Securing Windows Server 2016 — Question 162

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministartors can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers.
You need to prevent the FinanceAdministartors members from viewing the local administrators "˜passwords on the servers in FinanceServers. Which permission should you remove from FinanceAdministartors?

Answer options

• A. all extended rights
• B. read all properties
• C. read permissions
• D. list contents

Correct answer: A

Explanation

The correct answer is A, as removing 'all extended rights' will prevent the FinanceAdministrators group from viewing sensitive information like local Administrator passwords. Options B and C are incorrect because 'read all properties' and 'read permissions' do not specifically restrict access to the password information. Option D, 'list contents', is not relevant to password visibility and would not impact the ability to view passwords.