0% found this document useful (0 votes)

334 views

Powershell Commandlets - AppLocker Module

What the commandlets are and how to use those used within the AppLocker module

Uploaded by

leslewis65

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

334 views

Powershell Commandlets - AppLocker Module

What the commandlets are and how to use those used within the AppLocker module

Uploaded by

leslewis65

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 28

Powershell Commandlets

AppLocker Module

Compiled by Les Lewis

This information was taken directly from the Get-Help files within the AppLocker commandlets.

This is for informational use, placed into an easy to read format.

Page |1
Table of Contents
What is it used for? ..................................................................................................................................... 4
Get-AppLockerFileInformation .................................................................................................................... 6
SYNOPSIS ............................................................................................................................................... 6
SYNTAX .................................................................................................................................................... 6
DESCRIPTION ......................................................................................................................................... 6
PARAMETERS ........................................................................................................................................... 6
INPUTS .................................................................................................................................................... 9
OUTPUTS.................................................................................................................................................. 9
RELATED LINKS .................................................................................................................................. 11
Get-AppLockerPolicy ................................................................................................................................ 12
SYNOPSIS ............................................................................................................................................. 12
SYNTAX .................................................................................................................................................. 12
DESCRIPTION ....................................................................................................................................... 12
PARAMETERS ......................................................................................................................................... 12
INPUTS .................................................................................................................................................. 14
OUTPUTS................................................................................................................................................ 14
RELATED LINKS .................................................................................................................................. 15
New-AppLockerPolicy ............................................................................................................................... 16
SYNOPSIS ............................................................................................................................................. 16
SYNTAX .................................................................................................................................................. 16
DESCRIPTION ....................................................................................................................................... 16
PARAMETERS ......................................................................................................................................... 16
INPUTS .................................................................................................................................................. 19
OUTPUTS................................................................................................................................................ 19
RELATED LINKS .................................................................................................................................. 20
Set-AppLockerPolicy ................................................................................................................................. 21
SYNOPSIS ............................................................................................................................................. 21
SYNTAX .................................................................................................................................................. 21
DESCRIPTION ....................................................................................................................................... 21
PARAMETERS ......................................................................................................................................... 21
INPUTS .................................................................................................................................................. 23
OUTPUTS................................................................................................................................................ 23
RELATED LINKS .................................................................................................................................. 23
Test-AppLockerPolicy ............................................................................................................................... 25

Page |2
SYNOPSIS ............................................................................................................................................. 25
SYNTAX .................................................................................................................................................. 25
DESCRIPTION ....................................................................................................................................... 25
PARAMETERS ......................................................................................................................................... 25
INPUTS .................................................................................................................................................. 27
OUTPUTS................................................................................................................................................ 27
RELATED LINKS .................................................................................................................................. 28

Page |3
What is it used for?
Exposes Windows Installer functionality to Windows PowerShell

Page |4
Page |5
Get-AppLockerFileInformation
SYNOPSIS
Gets the file information necessary to create AppLocker rules from
a list of files or an event log.

SYNTAX
Get-AppLockerFileInformation [[-Path] <List<String>>] [-
InformationAction {SilentlyContinue | Stop | Continue | Inquire |
Ignore | Suspend}] [-InformationVariable <System.String>]
[<CommonParameters>]

Get-AppLockerFileInformation [-FileType {Exe | Dll |

WindowsInstaller | Script | Appx}] [-InformationAction
{SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}]
[-InformationVariable <System.String>] [-Recurse] -Directory
<String> [<CommonParameters>]

Get-AppLockerFileInformation [-EventType
<List<AppLockerEventType>>] [-InformationAction {SilentlyContinue |
Stop | Continue | Inquire | Ignore | Suspend}] [-
InformationVariable <System.String>] [-LogPath <String>] [-
Statistics] -EventLog [<CommonParameters>]

Get-AppLockerFileInformation [[-Packages] <List<AppxPackage>>] [-

InformationAction {SilentlyContinue | Stop | Continue | Inquire |
Ignore | Suspend}] [-InformationVariable <System.String>]
[<CommonParameters>]

DESCRIPTION
The Get-AppLockerFileInformation cmdlet gets the AppLocker file
information from a list of files or an event log. File information
includes the publisher information, file hash, and file path.

The file information from an event log may not contain all of the
publisher information, file hash, and file path fields. Files that
are not signed will not have any publisher information.

