###BeginCaseStudy###
Case Study: 1
Consolidated Messenger
Scenario:
You are an enterprise desktop support technician for Consolidated Messenger.
Network Configuration
The company has three offices named Office1, Office2, and Office3. The offices connect to
each other over the Internet by using VPN connections. Each office has an 802.11g wireless
access point. All wireless access points are configured to use Radius01 for authentication.
Active Directory Configuration
The network contains one Active Directory domain named consolidatedmessenger.com. The
relevant organizational unit structure is shown in the following diagram.
The relevant Group Policy objects (GPOs) in the domain are configured as shown in the
following table.
Applications
The relevant applications on the network are shown in the following table.
Server Configuration
The relevant servers are configured as shown in the following table.
Client Configuration
Each office has 500 desktop computers that run Windows 7 Enterprise. There are 250 mobile
users that travel regularly between all three offices. The mobile users have laptop computers
that run Windows 7 Enterprise. To prevent the spread of malware, the company restricts the
use of USB devices and only allows the use of approved USB storage devices.
Printers
The marketing group has several printers that are shared on File01. A shared printer name
Printer1 is a high-performance, black-and-white printer. A shared printer named Printer2 is a
high-definition, photo-quality, color printer. Printer2 should only be used to print marketing
brochures.
###EndCaseStudy###
The chief financial officer (CFO) releases new guidelines that specify that only users from finance are
allowed to run FinanceApp1. Users in the Marketing OU report that they can run FinanceApp1. You
need to ensure that only users in the Finance OU can run FinanceApp1. What should you do?
A.
In the AllComputers GPO, create a new AppLocker executable rule.
B.
In the Desktops GPO and the Laptops GPO, create a new Windows Installer rule.
C.
In the AllComputers GPO, create a software restriction policy and define a new hash rule.
D.
In the Desktops GPO and the Laptops GPO, create a software restriction policy and define a new
path rule.
Explanation:
Chapter 10 p 467- 468
Understanding the difference between SRP and AppLocker
You might want to deploy application control policies onto Windows operating systems earlier than
Windows. Server2008R2 or Windows7. You can use AppLocker policies only on the supported
editions of Windows. Server2008R2 and Windows7, but you can use SRP on supported editions of
Windows beginning with Windows Server2003 and WindowsXP.
http://technet.microsoft.com/en-us/library/ee460955(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx