Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012.
An Application named App1.exe is installed on all client computers. Multiple versions of App1.exe are installed
on different client computers. App1.exe is digitally signed.
You need to ensure that only the latest version of App1.exe can run on the client computers.
What should you create?
A.
AnApplication control policy packaged app rule
B.
A software restriction policy certificate rule
C.
AnApplication control policy Windows Installer rule
D.
AnApplication control policy executable rule
Explanation:
A: A publisher rule for a Packaged app is based on publisher, name and version B: You can create a certificate
rule that identifies software and then allows or does not allow the software torun, depending on the security
level.
C: For .msi or .msp
D: Executable Rules, for .exe and can be based on Publisher, Product name, filename and version.
Use Certificate Rules on Windows Executables for Software Restriction Policies This security setting
determines if digital certificates are processed when a user or process attempts to runsoftware with an .exe file
name extension. This security settings is used to enable or disable certificate rules, atype of software restriction
policies rule. With software restriction policies, you can create a certificate rule thatwill allow ordisallow
software that is signed by Authenticode to run, based on the digital certificate that isassociated with the
software. In order for certificate rules to take effect, you must enable this security setting.
When certificate rules are enabled, software restriction policies will check a certificate revocation list (CRL)
tomake sure the software’s certificate and signature are valid. This may decrease performance when start
signedprograms. You can disable this feature. On Trusted Publishers Properties, clear the Publisher and
Timestampcheck boxes.
http://technet.microsoft.com/en-us/library/dd759068.aspx http://technet.microsoft.com/en-us/library/hh994588.
aspx http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows- 8-usinggrouppolicy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules http://technet.microsoft.com/enus/library/cc782660%28v=ws.10%29.aspx
Hey! I understand this is kind of off-topic
however I had to ask. Does operating a well-established blog like yours require a large amount of work?
I’m completely new to writing a blog however I do write in my journal on a
daily basis. I’d like to start a blog so I can easily share my personal experience and thoughts online.
Please let me know if you have any kind of ideas or tips for new aspiring blog owners.
Thankyou!
Application Control Policy Executable
You should apply an application control policy for executable rules, and it can be based on version.
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2, Chapter 6: Create and Manage Group
Policy, Objective 6.2: Local Users and Groups, p. 329 http://technet.microsoft.com/en-us/library/
dd759068.aspx http://technet.microsoft.com/en-us/library/hh994588.aspx http://www.grouppolicy.biz/2012/08/
how-manage-published-a-k-a-metro-apps-in-windows-8- using-grouppolicy/
http://technet.microsoft.com/en-us/library/hh994597.aspx#BKMK_Cert_Rules
D
guys simple goto gpmc.msc then edit then computer config then policies then security settings then application control policies then app locker then right click on executable rules in it you will be asked for entering any .exe file