PARAMETERS
-Directory <String>
Specifies the directory that contains the files for which to get
the file information. If all subfolders and files in the specified
directory are to be searched, then include the Recurse parameter

Required? true
Position? named
Default value none
Accept pipeline input? false

Page |6
Accept wildcard characters? false

-EventLog <SwitchParameter>
Specifies that the file information is retrieved from the event
log.

Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-EventType [<List<AppLockerEventType>>]
Specifies the event type by which to filter the events. The
acceptable values for this parameter are: Allowed, Denied, or
Audited. The event types correspond to the Informational, Error,
and Warning level events in the AppLocker event logs.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-FileType [<List<AppLockerFileType>>]
Specifies the generic file type for which to search. All files
having the appropriate file name extension will be included.
The acceptable values for this parameter are: EXE, Script, MSI, and
DLL.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationAction [<System.Management.Automation.ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<System.String>]

Page |7
Specifies a variable in which to store an information event
message.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-LogPath [<String>]
Specifies the log name or file path of the event log where the
AppLocker events are located. By default, if this parameter is not
specified, the local Microsoft-Windows-AppLocker/EXE and DLL
channel is used.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Packages [<List<AppxPackage>>]
Specifies a list of installed packaged applications, from which the
file information is retrieved.

Required? false
Position? 1
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-Path [<List<String>>]
Specifies a list of paths to the files from which the file
information is retrieved. Supports regular expressions.

Required? false
Position? 1
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-Recurse [<SwitchParameter>]
Specifies that all files and folders in the specified directory
will be searched.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Statistics [<SwitchParameter>]

Page |8
Specifies the statistics to retrieve on the files included in the
event log. Calculates a simple sum of the number of times a file is
included in the event log based on specified parameters.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information,
see about_CommonParameters
(http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS
None

OUTPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileI
nformation

System.String

EXAMPLE 1

PS C:\>Get-AppLockerFileInformation -Directory C:\Windows\system32\

-Recurse -FileType exe, script

This example gets the file information for all the .exe files and
scripts under %windir%\system32.

EXAMPLE 2

PS C:\>Get-AppLockerFileInformation -Path "C:\Program Files

(x86)\Internet Explorer\iexplore.exe" | Format-List
Path : %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE
Publisher : CN=WINDOWS MAIN BUILD LAB ACCOUNT\WINDOWS® INTERNET
EXPLORER\IEXPLORE.EXE,10.0.8421.0
Hash : SHA256
0x5F374C2DD91A6F9E9E96F149EE221EC0454649F50E1AF6D3DAEFB849FB7C551C
AppX : False

Page |9
PS C:\>Get-AppLockerFileInformation -Path "C:\Program
Files\Internet Explorer\iexplore.exe" | Format-List
Path : %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE
Publisher : CN=WINDOWS MAIN BUILD LAB ACCOUNT\WINDOWS® INTERNET
EXPLORER\IEXPLORE.EXE,10.0.8421.0
Hash : SHA256
0x5F374C2DD91A6F9E9E96F149EE221EC0454649F50E1AF6D3DAEFB849FB7C551C
AppX : False

This example gets the file information for the file specified by
the path.

EXAMPLE 3

PS C:\>Get-AppXPackage –AllUsers | Get-AppLockerFileInformation

Path :
windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
.appx
Publisher : CN=Microsoft Windows, O=Microsoft Corporation,
L=Redmond, S=Washington,
C=US\windows.immersivecontrolpanel\APPX,6.2.0.0
Hash :
AppX : True

Path :
windows.RemoteDesktop_1.0.0.0_neutral_neutral_cw5n1h2txyewy.appx
Publisher : CN=Microsoft Windows, O=Microsoft Corporation,
L=Redmond, S=Washington, C=US\windows.RemoteDesktop\APPX,1.0.0.0
Hash :
AppX : True

Path : WinStore_1.0.0.0_neutral_neutral_cw5n1h2txyewy.appx
Publisher : CN=Microsoft Windows, O=Microsoft Corporation,
L=Redmond, S=Washington, C=US\WinStore\APPX,1.0.0.0
Hash :
AppX : True

This example outputs the file information for all the packaged
applications installed on this machine for all users.

EXAMPLE 4

PS C:\>Get-AppLockerFileInformation -EventLog -EventType Audited

This example outputs the file information for all the Audited
events in the local event log. Audited events correspond to the
Warning event in the AppLocker audit log.

EXAMPLE 5

P a g e | 10
PS C:\>Get-AppLockerFileInformation -EventLog -EventType Allow -
Statistics

This example displays statistics for all the Allowed events in the
local event log. For each file in the event log, the cmdlet will
sum the number of times the event type occurred.

