Home » Microsoft » 70-640 » What should you do?
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7.
From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration
settings in the Default Domain Policy Group Policy object (GPO).
You discover that the audit policy is not applied to the member servers.
The audit policy is applied to the client computers.
You need to ensure that the audit policy is applied to all member servers and all client computers.
What should you do?
A. Add a WMI filter to the Default Domain Policy GPO.
B. Modify the security settings of the Default Domain Policy GPO.
C. Configure a startup script that runs auditpol.exe on the member servers.
D. Configure a startup script that runs auditpol.exe on the domain controllers.
Correct Answer: C
Explanation/Reference:
Advanced audit policy settings cannot be applied using group policy to Windows Server 2008 servers. To circumvent that we have to use a logon script to apply the audit policy to the Windows Server 2008 member servers.
Reference1:
http://technet.microsoft.com/en-us/library/ff182311.aspx
Advanced Security Auditing FAQ
The advanced audit policy settings were introduced in Windows Vista and Windows Server 2008. The advanced settings can only be used on computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008.
Note
In Windows Vista and Windows Server 2008, advanced audit event settings were not integrated with Group Policy and could only be deployed by using logon scripts generated with the Auditpol.exe command-line tool. In Windows Server 2008 R2 and Windows 7, all auditing capabilities are integrated with Group Policy. This allows administrators to configure, deploy, and manage these settings in the Group Policy Management Console (GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU).