Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four
member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain
user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A.
In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User
Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).
B.
In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User
Account Management. Move the member servers to a new organizational unit (OU). Link
GPO1 to the new OU.
C.
In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive
Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).
D.
In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive
Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to
the new OU.
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events
when the following user account management tasks are performed:
A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or
unlocked.
A user account password is set or changed.
Security identifier (SID) history is added to a user account.
The Directory Services Restore Mode password is set.
Permissions on accounts that are members of administrators groups are changed.
Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing
user accounts.