You are the network administrator for TestKing. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The domain contains two domain controllers named Testking1 and Testking2. You use a Windows XP Professional client computer named Client1. In Active Directory, the domain administrator creates two new user accounts named NetAdmin1 and AdminUser1. The NetAdmin1 account is a member of the Domain Admins global group. The AdminUser1 account is a member of only the Users local group. You assign the AdminUser1 logon account the Allow log on locally user right in the Default Domain Controller Group Policy object (GPO). A new written security policy states that user accounts that are member of the Domain Admins global group should not be used to log on to the console of a domain controller. It also states that administrative tasks should be performed by using the Secondary Logon service. You need to create a new computer account in Active Directory, and you must comply with the new company security policy. What should you do?（）

• A、Log on to Testking1 by using the AdminUser1 user account. Run the dsa.msc command.
• B、Log on to Testking1 by using the NetAdmin1 user account. Run the dsa.msc command.
• C、Log on to Client1 by using the AdminUser1 user account. Run the runas /user:netadmin1 dsa.msc
• D、Log on to Client1 by using the NetAdmin1 user account. Run the runas /user:adminuser1 dsa.msc