You are responsible for administering your companys network. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The companys written security policy stipulates that the system, security, and application event logs on all domain controllers must be periodically archived and manually cleared. Each log should not exceed 100 MB in size. Events must never be overwritten in any of the event logs. You must comply with the companys policy and ensure that your assistants, who have the authority to perform administrative tasks on domain controllers, cannot change the size and retention settings for event logs. What should you do?
A. Configure NTFS permissions for event log files so that only you can access them. B. Configure the appropriate log size and retention settings in the Default Domain Controllers Policy GPO. C. Add your assistants user accounts to the Backup Operators group in the domain. D. Create a script that will configure the appropriate log size and retention settings by editing the Registry. Run the script on each domain controller.
Configure the appropriate log size and retention settings in the default domain controllers policy gpo.-2. create a script that will configure the appropriate log size and retention settings by editing the registry. run the script on each domain controller.-explanation: in this scenario, you should configure the appropriate size and retention settings for the event logs in the default domain controllers policy gpo, which is the default gpo that is linked to the domain controllers organizational unit (ou). by default, all domain controllers reside in this ou. most of the settings that can be configured on individual computers locally can also be implemented through group policy objects (gpos). generally, gpo settings override the corresponding locally configured settings. thus, to apply the same configuration settings to multiple computers simultaneously and to prevent the administrators who manage those computers locally from changing those settings, you should implement the requisite configuration by using a gpo. you should not configure ntfs permissions for event log files so that only you can access them. ntfs file-level permissions for event log files cannot be used to control the size and retention settings for event logs. you should not add your assistants user accounts to the backup operators group in the domain. members of the built-in domain local backup operators group can back up and restore data on domain controllers regardless of their ntfs permissions. configuring membership in this group is irrelevant to implementing the requisite size and retention settings for event logs. if you configured event log size and retention settings by running a script that modified the registry on domain controllers, then the assistants who have enough authority to manage event logs would also be able to change the size and retention settings.