Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

The correct approach for delegating computer management effectively within the Sales department involves creating a group specifically for that department and a custom task delegation for Computer objects. This method allows for tailored permissions that cater specifically to the needs and structure of the Sales team.

By assigning permissions to a group instead of users individually, the administrator can efficiently manage access and maintain security. This setup ensures that only designated members of the Sales department can perform specific actions related to Computer objects, such as joining workstations to the domain or modifying computer properties. Such fine-grained control helps minimize the risk of unauthorized changes while empowering the team to manage their resources effectively.

This targeted approach contrasts with more general options, which may not provide the necessary specificity or control over permissions. For instance, creating a common task delegation for the entire Sales OU might lead to unintended access where team members could perform tasks irrelevant to their role, leading to potential security risks. Additionally, using the default groups available in Active Directory might not align with the specific needs of the Sales division, as these groups are often too broad and may lack the necessary permissions for effective management. Lastly, a single delegation for all IT staff could dilute the responsibilities and accountability, making it difficult to track actions taken on individual computers. Thus,