Identity with Windows Server 2016 — Question 170
Your company uses Active Directory Rights Management Services (AD RMS).
You need to ensure that only users who use AD RMS client version 2.1 or newer can obtain a rights account certificate from the AD RMS cluster.
What should you enable first?
Answer options
- A. decommissioning
- B. user exclusion
- C. lockbox exclusion
- D. Application Exclusion
Correct answer: C
Explanation
Enabling lockbox exclusion is necessary to restrict access based on client version, ensuring that only users with AD RMS client version 2.1 or newer can obtain a rights account certificate. The other options, such as decommissioning, user exclusion, and Application Exclusion, do not specifically control client version access to the rights account certificate.