Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule.
You need to ensure that when users attempt to execute App1, the certificate for App1 is verified against a
certificate revocation list (CRL).
What should you do?
A.
Modify the rule for App1.
B.
Modify the Trusted Publishers Properties.
C.
Create a new certificate rule for App1.
D.
Modify the Enforcement Properties.
From what we know about Certificate Authentication, it requires the user to accept a digitally signed certificate, which states to the server that this application has been approved for use by the user. It then checks this against the “Trusted Publishers” store, which is the “Certificate Revocation List” (CRL), which contains the applications “Publisher’s Approval” – and if it is there it is accepted and the application will launch.
The policy settings in the Trusted Publishers tab of the certificate path validation policy allows administrators to control which certificates can be accepted as coming from a trusted publisher.