Which permission should you remove from FinanceAdministartors?

– by 2

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministartors can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers.
You need to prevent the FinanceAdministartors members from viewing the local administrators ‘passwords on the servers in FinanceServers. Which permission should you remove from FinanceAdministartors?
A. all extended rights
B. read all properties
C. read permissions
D. list contents

microsoft-exams

2 thoughts on “Which permission should you remove from FinanceAdministartors?

  1. given answer is correct.

    https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-solution-laps-implementation-hints-and-security-nerd-commentaryincluding-mini-threat-model/
    Access to the password is granted via the “Control Access” right on the attribute.
    Control Access is an “Extended Right” in Active Directory, which means if a user has been granted the “All Extended Rights” permission they’ll be able to see passwords even if you didn’t give them permission.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.