EXAMPLE 6

PS C:\>Get-AppLockerFileInformation -EventLog -EventType Audited |

New-AppLockerPolicy -RuleType Publisher, Hash, Path -User Everyone
-Optimize | Set-AppLockerPolicy -LDAP LDAP://TestGPO

This example creates a new AppLocker policy from the warning events
in the local event log and sets the policy of a test Group Policy
Object (GPO).

RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287248
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy
Get-AppxPackage

P a g e | 11
Get-AppLockerPolicy
SYNOPSIS
Gets the local, the effective, or a domain AppLocker policy.

SYNTAX
Get-AppLockerPolicy [-InformationAction {SilentlyContinue | Stop |
Continue | Inquire | Ignore | Suspend}] [-InformationVariable
<System.String>] [-Xml] -Local [<CommonParameters>]

Get-AppLockerPolicy [-InformationAction {SilentlyContinue | Stop |

Continue | Inquire | Ignore | Suspend}] [-InformationVariable
<System.String>] [-Xml] -Domain -Ldap <String> [<CommonParameters>]

Get-AppLockerPolicy [-InformationAction {SilentlyContinue | Stop |

Continue | Inquire | Ignore | Suspend}] [-InformationVariable
<System.String>] [-Xml] -Effective [<CommonParameters>]

DESCRIPTION
The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from
the local Group Policy Object (GPO), a specified Group Policy
Object (GPO), or the effective policy on the computer.

By default, the output is an AppLockerPolicy object. If the Xml

parameter is used, then the output will be the AppLocker policy as
an XML-formatted string.

PARAMETERS
-Domain <SwitchParameter>
Gets the AppLocker policy from the GPO specified by the path given
in the Ldap parameter.

Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Effective <SwitchParameter>
Gets the effective AppLocker policy on the local computer. The
effective policy is the merge of the local AppLocker policy and any
applied AppLocker domain policies on the local computer.

Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

P a g e | 12
-InformationAction [<System.Management.Automation.ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<System.String>]
Specifies a variable in which to store an information event
message.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Ldap <String>
Specifies the LDAP path of the GPO and must specify a unique GPO.

Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Local <SwitchParameter>
Gets the AppLocker policy from the local GPO.

Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Xml [<SwitchParameter>]
Specifies that the AppLocker policy be output as an XML-formatted
string.

Required? false
Position? named
Default value none
Accept pipeline input? false

P a g e | 13
Accept wildcard characters? false

INPUTS
None

OUTPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLo
ckerPolicy

AppLockerPolicy

System.String

EXAMPLE 1

PS C:\>Get-AppLockerPolicy -Local
Version RuleCollections
RuleCollectionTypes
------- ---------------
-------------------
1 {}
{}

This example gets the local AppLocker policy as an AppLockerPolicy

object.

EXAMPLE 2

PS C:\>Get-AppLockerPolicy -Domain -LDAP

"LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-
00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"

This example gets the AppLocker policy of the unique GPO specified
by the LDAP path as an AppLockerPolicy object.

EXAMPLE 3

PS C:\>Get-AppLockerPolicy -Effective -Xml | Set-Content

('c:\temp\curr.xml')

P a g e | 14
This example gets the effective policy on the computer, and then
sends it in XML-format to the specified file on an existing path.

EXAMPLE 4

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path

C:\Windows\System32\*.exe -User Everyone

This example gets the local AppLocker policy on the computer, and
then tests the policy using the Test-AppLockerPolicy cmdlet to test
whether the .exe files in C:\Windows\System32 will be allowed to
run by the Everyone group.

RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287249
Get-AppLockerFileInformation
New-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy

P a g e | 15
New-AppLockerPolicy
SYNOPSIS
Creates a new AppLocker policy from a list of file information and
other rule creation options.

SYNTAX
New-AppLockerPolicy [-FileInformation] <List<FileInformation>> [-
IgnoreMissingFileInformation] [-InformationAction {SilentlyContinue
| Stop | Continue | Inquire | Ignore | Suspend}] [-
InformationVariable <System.String>] [-Optimize] [-RuleNamePrefix
<String>] [-RuleType <List<RuleType>>] [-ServiceEnforcement
<System.String>] [-User <String>] [-Xml] [<CommonParameters>]

DESCRIPTION
The New-AppLockerPolicy cmdlet uses a list of file information to
automatically generate a list of rules for a given user or group.
Rules can be generated based on publisher, hash, or path
information.

Run the Get-AppLockerFileInformation cmdlet to create the list of

file information.

By default, the output is an AppLockerPolicy object. If the Xml

parameter is specified, the output will be the AppLocker policy as
an XML-formatted string.

