PrepAway - Latest Free Exam Questions & Answers

You need to prevent App1 from running on Computer1

Your network contains an Active Directory domain named contoso.com. You have a Group Policy
object (GPO) named GP1 that is linked to the domain. GP1 contains a software restriction policy that
blocks an application named App1.
You have a workgroup computer named Computer1 that runs Windows 8. A local Group Policy on
Computer1 contains an application control policy that allows App1.

You join Computer1 to the domain.
You need to prevent App1 from running on Computer1.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
From Computer1, run gpupdate/force.

B.
From Group Policy Management, add an application control policy to GP1.

C.
From Group Policy Management, enable the Enforced option on GP1.

D.
In the local Group Policy of Computer1, configure a software restriction policy.

Explanation:
AppLocker policies take precedence over policies generated by SRP on computers that are running
an operating system that supports AppLocker.
AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the
GPO and local AppLocker policies or policies generated by SRP.

15 Comments on “You need to prevent App1 from running on Computer1

  3. Andreas says:

    Failed this question due to sloppy wording on “Applocker”. Since GPO takes precense over LGPO, and computer is now in the domain the only answer should be gpupdate, which is rediculus.




    1



    0
  8. billkom says:

    B seems the correct answer. TechNet article below It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.

    Use AppLocker and Software Restriction Policies in the Same Domain
    https://technet.microsoft.com/en-us/library/hh994614.aspx

    This topic for the IT professional describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
    Using AppLocker and Software Restriction Policies in the same domain

    ——————————————————————————–

    AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.

    The following table compares the features and functions of Software Restriction Policies (SRP) and AppLocker.




    0



    0
  10. bytezz says:

    B definitely…

    When an SRP and an Application Control policy are applied to a computer, the SRP is ignored. In this case, the Application Control policy is configured by local group policy, so the SRP is ignored. To remedy this, link a GPO that configures an Application Control policy to the domain so that the settings configured here (block App1) override the locally configured settings. This is due to the order in which policies are applied – the domain GPO being applied later than the local policy, hence it’s settings effectively “overwrite” those set locally.




    0



    0
  12. Jeroen says:

    How is B possible? the workgroup computer is NOT a domain member, so it will not be managed by the GPO, no matter which rule we set.
    So the solution is local on we workstation, D.




    0



    0

Leave a Reply