Your company uses shared folders.
Usersare granted accessto the shared foldersby usingdomain local groups.
Oneof the shared folders contains confidential data.
You need to ensure that unauthorized users are not ableto access the shared folder that contains
confidential data.
What should you do?
A.
Enable the Do not trust this computer for delegation property on all the computers of unauthorized users by
using the Dsmod utility.
B.
Instruct the unauthorized users to log on by using the Guest account. Configure the Deny Full control
permission on the shared folders that hold the confidential data for the Guest account.
C.
Create a Global Group named Deny DLG. Place the global group that contains the unauthorized users into
the Deny DLG group. Configure the Allow Full control permission on the shared folder that hold the
confidential data for the Deny DLG group.
D.
Create a Domain Local Group named Deny DLG. Placethe global group that contains the unauthorized
users in to the Deny DLG group. Configure the Deny Full control permission on the shared folder that hold
the confidential data for the Deny DLG group.
Explanation:
http://technet.microsoft.com/en-us/library/cc755692%28v=ws.10%29.aspx
Group scope
Group scope
Any group, whether it is a security group or a distribution group, is characterized by a scope that identifies the
extent to which the group is applied in the domain tree or forest. The boundary, or reach, of a group scope is
also determined by the domain functional level setting of the domain in which it resides. There are three group
scopes: universal, global, and domain local.
The following table describes the differences between the scopes of each group.
When to use groups with domain local scope
Groups with domain local scope help you define and manage access to resources within a single domain. For
example, to give five users access to a particular printer, you can add all five user accounts in the printer
permissions list. If, however, you later want to give the five users access to a new printer, you mustagain
specify all five accounts in the permissions list for the new printer.
…