PARAMETERS
-FileInformation <List<FileInformation>>
Specifies a file that can contain publisher, path, and hash
information. Some information may be missing, such as publisher
information for an unsigned file.

Required? true
Position? 1
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-IgnoreMissingFileInformation [<SwitchParameter>]
Specifies that, if a rule cannot be created for a file because of
missing file information, then evaluation of the remaining file
information will continue and a warning log of the files skipped
will be generated.

Required? false
Position? named
Default value none

P a g e | 16
Accept pipeline input? false
Accept wildcard characters? false

-InformationAction [<System.Management.Automation.ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<System.String>]
Specifies a variable in which to store an information event
message.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Optimize [<SwitchParameter>]
Specifies that similar rules will be grouped together.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-RuleNamePrefix [<String>]
Specifies a name to add as the prefix for each rule that is
created.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-RuleType [<List<RuleType>>]
Specifies the type of rules to create from the file information.
Publisher, path, or hash rules can be created from the file
information.

P a g e | 17
Multiple rule types may be specified. Therefore, that there are
backup rule types if the necessary file information is not
available.

For example, if Publisher, Hash is specified for this parameter,

then the hash rules are applied when publisher information is not
available.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-ServiceEnforcement [<System.String>]
Specifies whether the AppLocker policy for EXE and DLL rule
collections applies to non-interactive processes. The acceptable
values for this parameter are:

-- NotConfigured
-- Enabled
-- ServicesOnly

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-User [<String>]
Specifies the user or group to which the rules are applied. The
acceptable values for this parameter are:

-- DNS user name (domain\username)

-- User Principal Name ([email protected])
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-
1103)

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Xml [<SwitchParameter>]
Specifies that the output of the AppLocker policy be as an XML-
formatted string.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

P a g e | 18
<CommonParameters>
This cmdlet supports the common parameters: Verbose,
Debug,ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, pipelineVariable, and OutVariable. For more information,
see about_CommonParameters
(http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileI
nformation

OUTPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLo
ckerPolicy

AppLockerPolicy

System.String

EXAMPLE 1

C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-

AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher,
Hash -User Everyone -RuleNamePrefix System32

Version RuleCollections RuleCollectionTypes

------- --------------- -------------------
1
{Microsoft.Security.ApplicationId.Po... {Exe}

This example creates an AppLocker policy that contains allow rules

for all of the executable files in C:\Windows\System32. The policy
contains publisher rules for those files with publisher information
and hash rules for those that do not. The rules are prefixed with
System32: and the rules apply to the Everyone group.

EXAMPLE 2

C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-

AppLockerFileInformation | New-AppLockerPolicy -RuleType Path -User
Everyone -Optimize -XML <AppLockerPolicy
Version="1"><RuleCollection Type="Exe"
EnforcementMode="NotConfigured"><FilePathRule Id="31B2F340-016D

P a g e | 19
-11D2-945F-00C04FB984F9" Name="%SYSTEM32%\*" Description="" 10
UserOrGroupSid="S-1-5-21-3165297888-301567370-576410423-13"
Action="cAllow"><Conditions><FilePathCondition Path="%SYSTEM32%\*"
/></Conditions></FilePathRule></RuleCollection> </AppLockerPolicy>

This example creates an XML-formatted AppLocker policy for all of

the executable files in C:\Windows\System32. The policy contains
only path rules, the rules are applied to the Everyone group, and
the Optimize parameter indicates that similar rules are grouped
together where possible.

EXAMPLE 3

C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-

Windows-AppLocker/EXE and DLL" -EventType Audited | New-
AppLockerPolicy -RuleType Publisher,Hash -User domain\FinanceGroup
-IgnoreMissingFileInformation | Set-AppLockerPolicy -LDAP
"LDAP://DC13.TailspinToys.com/CN={31B2F340-016D-11D2-945F-
00C04FB984F9},CN=Policies,CN=System,DC=WingTipToys,DC=com"

This example creates a new AppLocker policy from the audited events
in the local Microsoft-Windows-AppLocker/EXE and DLL event log. All
of the rules will be applied to the domain\FinanceGroup group.
Publisher rules are created when the publisher information is
available, and hash rules are created if the publisher information
is not available. If only path information is available for a file,
then the file is skipped because the IgnoreMissingFileInformation
parameter is specified, and the file is included in the warning
log. If the IgnoreMissingFileInformation parameter is not specified
when file information is missing, then the cmdlet exits because it
cannot create the specified rule type. After the new AppLocker
policy is created, the AppLocker policy of the specified Group
Policy Object (GPO) is set. The existing AppLocker policy in the
specified GPO will be overwritten.

RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287250
Get-AppLockerFileInformation
Get-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy

P a g e | 20
Set-AppLockerPolicy
SYNOPSIS
Sets the AppLocker policy for the specified GPO.

SYNTAX
Set-AppLockerPolicy [-XmlPolicy] <String> [-InformationAction
{SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}]
[-InformationVariable <System.String>] [-Ldap <String>] [-Merge]
[<CommonParameters>]

Set-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-

InformationAction {SilentlyContinue | Stop | Continue | Inquire |
Ignore | Suspend}] [-InformationVariable <System.String>] [-Ldap
<String>] [-Merge] [<CommonParameters>]

DESCRIPTION
The Set-AppLockerPolicy cmdlet sets the specified GPO to contain
the specified AppLocker policy. If no Lightweight Directory Access
Protocol (LDAP) is specified, then the default is the local GPO.

The input values for the AppLocker policy can be an AppLockerPolicy

object or an XML-formatted file that contains the AppLocker policy.

PARAMETERS
-InformationAction [<System.Management.Automation.ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<System.String>]
Specifies a variable in which to store an information event
message.

Required? false
Position? named

P a g e | 21
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Ldap [<String>]
Specifies the LDAP path of the GPO. It must specify a unique GPO.
If this parameter is not specified, then the local AppLocker policy
is set.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Merge [<SwitchParameter>]
Merges the rules in the specified AppLocker policy with the
AppLocker rules in the target GPO specified in the LDAP path. The
merging of policies will remove rules with duplicate rule IDs, and
the enforcement setting specified by the AppLocker policy in the
target GPO will be preserved. If the Merge parameter is not
specified, then the new policy will overwrite the existing policy.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-PolicyObject <AppLockerPolicy>
Specifies the AppLockerPolicy object that contains the AppLocker
policy. Can be obtained from the Get-AppLockerPolicy and the
New-AppLockerPolicy cmdlets.

Required? true
Position? 1
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-XmlPolicy <String>
Specifies the path where the XML-formatted file that contains the
AppLocker policy is saved.

Required? true
Position? 1
Default value none
Accept pipeline input? false
Accept wildcard characters? false

P a g e | 22
see about_CommonParameters
(http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLo
ckerPolicy

AppLockerPolicy

System.String

OUTPUTS
None

EXAMPLE 1

PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml

This example sets the local AppLocker policy to the policy

specified in C:\Policy.xml.

EXAMPLE 2

PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml -LDAP

"LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-
00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"

This example sets the GPO specified in the LDAP path to contain the
AppLocker policy that is specified in C:\Policy.xml.

EXAMPLE 3

PS C:\> Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP

"LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-
00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge

This example gets the local AppLocker policy, and then merges the
policy with the existing AppLocker policy in the GPO specified in
the LDAP path. For more information on how two policies are merged,
see the Merge parameter description.

RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287251

P a g e | 23
Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy

P a g e | 24
Test-AppLockerPolicy
SYNOPSIS
Specifies the AppLocker policy to determine whether the input files
will be allowed to run for a given user.

SYNTAX
Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter
<List<PolicyDecision>>] [-InformationAction {SilentlyContinue |
Stop | Continue | Inquire | Ignore | Suspend}] [-
InformationVariable <System.String>] [-User <String>] -Path
<List<String>> [<CommonParameters>]

Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter

<List<PolicyDecision>>] [-InformationAction {SilentlyContinue |
Stop | Continue | Inquire | Ignore | Suspend}] [-
InformationVariable <System.String>] [-User <String>] -Packages
<List<AppxPackage>> [<CommonParameters>]

Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-Filter

DESCRIPTION
The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to
determine whether a list of files is allowed to run on the local
computer for a specified user.

To test AppLocker rules for a nested group, a representative member

of the nested group should be specified for the User parameter. For
example, a rule that allows the Everyone group to run calc.exe may
not appear to apply correctly when the nested Finance group for the
User parameter is specified. Instead, a representative member of
the Finance group should be specified for the User parameter.

PARAMETERS
-Filter [<List<PolicyDecision>>]
Specifies the policy decision by which to filter the output for
each input file. The acceptable values for this parameter are:
Allowed, Denied, DeniedByDefault, or AllowedByDefault.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

P a g e | 25
-InformationAction [<System.Management.Automation.ActionPreference>]
Specifies how this cmdlet responds to an information event. The
acceptable values for this parameter are:

-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-InformationVariable [<System.String>]
Specifies a variable in which to store an information event
message.

