A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows Vista and are members of the domain. A Group Policy object (GPO) configuring a software restriction policy is implemented in the domain to block a specific application.
You upgrade a computer to Windows 8.1 and implement a GPO that configures an AppLocker rule in the domain. The blocked application runs on the Windows 8.1 computer but not on the Windows Vista computers.
You need to ensure that the application is blocked from running on all computers and the AppLocker rule is applied to the computers in the domain.
What should you do?
A. Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.
B. Run the Get-AppLockerPolicy Windows PowerShell cmdlet.
C. Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
D. Configure the software restriction policy as a local policy on the Windows 8.1 computer.
E. Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
Correct Answer: A
Explanation/Reference:
Explanation:
Use AppLocker and Software Restriction Policies in the Same Domain
AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
http://technet.microsoft.com/en-us/library/ee791851%28v=ws.10%29.aspx
Both SRP and AppLocker use Group Policy for domain management. However, when SRP policies and AppLocker policies exist in the same domain and applied through Group Policy, AppLocker policies will take precedence over SRP policies on computers running Windows Server 2012, Windows Server 2008 R2, Windows 8 or Windows 7.
As an example of how both types of policy would affect the bank’s "Teller software" application, consider the following scenario where the application is deployed on different Windows desktop operating systems and managed by the Tellers GPO.
Further Information:
http://technet.microsoft.com/en-us/library/hh847214.aspx
Get-AppLockerPolicy
The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified Group Policy Object (GPO), or the effective policy on the computer. By default, the output is an AppLockerPolicy object. If the XML parameter is used, then the output will be the AppLocker policy as an XML-formatted string.
technet.microsoft.com/en-us/library/hh849812.aspx
Set-ExecutionPolicy
The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.
