Your network contains an Active Directory domain named contoso.com. You have a Group
Policy object (GPO) named GP1 that is linked to the domain.GP1 contains a software
restriction policy that blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8.A local Group
Policy on Computer1 contains an application control policy that allows App1.
You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?
A.
FromComputer1, run gpupdate /force.
B.
From Group Policy Management, add an application control policy to GP1.
C.
From Group Policy Management, enable the Enforced option on GP1.
D.
In the local Group Policy of Computer1, configure a software restriction policy.
Applocker policy supersedes older software restriction policy
0
0
Why need to “add an application control policy to GP1.” ? already the policy will block it from domain no ?
0
0
No, Applocker policy take precedence over Software restriction policy, so you need to set Applocker policy in GP1.
https://technet.microsoft.com/en-us/library/hh994614.aspx
0
0
L/S/D/Ou! sisters.
it is all about how a computer processes these policies upon boot
It processes its own Local policies first.
Then the Site specific polices are processed.
Domain policies come a close 3rd
And the Ou specific policy is processed last. Whoever strikes last wins.
And the normal order at which GP is is processed is.
1/Local
2/Site
3/Domain
4/Organisational Unit
Ommitting LoopBacks and enforcements and all the other if and or’s!
0
0
I am not 100% sure but, wouldn’t the reason be below:
https://technet.microsoft.com/en-us/library/hh994614.aspx (Thanks Jony, just elaborating)
AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
and since this is a windows 8 machine it would fall into the “Windows 7 and Above” category so a new GP would need to be created using Applocker (Choice B)
0
0
it states that this a workgroup computer so AD group policy cannot be applied. I say last answer?
0
0
Re-read, ignore me!
0
0