You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all client computers run Windows Vista.
The company consists of 30 database servers. An organizational unit (OU) called Data exists in AD domain that stores the computer accounts for these database servers. Another OU called Admin exists for the user accounts of the database administrators. The database administrators are also the members of a global group called Data_Admins.
Which of the following options would you choose to allow the database administrators to perform administrative tasks on the database servers while preventing them from performing administrative tasks on other servers?
A.
For Admin OU, deploy a group policy.
B.
In the Domain Admins global group, add the Data_Admins users.
C.
In the Server Operators domain local group, add the Data_Admins users.
D.
Deploy a group policy to the Data OU.
E.
None of the above
Explanation:
To allow the database administrators to perform administrative tasks on the database servers while preventing them from performing administrative tasks on other servers, you need to deploy a group policy to the Data OU.
Group Policy enables centralized, Active Directory based configuration and change management of computers running Windows Server 2008, Windows Vista, Windows XP and Windows Server 2003. The Group Policy settings you create are contained within a Group Policy Object (GPO) and associated with (or Linked to) a Domain, Site or Organizational Unity (OU) using the Group Policy Management Console (GPMC). By using the Group Policy Management Console to link a GPO to an object in Active Directory, you apply these settings to the Users and Computers contained therein.
Reference: Windows Server 2008 Springboard Series Part 02: Deploying and Managing Group Policy
http://71.203.223.220/files/WS08SBSprt02_GRPOL.docx