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-Packages <List<AppxPackage>>
Specifies a list of installed packaged applications, from which the
file information is retrieved.

Required? true
Position? named
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-Path <List<String>>
Specifies the list of the file paths to test. Regular expressions
are supported.

Required? true
Position? named
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-PolicyObject <AppLockerPolicy>
Specifies the Applocker policy. Can be obtained from the Get-
AppLockerPolicy or the New-AppLockerPolicy cmdlet.

Required? true
Position? 1

P a g e | 26
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false

-User [<String>]
Defines the user or group to be used for testing the rules in a
specified AppLocker policy. The acceptable values for this
parameter are:

-- DNS user name (domain\username)

-- User Principal Name ([email protected])
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-
1103)

Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false

-XmlPolicy <String>
Specifies the file path and name of the XML-formatted file that
contains the AppLocker policy.

Required? true
Position? 1
Default value none
Accept pipeline input? false
Accept wildcard characters? false

INPUTS
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLo
ckerPolicy

AppLockerPolicy

OUTPUTS
Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDe
cision

P a g e | 27
EXAMPLE 1

PS C:\>Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path

c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User
Everyone

This example reports if calc.exe and notepad.exe will be allowed to

run for Everyone under the policy specified by C:\Policy.xml.

EXAMPLE 2

PS C:\>Get-ChildItem C:\windows\system32\*.exe | Test-

AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault

This example lists the executables under C:\Windows\System32 that

everyone will be denied by the policy specified by C:\Policy.xml
because there is no explicit rule for the file.

EXAMPLE 3

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path

C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied |
Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)

This example gets the local AppLocker policy, uses the policy to
determine which executables in C:\Windows\System32 that
contoso\saradavis is explicitly denied access to run, and then
redirects the list to a text file.

EXAMPLE 4

PS C:\>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy

.\SamplePolicy.xml

This example lists all the packages installed on this computer, for
all the users, and tests them against a saved policy.

RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287252
Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Get-AppxPackage

