hundreds of host workstations to manage and maintain. You need to enable hosts on your network to find the IP addresses of alphanumeric host names such as srv1.myserver.com. Which of the following would you use?
DNS server
Your Active Directory network uses the internal DNS namespace private.westsim.com. Several other Active Directory domains also exist, which are children to the private.westsim.com domain. On the Internet, your company uses westsim.com for its public domain name. Your company manages its own DNS servers that are authoritative for the westsim.com zone. The private.westsim.com zone has been delegated to your company's Active Directory domain controllers, which are also DNS servers. Computers that are members of the private.westsim.com domain and all child domains must be able to resolve DNS names of Internet resources. However, to help secure your network, DNS queries for resources in the private.westsim.com domain and all child domains must never be sent to Internet DNS servers. Queries for Internet names must go first to your public DNS server that is authoritative for the westsim.com domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Choose two. Each correct choice is part of the solution.)
Delete root hints to Internet DNS servers on all DNS servers that are authoritative for the private.westsim.com zone or any child zone On all DNS servers that are authoritative for the private.westsim.com zone or any child zone, create a forwarders list. Forward to DNS servers that are authoritative for the parent zone
Your company uses westsim.com as its public Internet domain name. Your private network has a single Active Directory domain named westsim.local. All westsim.local authoritative DNS servers are configured to forward DNS requests across a firewall to external westsim.com authoritative DNS servers. Based on your security policy, the westsim.local authoritative DNS servers are not to contact other computers across the firewall. You manage all DNS servers that are authoritative for the westsim.com and westsim.local DNS domains. All client computers are members of the westsim.local Active Directory domain and are configured to use westsim.local authoritative DNS servers. Currently, all DNS servers have a root zone. Also, all DNS servers have the default configured cache.dns file in their %systemroot%\dns folder. Client computers on your network must resolve names in the Internet namespace and names in the westsim.local domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Select three. Each correct answer is part of the correct solution.)
Delete the root zone on all westsim.local authoritative DNS servers Delete the root zone on all westsim.com authoritative DNS servers Delete the cache.dns file on all westsim.local authoritative DNS servers
You manage the DNS servers for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. You would like to configure DC1 to use forwarders and root name servers to resolve all DNS name requests for unknown zones. You edit the DNS server properties for DC1. On the Forwarders tab, you find that the Use root hints if no forwarders are available option is disabled. You also find that the entire Root Hints tab is disabled, and you are unable to add any root hint servers. How can you configure the server to use the Internet root name servers for name resolution?
Delete the zone named . on DC1
You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?
Directory Service Changes
Which of the following DNS components automatically creates and deletes host records when an IP address lease is created or released?
Dynamic DNS
You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When a single label name is submitted for name resolution, you want the server to search using the following suffixes: sales.corp.westsim.com acct.corp.westsim.com corp.westsim.com westsim.com What should you do?
Edit the DNS suffix search list policy to configure the custom search suffixes of sales.corp.westsim.com, acct.corp.westsim.com, corp.westsim.com, and westsim.com
You manage a company network with a single Active Directory domain running on two domain controllers. The two domain controllers are also DNS servers and hold an Active Directory-integrated copy of the zone used on the private network. The network has five subnets with DHCP servers delivering IP address and other configuration to host computers. All host computers run Windows 10. You want to ensure that all client computers use the DNS server for DNS host name resolution. Hosts should not be able to automatically discover DNS host names, even for computers on their own subnet. What should you do?
Edit the default domain Group Policy object (GPO). Enable the Turn off Multicast Name Resolution policy
You are setting up a new network in a single location with a single domain named eastsim.com. You install a DHCP server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. What should you do to use dynamic updates to update DNS records in the zone automatically?
Enable dynamic updates on the eastsim.com zone
You are the network administrator for a single domain with three subnets. Two subnets have all Windows 10 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver configuration information to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?
Enable scavenging of stale resource records on the zone and the DNS server
Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security
Group Policy Management
You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the PowerShell command line. Which of the following PowerShell cmdlets will you need to enter? (Select two. Each correct answer is part of the complete solution.)
Import-Module ADDSDeployment Install-ADDSDomainController
You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties, but can't find the Protect object from accidental deletion setting. What should you do so you can configure this setting?
