You have a Windows 7 computer that is a member of a workgroup.
You need to prevent members of a local group from starting a specific application.
You must achieve this goal by using the minimum amount of administrative effort.
What should you create?
A.
administrative template
B.
application control policy
C.
IPSec policy
D.
software restriction policy
Explanation:
AppLocker Application Control Policies
AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate
editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies,
though AppLocker policies have several advantages, such as the ability to be applied to specific user
or group accounts and the ability to apply to all future versions of a product. Hash rules apply only to
a specific version of an application and must be recalculated whenever you apply software updates
to that application. AppLocker policies are located in the Computer Configuration\Windows
Settings\ Security Settings\Application Control Policies node of a standard Windows 7 or Windows
Server 2008 R2 GPO.
AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the
startup type of this service is set to Manual. When testing AppLocker, you should keep the startup
type as Manual in case you configure rules incorrectly. In that event, you can just reboot the
computer and the AppLocker rules will no longer be in effect. Only when you are sure that your
policies are applied correctly should you set the startup type of the Application Identity Service to
Automatic. You should take great care in testing AppLocker rules because it is possible to lock down
a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker
policies are sometimes called application control policies.