P a g e | 28

Google Hacking Database
83% (18)
Google Hacking Database
91 pages
Dangerous Google - Searching For Secrets PDF
88% (26)
Dangerous Google - Searching For Secrets PDF
12 pages
Download ebooks file The Volatility Edge in Options Trading New Technical Strategies for Investing in Unstable Markets 1st Edition Jeff Augen all chapters
No ratings yet
Download ebooks file The Volatility Edge in Options Trading New Technical Strategies for Investing in Unstable Markets 1st Edition Jeff Augen all chapters
55 pages
Dangerous Google Searching For Secrets
No ratings yet
Dangerous Google Searching For Secrets
12 pages
Google Hacking Database
No ratings yet
Google Hacking Database
91 pages
David Amos, Dan Bader, Joanna Jablonski, Fletcher Heisler Python
100% (15)
David Amos, Dan Bader, Joanna Jablonski, Fletcher Heisler Python
643 pages
Understanding Database Types - by Alex Xu
No ratings yet
Understanding Database Types - by Alex Xu
13 pages
ITIL v3 Service Lifecycle Chart
No ratings yet
ITIL v3 Service Lifecycle Chart
1 page
Policy Document Ucc Redemption Understanding The Process Further
80% (20)
Policy Document Ucc Redemption Understanding The Process Further
37 pages
Hackers Black Book (2011-Edition)
No ratings yet
Hackers Black Book (2011-Edition)
6 pages
How To Use Google Hack
100% (1)
How To Use Google Hack
4 pages
UCC-1 Financing Statement
87% (39)
UCC-1 Financing Statement
94 pages
PayPal Hacks
100% (1)
PayPal Hacks
6 pages
11.3.1.1 Packet Tracer - Skills Integration Challenge PDF
100% (1)
11.3.1.1 Packet Tracer - Skills Integration Challenge PDF
10 pages
TippingPoint IPS - Command Line Cheat Sheet
No ratings yet
TippingPoint IPS - Command Line Cheat Sheet
10 pages
PaloAlto - CustomAppSignatures
100% (1)
PaloAlto - CustomAppSignatures
13 pages
Heroku Cloud Application Development
From Everand
Heroku Cloud Application Development
Anubhav Hanjura
No ratings yet
Dark Web Market Price Index Hacking Tools July 2018 Top10VPN2
91% (11)
Dark Web Market Price Index Hacking Tools July 2018 Top10VPN2
7 pages
Kali Linux Tools Descriptions
100% (2)
Kali Linux Tools Descriptions
26 pages
Allison, Berkowitz - 2008 - SQL For Microsoft Access PDF
100% (1)
Allison, Berkowitz - 2008 - SQL For Microsoft Access PDF
393 pages
Hackers Favorite Search Queries 4
100% (1)
Hackers Favorite Search Queries 4
6 pages
canadianResumeTemplate 1
No ratings yet
canadianResumeTemplate 1
2 pages
AppLocker Bypass - Regsvr32
No ratings yet
AppLocker Bypass - Regsvr32
10 pages
12.4.1.2 Lab - Isolate Compromised Host Using 5-Tuple
No ratings yet
12.4.1.2 Lab - Isolate Compromised Host Using 5-Tuple
18 pages
ENCOR Jul14
No ratings yet
ENCOR Jul14
389 pages
CheckPoint R65 VPN AdminGuide
No ratings yet
CheckPoint R65 VPN AdminGuide
670 pages
Nexus 5000 Setup and Configurations For L2 Connectivity
No ratings yet
Nexus 5000 Setup and Configurations For L2 Connectivity
8 pages
Port Scanning
No ratings yet
Port Scanning
10 pages
Vpnserver: Securing A Small Wireless Network Using VPN
No ratings yet
Vpnserver: Securing A Small Wireless Network Using VPN
5 pages
TEK - A2 - Permata Tribagio - J3D119105 - 8.3.7
No ratings yet
TEK - A2 - Permata Tribagio - J3D119105 - 8.3.7
22 pages
Automating Admin Tasks With Powershell
No ratings yet
Automating Admin Tasks With Powershell
19 pages
8.3.6 Lab - Use NETCONF To Access An IOS XE Device - ILM
No ratings yet
8.3.6 Lab - Use NETCONF To Access An IOS XE Device - ILM
16 pages
Snort 3 User Manual
100% (1)
Snort 3 User Manual
103 pages
Network ACLs
No ratings yet
Network ACLs
99 pages
NuDesign SNMPv3 Tutorial & Demo Manual PDF
No ratings yet
NuDesign SNMPv3 Tutorial & Demo Manual PDF
44 pages
Flexpod Saphana n9k Aff Ucsm PDF
No ratings yet
Flexpod Saphana n9k Aff Ucsm PDF
399 pages
Netcat: The TCP/IP Swiss Army Knife
No ratings yet
Netcat: The TCP/IP Swiss Army Knife
13 pages
CIS Hardening Windows 2019 New DC L1
No ratings yet
CIS Hardening Windows 2019 New DC L1
174 pages
Vyos Lab TXR
No ratings yet
Vyos Lab TXR
3 pages
Tshark - The Wireshark Network Analyzer 3.0.1
No ratings yet
Tshark - The Wireshark Network Analyzer 3.0.1
21 pages
Manual - Netgear ReadyNAS Pro 6 RNDP6000
No ratings yet
Manual - Netgear ReadyNAS Pro 6 RNDP6000
132 pages
Kali Linux Tutorial For Beginners - What Is, How To Install & Use
No ratings yet
Kali Linux Tutorial For Beginners - What Is, How To Install & Use
1 page
Barracuda NG Firewall Admin Guide
No ratings yet
Barracuda NG Firewall Admin Guide
638 pages
Computer Networking TCP LAB
No ratings yet
Computer Networking TCP LAB
11 pages
