The system administrator is tasked with changing the administrator password across all 2000 computers
in the organization. Which of the following should the system administrator implement to accomplish this
task?

A.
A security group

B.
A group policy

C.
Key escrow

D.
Certificate revocation

Explanation:
Group policy is used to manage Windows systems in a Windows network domain environment by means
of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, such as
password complexity requirements, password history, password length, account lockout settings.
Incorrect Answers:
A: Active Drectory security groups are used to assign permissions to shared resources. It will not assist the
system administrator in changing the administrator password across all 2000 computers in the
organization.
C: Key escrow allows for copies of private keys and/or secret keys are retained securely by a centralized
management system as a means of insurance or recovery in the event of a lost or corrupted key. It will
not assist the system administrator in changing the administrator password across all 2000 computers in
the organization.D: Revoking a certificate will not assist the system administrator in changing the administrator password
across all 2000 computers in the organization.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291, 319
https://technet.microsoft.com/en-us/library/dn579255.aspx