You are a system administrator for a department that has Windows 10 Enterprise computers in a
domain configuration. You deploy an application to all computers in the domain. You need to use
group policy to restrict certain groups from running the application. What should you do?
A.
Set up DirectAccess.
B.
Configure AppLocker.
C.
Disable BitLocker.
D.
Run the User State Management Tool.
Explanation:
AppLocker is a feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and
Windows 7 that advances the functionality of the Software Restriction Policies feature. AppLocker
contains new capabilities and extensions that reduce administrative overhead and help
administrators control how users can access and use files, such as executable files, scripts,
Windows Installer files, and DLLs. AppLocker rules can be applied to security groups. We can use
a group policy to apply AppLocker rules to the security groups to prevent them from running the
application.
Incorrect Answers:
A: DirectAccess is a remote access solution that enables remote access to company resources. It
cannot be used to prevent members of security groups from running an application.
C: BitLocker is used to encrypt data. It cannot be used to prevent members of security groups from
running an application.
D: The User State Management Tool is used for managing user profiles. It cannot be used to
prevent members of security groups from running an application.
https://technet.microsoft.com/enus/library/ee619725(v=ws.10).aspx#BKMK_WhatRruleConditions