You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.

Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man-in-the-middle attacks during SMB communications. You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications.

Client computers must be able to use unsigned SMB communications with all other computers in the domain. What should you do to configure the file servers?

A.
Apply a security template that enables the Microsoft network server: Digitally sign communications (always) setting.

B.
Apply a security template that enables the Microsoft network server: Digitally sign communications (if client agrees) setting.

C.
Apply a security template that enables the Domain member: Digitally sign secure channel data (when possible) setting.

D.
Apply a security template that enables the Domain member: Digitally encrypt or sign secure channel data (always) setting.