In Active Directory Users and Computers, select View > Advanced Features
Your company's internal namespace is westsim.local. This domain has two additional child domains named support.westsim.local and research.westsim.local. Due to security concerns, your company's internal network is not connected to the Internet. Following are the DNS servers that you manage for your company: Dns1, authoritative for . and westsim.local, IP address = 192.168.1.1 Dns2, authoritative for support.westsim.local, IP address = 192.168.2.1 Dns3, authoritative for research.westsim.local, IP address = 192.168.3.1 All internal DNS domains are Active Directory-integrated domains. You have configured Dns1 with appropriate delegation records for the child zones. How should you configure root hints for Dns2 and Dns3?
In DNS Manager, edit the properties for Dns2 and Dns3. On the Root Hints tab, remove all default root hints entries and then add an entry for Dns1
Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West and the child OUs Research, HR, Finance, Sales, and Operations. You have created a Group Policy Object (GPO) named DefaultSec, which applies security settings that you want to apply to all users and computers. You have created a second GPO named HiSec, which has more restrictive security settings that you want to apply to the HR and research departments. Both GPOs use custom security templates. You also want to ensure that strong password policies are applied to all client computers. How should you link the GPOs to the OUs? (Select three. Each correct answer is part of the complete solution.)
Link HiSec to the HR and Research OUs Link DefaultSec to the HQ_West OU Configure password policies on a GPO linked to the domain
Your company's Internet namespace is westsim.com, and your company's internal namespace is internal.westsim.com. Your network has two DNS servers, DNS1 and DNS2. DNS1 is configured with a root zone and is authoritative for the internal.westsim.com domain. DNS2 is authoritative for the westsim.com domain. All client computers are members of the internal.westsim.com domain and are configured to use DNS1 as the primary DNS server. Client computers on your internal network cannot resolve Internet DNS names. You verify that client computers can resolve internal DNS names successfully. You also verify that the internal DNS server is configured to forward all unresolvable DNS names to the company's Internet DNS server. You must keep your internal network as secure as possible while making sure that all client computers can resolve Internet DNS names successfully. What should you do?
On DNS1, delete the . zone
Your network has a single domain named southsim.com. DNS data for the domain is stored on the following servers: DNS1 holds the primary zone for southsim.com. DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?
On all three servers, change the zone type of the DNS zone to Active Directory-integrated
You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When an unqualified name is submitted for name resolution, you want the server to search using the following suffixes: sales.corp.westsim.com corp.westsim.com westsim.com You want to configure the solution with the least amount of effort possible. What should you do?
On the DNS tab, select Append parent suffixes of the primary DNS suffix
Your company has an Internet domain of westsim.com. Your internal network has three Active Directory domains named westsim.local, support.westsim.local, and research.westsim.local. You install a server named SL-SRV1 as a member of the westsim.local domain. You configure SL-SRV1 with a static IP address of 192.168.0.23. You configure the server to dynamically register its DNS name. Clients in the support.westsim.local domain need to access the SL-SRV1 server. Some users in the support.westsim.local domain are accustomed to using the support.westsim.local suffix when accessing network resources. To accommodate these users, you want to dynamically register the name SL-SRV1.support.westsim.local in addition to the SL-SRV1.westsim.local name in DNS. What should you do?
On the SL-SRV1 server, edit the advanced TCP/IP properties of the server's local area connection. Add a connection-specific suffix of support.westsim.local. Apply the changes and then run ipconfig /registerdns
You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?
Policy change events
You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?
Reboot the machine
You are the network administrator for your network. Your network consists of a single Active Directory domain. Your company recently mandated the following user account criteria: User accounts must be deactivated after three unsuccessful logon attempts. User account passwords must be at least 12 characters long. User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.)
Set Account lockout threshold to 3 Set Account lockout duration to 0 Set Minimum password length to 12
You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which action will occur?
The Backup Operators group will be made a member of the Desktop Admins group
You are the administrator for a domain named internal.widgets.com. This domain spans a single site (the Default-First-Site-Name site). You want to configure password and account lockout policies that Active Directory domain controllers will enforce. You have created a Group Policy object with the settings you want to apply. Most of the domain controllers are located in the Domain Controllers OU, although you have moved some domain controllers to a sub-OU called Secure Domain Controllers. Where should you link the Group Policy object that you created?
The internal.widgets.com domain
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs
User Rights Assignment
You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: Members of this group This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?
Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group
You manage the branch office for your company network. The branch office has a single Active Directory domain, branch1.westsim.private. All computers in the branch office are members of the domain. The branch office consists of two subnets and 50 host computers. Each subnet has its own DHCP server, while a single server on Subnet2 is both the domain controller and DNS server. Dynamic updates are enabled on the DNS zone. On Subnet1, you have a shared printer attached to Wrk5. Only computers on Subnet1 use this shared printer. How can you most easily make sure that all hosts on Subnet1 will continue to connect to the shared printer by name, even if the DNS server becomes unavailable?
View the settings in the Default Domain GPO to verify that theTurn off Multicast Name Resolution option is not enabled
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Which commands should you run?
netdom reset and then netdom join
You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?
Active Directory Users and Computers or Active Directory Sites and Services
You have added a new color printer to the network. You have only given certain users throughout the network permission to send print jobs to this printer. Some of these users are complaining that it takes a long time to find the new color printer in Active Directory to add it to their list of printers. What can you do to make this printer faster to find?
Add a global catalog server
You are the administrator of a network with two Active Directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the Windows Server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups. You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?
Add global groups to universal groups and then add those to domain local groups
You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?
Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group
Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.
Allow log on locally
You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do to only monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)
Audit successful system events Create a GPO to configure auditing. Link the GPO to the domain
You manage a group of 10 Windows workstations that are currently configured as a workgroup. Which are advantages you could gain by installing Active Directory and adding the computers to a domain? (Select two.)
Centralized configuration control Centralized authentication
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the Sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? (Select three. Each answer is a possible solution.)
Change the log in hours to extend past 5:30 pm Change Mary's account to never expire Unlock Mary's account
You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the account lockout duration of 99999. You need to configure your domain's account lockout policy to comply with your company's security policy. What should you do next?
Configure Account lockout duration as 0
You are an administrator for a company that uses Windows servers. In addition to Active Directory, you also provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only, and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients is strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?
Configure object access auditing in a GPO and link it to the domain.
You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston who are members of the sales.westsim.local domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate login and resource access response time. What should you do?
Configure one of the domain controllers in Houston to be a global catalog server
You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the Internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?
Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only
You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials
You are the administrator of a multi-domain Active Directory forest. You have a universal group called SalesExecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but SalesExecs does not appear as a choice. What should you do?
Convert the SalesExecs group from a distribution group to a security group
You are the administrator for ABC Corporation. The network has a single Active Directory domain called xyz.com. The Sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the Sales group you created does not show in the list of available objects. You check the properties of the group and find the details shown in the image. What do you need to do to assign permissions to the sales team?
Convert the group to a security group
You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. The company has a main office in New York and several international locations, including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy administrative templates to manage Group Policy in their location. You need to install the German version of the Group Policy administrative templates so they will be available when the new domain controller is deployed to Germany. What should you do?
Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the Managers global group. This group also has members from other organizational units. The Managers group has been given the read share permission to the Reports shared folder. Mary's user account (mhurd) has also been given the change share permission to the Reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?
Copy the mhurd user account. Assign the new account the change share permission to the Reports shared folder
You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied
Corp Domain Controllers
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)
Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs
You are the administrator of the westsim.com domain. Within the domain, you have OUs for the accounting, manufacturing, sales, and administration departments. You also have smaller OUs within each department OU, such as the ITAdmins OU in the Administration OU. You need to follow the principle of least privilege as you use the Delegation of Control wizard to complete the following: Give one user in each OU the rights necessary to manage user accounts in their OU. Give your assistants in the ITAdmins group rights to manage passwords for all users in the domain. Which of the following approaches can you use as you delegate control? (Select two. Each correct answer is part of the complete solution.)
Create a PasswordAdmin group in the ITAdmins OU. Make your assistants members of the PasswordAdmin group. In the westsim.com domain, delegate control to the PasswordAdmin group to perform password tasks Create a UserAdmin group in each department OU. Make the user in each OU a member of the UserAdmin group. In each department OU, delegate control to the UserAdmin group to perform user account tasks in that OU
Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU that one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory. What must you do to give your assistant access to this Group Policy template?
Create a central store on the SYSVOL share and copy the ADMX file into it
You manage a single domain named widgets.com. Organizational units (OUs) have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it automatically forwarded to all users in the list. Because the email list might change frequently, you do not want the email list to be used for assigning permissions. What should you do?
