HOTSPOT
Your network contains an Active Directory domain named contoso.com. All client computers run
Windows 8.
An administrator creates an application control policy and links the policy to an organizational unit
(OU) named OU1. The application control policy contains several deny rules. The deny rules apply to
the Everyone group.
You need to prevent users from running the denied application.
What should you configure?
To answer, select the appropriate object in the answer area.

Answer:

Explanation:

To enable the Enforce rules enforcement setting by using the Local Security Policy snap-in
1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you
want, and then click Yes.
3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click
Properties.
4. On the Enforcement tab, select the Configured check box for the rule collection that you want to
enforce, and then verify that Enforce rules is selected in the list for that rule collection.
5. Repeat step 4 to configure the enforcement setting to Enforce rules for additional rule collections.
6. Click OK.
You should apply an application control policy for executable rules. When AppLocker policies from
various GPOs are merged, both the rules and the enforcement modes are merged. The most similar
Group Policy setting is used for the enforcement mode, and all rules from linked GPOs are applied.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and Manage
Group Policy, Objective 6.2: Local Users and Groups, p. 329
http://technet.microsoft.com/en-us/library/dd759115.aspx