You work as the network administrator at ABC.com. The ABC.com network consists of a single
Active Directory domain named ABC.com. The ABC.com network contains several servers and
several hundred client computers. All servers on the ABC.com network run Windows Server 2003.
The client computers run a mix of Windows 98, Windows NT Workstation, Windows 2000
Professional and Windows XP Professional.
How can you make sure that all client computers use Kerberos authentication when users log in to

the domain?

A.
Set up the domain controllers to require IPSec.

B.
By uABCrading the Windows 98 and Windows NT computers to Windows 2000 Professional or
Windows XP Professional computers.

C.
Apply a Group Policy Object to require Kerberos authentication.

D.
By configuring the Default Domain Controllers group policy to require Kerberos authentication.

E.
By configuring the Default Domain Controllers group policy to disallow NTLM authentication.

Explanation:
By default, in a Windows 2003 domain, Windows 2000 and Windows XP clients use
Kerberos as their authentication protocol. Windows 98 and Windows NT dont support Kerberos
authentication. Therefore, we need uABCrade the Windows 98 and Windows NT computers.
Reference:
J. C. Mackin, Ian McLean, MCSA/MCSE self-paced training kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft
Press, Redmond, Washington, 2004, p. 11: 39-42