Create a distribution global group. For each user on the email list, make their user account a member of the group
You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running Windows Server. Your company has designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts for division managers. You have folders on your file servers that all division managers should have permission to access. For some resources, all division managers will need full control. For others, they will only need read or change permissions. You need a group strategy that will facilitate the assignment of permissions but minimize administrative effort. What should you do?
Create a global group called AllMgrs; make each of the existing division managers groups a member
You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called Reports on the Sales1 server in the westsim.com domain. You also have a shared folder called Contacts on the Sales6 server in the branch.westsim.com domain. All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?
Create a global group in each domain. Add users within each domain to the group. Create a universal group in westsim.com. Add the global groups from each domain to the universal group. Add the universal group to domain local groups in each domain. Assign permissions to the domain local groups.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. How can you make the change with the least amount of effort? (Select two.)
Create a group for the members of the Directors OU and then apply a granular password policy to the group Implement a granular password policy for each user in the Directors OU
You are the network administrator of a network that spans two locations, Atlanta and Dallas. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Dallas location was later added to the domain with its own domain controller. Atlanta and Dallas are connected using a dedicated WAN link. You have not used Active Directory Sites and Services to make any changes to the default sites configuration. Users in Dallas complain that logging on to the network often takes a long time. After monitoring the network traffic across the WAN link, you discover that users in Dallas are often authenticating to the domain controller in Atlanta. What is the first step in solving this problem?
Create a new site object and move the server object for the Dallas domain controller into the new site
You are the domain administrator for a single domain forest. Your company has based its top-level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's managers. What should you do? (Choose two. Each selection is a complete solution.)
Create a universal security group called AllMgrs and make each of the existing Division Manager groups a member Create a global security group called AllMgrs and make each of the existing Division Manager groups a member
You are the network administrator of a network that spans three locations, Atlanta, Chicago, and Denver. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Chicago and Denver locations were later added to the domain with their own domain controllers. These three locations each have their own subnet and are connected using dedicated WAN links. You have used Active Directory Sites and Services to change to the name of the Default-First-Site-Name to Atlanta, but that's all you've done so far. The IT manager wants you to continue configuring Active Directory Sites and Services to direct clients to local network resources for authentication. He does not want you to manage replication traffic at this time. Which of the following steps must you perform to complete this configuration? (Select three.)
Create subnet objects for Chicago, Denver, and Atlanta, and then link them to their respective sites Create site objects for Chicago and Denver Move the Chicago and Denver server objects into their respective site objects
You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami, and there are satellite offices in Boston and Chicago. There are Active Directory sites configured for all three geographic locations. The Default-First-Site-Name was renamed Miami. Each location has a single IP subnet configured and associated with the appropriate site. Each office has several domain controllers. The Boston office has recently expanded to three additional floors in the office building that they are in. The additional floors each have their own IP subnet and are connected by a router. The domain controllers for the Boston office are all located on one floor and are in the same subnet. You notice that the users working on the new floors in the Boston office are sometimes authenticating to domain controllers from other locations. You need to make sure that all authentication traffic over the WAN links is kept to a minimum. What should you do to the Active Directory Sites and Services configuration?
Create subnet objects for the new floors in the Boston office and link them to the Boston site
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, and you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you want to apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?
Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings
You have configured Active Directory Sites and Services to represent the physical layout of your network. As shown in the table below, each site has its own domain controller and subnet: Site Object Server Object Subnet Object Atlanta DC-ATL 192.168.1.0/24 Chicago DC-CHI 192.168.2.0/24 Denver DC-DEN 192.168.3.0/24 Phoenix DC-PHX 192.168.4.0/24 A user authenticates from a workstation with an IP address of 192.168.2.225 and a subnet mask of 255.255.255.0. Which domain controller is Active Directory going to send this authentication request to?
DC-CHI
You are the administrator of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have assistants who help with resetting passwords and managing group membership. You also want your assistants to help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?
Delegation of Control Wizard
You are the administrator for a network with two domains, westsim.com and sales.westsim.com. You have a shared folder called Reports on the Sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder: Mark in the westsim.com domain Mary in the sales.westsim.com domain You create a global group called Sales in westsim.com. You grant this group the necessary permissions to the Reports shared folder. You add Mark as a member of the group; however you are unable to add Mary as a group member. What should you do? (Select two. Each choice is a possible answer.)
Delete the existing group. Create a domain local group in sales.westsim.com. Add Mark and Mary as members and assign permissions to the share Convert the group to a universal group
You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource access performance for users in sites 2 and 3. What should you do?
