You have 10 domain controllers in a domain.
You need to prevent several members of domain admin groups from logging on the domain controller.
Which two objects should
you create and configure?
A. GPO to the domain
B. authentication policy
C. authentication policy silo
D. a central access policy
E. a user certificate
References: