You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers.

Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man- in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis.

You also need to be able to verify the custom security settings during audits.

What should you do?

A.
Create a custom IPSec policy and assign it by using Group Policy.

B.
Create and apply a custom Administrative Template.

C.
Create a custom application server image and deploy it by using RIS.

D.
Create a custom security template and apply it by using Group Policy.

Explanation:
The easiest way to deploy multiple security settings to a Windows 2003 computer is to create a security template with all the required settings and import the settings into a group policy. We can also use secedit to analyse the current security settings to verify that the required security settings are in place.

Reference:

Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:57

“A Composite Solution With Just One Click” – Certification Guaranteed 100 Microsoft 70-293 Exam