Designate the domain controllers at sites 2 and 3 as global catalog servers
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the Accounting, Sales, and Support departments. User and computer accounts for each department are in their respective OUs. The Support department has very high turnover. Nearly every week, you need to add new user accounts. All user accounts have the same department and fax number settings. Each user account must also have permission to the Orders shared folder. You want to create a template account to use when creating new accounts in the future. What should you do? (Select three. Each is a required part of the solution.)
Disable the user account Create a group called Support. Make the template account a member of the Support group. Assign permissions for the group to the Orders shared folder Create a user account with the department and fax Number settings
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account to prevent it from being used to access network resources while she is away? (Select two.)
Disable the user account Set an account expiration time for the last day Maria will be in the office
When Active Directory is installed, several containers are created by default. Which default container would you be able to apply a Group Policy to?
Domain Controllers OU
You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO and link the GPO to the domain. After several days, you check Event Viewer, but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?
Edit the access list for the OU. Identify specific users and events to audit
You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?
Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit success of the Delete permission
You are the manager of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. Assistant administrators help you manage Active Directory objects. For each OU, you grant one of your assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to make sure that your assistants can't delete the OUs they are in charge of. What should you do? (Select two. Each choice is a possible solution.)
Edit the properties for each OU to prevent accidental deletion Remove full control permissions from each OU. Run the Delegation of Control wizard for each OU, granting permissions to perform the necessary management tasks
After configuring a password policy to require users to create strong passwords, you start to notice sticky notes stuck to monitors throughout the organization. The sticky notes often have strings of characters written on them that appear to be passwords. What can you do to prevent the security risk that this practice presents?
Educate users on how to create and remember strong passwords
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. How can you make sure Mary can log in?
Enable Mary's account
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?
Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location
You are the network administrator of a small network consisting of three Windows servers and 150 Windows workstations. Your network has a password policy in place with the following settings: Enforce password history: 10 passwords remembered Maximum password age: 30 days Minimum password age: 0 days Minimum password length: 8 characters Password must meet complexity requirements: Disabled Store password using reversible encryption: Disabled One day, while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they have found ways to beat it. When required to change the password, they simply change the password 10 times at the same sitting. Then they go back to the previous password. Your company has started a new security crackdown, and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are a combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)
Enable the Password must meet complexity requirements setting Enable the Minimum password age setting
You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?
Enable the Run all administrators in Admin Approval Mode setting in the Group Policy
You are the administrator for a small company that uses a Windows server to host a single domain. Mary Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image. What can you do to allow Mary to log in?
Enable the computer account
You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. What should you do to be able to check each server's log for the events? (Choose two. Each choice is a required part of the solution.)
Enable the logging of logon events Link the GPO to the Member Servers OU
Which of the following container objects are Active Directory built-in containers? (Select four.)
ForeignSecurityPrincipals ManagedServiceAccounts Computers Users
You have configured a new GPO. You use a scoping method to prevent it from applying to a specific user using a specific computer. Which tool can you use to see if your scoping method is successful?
Group Policy Results
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. You have hired a temporary worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?
In John's user account, add Ship01 to the Log On To list
You are the domain administrator for north.westsim.com, which is a child domain in westsim.com. You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the Everyone group. You need to grant the print permissions to marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains. What should you do?
In the North domain, create a Domain Local group called CLR-PRT. In all three domains, create a global group named Marketing. Add all three global groups to the North CLR-PRT group and assign the print permission to the group.
You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)
Link the GPO to the Domain Controllers OU Enable the logging of failed account logon events
You are managing rights on a standalone server. You want to make changes to the settings of the Restore Files and Directories policy. Which of the following is the tool you must use to make changes to this policy?
Local Group Policy Editor
You are consulting with the owner of a small network that has a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no Internet connectivity. The server contains possibly sensitive information, so the owner wants to make sure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to make sure that the files generate audit results? (Choose three. Each correct answer is part of the required solution.)
Make sure the Object Access auditing policy is configured for success and failure Make sure the correct users and groups are listed in the auditing properties of the files Make sure the files to be audited are on NTFS partitions
You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs
You need to configure the ENSERV16-VM03 server as a global catalog server. Where do you click in the Properties dialog to open the page that will allow you to select the global catalog option?
NTDS Settings...
You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the information systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?
On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.
You manage user accounts in the southsim.com domain. Each department is represented by an Organizational Unit (OU). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: A domain local group named ColorMagic-DL A global group named Sales-GG You want all users in the sales department to have access to the new printer. What should you do? (Select three. Each choice is a required part of the solution.)
On the Members tab for the Sales-GG group, add all sales user accounts On the Member Of tab for the Sales-GG group, add the ColorMagic-DL group On the ColorMagic printer object, assign permissions to the ColorMagic-DL group
You are in charge of designing the Active Directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. Your company is organized with four primary departments, accounting, manufacturing, sales, and administration. Each area is autonomous and reports directly to the CEO. The managers in each department want to make sure that some management control of their users and resources remains in the department. Which of the following design plans will best meet these requirements?
Plan 3 Create an organizational unit object for each department. Train a member of each department to perform limited administrative duties. Use the Delegation of Control wizard to give a member of each OU enough rights to perform the necessary administrative tasks only in the appropriate OU
You are the network administrator for your company. Your company has three standalone servers that run Windows Server. All servers are located in a single location. You have decided to create a single Active Directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design Active Directory, your goal is to allow these users to maintain their responsibilities while not giving them more permissions than they need. Which of the following design plans will best meet your goals?
Plan 4 Create an organizational unit (OU) structure where each department has its own OU. Use the Delegation of Control wizard to grant each computer support user appropriate permissions to their department OUs
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. You must ensure that the laptop is joined to the domain immediately, even if it cannot be physically connected to a domain controller. What should you do first?
Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command
You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. You want each programmer to join his or her new laptop to the domain. What should you do?
Prestage the computer accounts in Active Directory. Grant the programmers the rights to join the workstation to the domain
You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: eastsim.com Builtin Users Computers Domain Controllers Which steps must you perform to implement the desired password policy? (Select three. Each correct answer is part of the complete solution.)
Put the accounting employees user objects into the OU created for the accounting employees Configure the password policy and link it to the OU created for the accounting employees Create an OU in eastsim.com for the accounting employees
You are the administrator for a small network. You have approximately 50 users who are served by a single Windows server. You are providing Active Directory, DNS, and DHCP with this server. Your clients all use Windows workstations. Last week, an employee quit. A replacement has been hired and will be starting next Monday. The new user will need to have access to everything the previous user had, including document files held in the Home folder. You need to set up an account for the new user that all the access required. What should you do?
Rename the existing account, changing the name fields to match the new employee
You are the administrator for a large single-domain network. You have several Windows Server domain controllers and member servers. Your 3,500 client computers are Windows workstations. Today, one of your users has called for help. It seems that his computer is reporting that a trust cannot be established between his Windows computer and the domain controller. He is unable to log on to the domain. You examine the computer's account using Active Directory Users and Computers, and there is nothing obviously wrong. You need to allow this user to log on to the domain. What should you do?
Reset the computer account and rejoin the domain
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
Reset the computer account in Active Directory
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?
Security Options
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?
Select Failure for Audit account logon events
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user's group membership in a computer's local database. How can you create a policy that meets these requirements?
Select Failure for Audit account management
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. How can you create a policy that meets these requirements?
Select Failure for Audit object access
You have not yet installed Active Directory Domain Services (ADDS) on a new Windows Server system. You are planning to use the computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role? (Select two.)
Set the system time and time zone Configure the computer name
Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?
The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.
You want to give the TPlask user the right to log on to any of the domain controllers in your domain and gain access to the desktop. This user does not belong to any of the default groups that have the Allow log on locally right by default. Which of the following steps can you take to give the Allow log on locally right to this user? (Select two. Each correct answer is a complete solution.)
Use Active Directory Users and Computers to add the TPlask user account to the Administrators group Use Group Policy Management Editor to add the TPlask user account to the Allow log on locally policy
You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. When a new employee is hired in the sales department , you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. How can you simplify this process?
Use a programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when the user account is deleted
You are the administrator for the westsim.com domain, which has five domain controllers running Windows Server. The Active Directory structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston, New York, and Chicago. There are three departments within the company, sales, marketing, and accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?
Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their department OU
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?
User Rights
You are the administrator of a network with a single Active Directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. You receive a call Monday morning from the help desk. There are seven users who are unable to log in to the domain. Upon further investigation, you notice all seven accounts have been locked out. You need to unlock the user accounts with the least amount of administrative effort while complying with your security policy. What should you do next?
Using Active Directory Users and Computers, select Unlock Account for each account