You support Windows 10 Enterprise computers that are members of an Active Directory domain. Your
company policy defines the list of approved Windows Store apps that are allowed for download and installation.
You have created a new AppLocker Packaged Apps policy to help enforce the company policy.
You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.
What should you do?
A.
From Group Policy, enforce the new AppLocker policy in Audit Only mode.
B.
From Group Policy, run the Group Policy Results Wizard.
C.
From Group Policy, run the Group Policy Modeling Wizard.
D.
From PowerShell, run the Get-AppLockerPolicy –Effective command to retrieve the AppLocker effective
policy.
Explanation:
You can test an AppLocker Packaged Apps policy by running it in audit mode.
After AppLocker rules are created within the rule collection, you can configure the enforcement setting to
Enforce rules or Audit only.
When AppLocker policy enforcement is set to Enforce rules, rules are enforced for the rule collection and all
events are audited. When AppLocker policy enforcement is set to Audit only, rules are only evaluated but all
events generated from that evaluation are written to the AppLocker log.
Incorrect Answers:
B: The Group Policy Results Wizard is used to determine which group policy settings are applied to a user or
computer object and the net results when multiple group policies are applied. The Group Policy Results Wizard
is not used to test an AppLocker Packaged Apps policy.
C: The Group Policy Modeling Wizard calculates the simulated net effect of group policies. Group Policy
Modeling can also simulate such things as security group membership, WMI filter evaluation, and the effects of
moving user or computer objects to a different Active Directory container. The Group Policy Modeling Wizard is
not used to test an AppLocker Packaged Apps policy.
D: The Get-AppLockerPolicy –Effective command returns the effective AppLocker policy on the local
computer. The effective policy is the merge of the local AppLocker policy and any applied domain policies on
the local computer. The Get-AppLockerPolicy –Effective command is not used to test an AppLocker
Packaged Apps policy.https://technet.microsoft.com/en-us/library/ee791796(v=ws.10).aspx
agree