Your company has an Active Directory domain.
All consultants belongto a global groupnamed TempWorkers.
The TempWorkers groupis not nested in any other groups.
You move the computer objectsof three file serversto a new organizational unitnamed SecureServers.
These file servers contain only confidential data in shared folders.
You need to prevent members of the TempWorkers group from accessing the confidential data on the
file servers.
You must achieve this goal without affecting access to other domain resources.
What should you do?

A.
Create a new GPO and link it to the SecureServersorganizational unit. Assign the Deny access to this
computer from the network user right to the TempWorkers global group.

B.
Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network
user right to the TempWorkers global group.

C.
Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers
global group.

D.
Create a new GPO and link it to the SecureServersorganizational unit. Assign the Deny log on locally user
right to the TempWorkers global group.

Explanation:
Personal comment:
Basically, you need to create a GPO for the Secure Servers and deny the TempWorkers access to the shared
folders (implies access from the network).
“Deny log on locally” makes no sense in this instance, because we are reffering to shared folder and
supposedly physical access to servers should be highly restricted.
And best practices recommend that you link GPOs at the domain level only for domain wide purposes.