17.2.7 Lab - Reading Server Logs
No ratings yet
17.2.7 Lab - Reading Server Logs
6 pages
SMB Relay Attacks and Active Directory - TCM Security
No ratings yet
SMB Relay Attacks and Active Directory - TCM Security
16 pages
Antivirus Evasion With ShCoLo - ExLo - Why Malware Works in Face of Antivirus Software - Matthias Deeg
No ratings yet
Antivirus Evasion With ShCoLo - ExLo - Why Malware Works in Face of Antivirus Software - Matthias Deeg
35 pages
Lab 1 VLAN, Trunk and VTP
No ratings yet
Lab 1 VLAN, Trunk and VTP
9 pages
Cookie Test
No ratings yet
Cookie Test
7 pages
Cisco Asa
No ratings yet
Cisco Asa
12 pages
Attacking WiFi With Traffic Injection Cedric Blancher
No ratings yet
Attacking WiFi With Traffic Injection Cedric Blancher
70 pages
Dude Linux Installation
No ratings yet
Dude Linux Installation
8 pages
Metasploit Basics, Part 15 - Post - Exploitation Fun (Web Cam, Microphone, Passwords and More)
No ratings yet
Metasploit Basics, Part 15 - Post - Exploitation Fun (Web Cam, Microphone, Passwords and More)
13 pages
9.2.1.6 Lab - Using Wireshark To Observe The TCP 3-Way Handshake
No ratings yet
9.2.1.6 Lab - Using Wireshark To Observe The TCP 3-Way Handshake
8 pages
Lab11 - Configuring AppLocker and Windows Firewall
No ratings yet
Lab11 - Configuring AppLocker and Windows Firewall
8 pages
11 - Implementing Secure Network Protocols
No ratings yet
11 - Implementing Secure Network Protocols
28 pages
Script For Ddos Attack
No ratings yet
Script For Ddos Attack
1 page
New Dedicated Server Information: 1 Mensaje
No ratings yet
New Dedicated Server Information: 1 Mensaje
2 pages
DEVASC v1 Scope and Sequence
No ratings yet
DEVASC v1 Scope and Sequence
5 pages
DOS and DDOS
No ratings yet
DOS and DDOS
3 pages
PO VSX Course 6 VSX - Util
No ratings yet
PO VSX Course 6 VSX - Util
21 pages
Lab Project 1
No ratings yet
Lab Project 1
8 pages
DCV Nexus
No ratings yet
DCV Nexus
217 pages
CCN Lab Manual Full
No ratings yet
CCN Lab Manual Full
39 pages
Installation and Configuration Manual 7-3
No ratings yet
Installation and Configuration Manual 7-3
58 pages
EXT ACLs
No ratings yet
EXT ACLs
15 pages
2 IPT Configuring-Cisco-CME
No ratings yet
2 IPT Configuring-Cisco-CME
84 pages
2.2.1.13 Lab - Monitor and Manage System Resources in Windows
No ratings yet
2.2.1.13 Lab - Monitor and Manage System Resources in Windows
18 pages
Etwork: Penetration Testing
No ratings yet
Etwork: Penetration Testing
19 pages
Practice Exercises 4
No ratings yet
Practice Exercises 4
2 pages
CCNA-CCNP Switch
No ratings yet
CCNA-CCNP Switch
98 pages
Sysmon Cheatsheet Dark
No ratings yet
Sysmon Cheatsheet Dark
2 pages
Optimux 34 RAD
No ratings yet
Optimux 34 RAD
118 pages
(Ref) VMware - Networking
No ratings yet
(Ref) VMware - Networking
9 pages
Pulse Secure-Uac-5.1-Troubleshooting PDF
No ratings yet
Pulse Secure-Uac-5.1-Troubleshooting PDF
87 pages
2019 Cloudflare Enterprise Best Practices
No ratings yet
2019 Cloudflare Enterprise Best Practices
23 pages
Windows Security Monitoring: Scenarios and Patterns
From Everand
Windows Security Monitoring: Scenarios and Patterns
Andrei Miroshnikov
No ratings yet
Mastering CryENGINE
From Everand
Mastering CryENGINE
Sascha Gundlach
No ratings yet
Powershell Commandlets - TrustedPlatformModule
No ratings yet
Powershell Commandlets - TrustedPlatformModule
31 pages
Windows Update: Microsoft Powershell
No ratings yet
Windows Update: Microsoft Powershell
7 pages
Powershell Commandlets - APPX Module
No ratings yet
Powershell Commandlets - APPX Module
44 pages
Powershell Commandlets - BITLOCKER Module
No ratings yet
Powershell Commandlets - BITLOCKER Module
49 pages
Powershell Commandlets - BitLocker Module
No ratings yet
Powershell Commandlets - BitLocker Module
50 pages
Powershell Commandlets - Windows Update Module
No ratings yet
Powershell Commandlets - Windows Update Module
8 pages
Powershell Commandlets - MSI Module
No ratings yet
Powershell Commandlets - MSI Module
92 pages
Windows Update Provider
No ratings yet
Windows Update Provider
11 pages
Powershell Commandlets - AppBackgroundTask Module
No ratings yet
Powershell Commandlets - AppBackgroundTask Module
18 pages
Itsm Chart V2.0 PDF
100% (1)
Itsm Chart V2.0 PDF
1 page
Powershell Commandlets - Credential Manager Module
No ratings yet
Powershell Commandlets - Credential Manager Module
14 pages
ITIL Wall Chart
No ratings yet
ITIL Wall Chart
2 pages
DSC Manual
No ratings yet
DSC Manual
400 pages
Powershell Commandlets - MSI Module
No ratings yet
Powershell Commandlets - MSI Module
90 pages
ArcadeCab CabinetPlans2
No ratings yet
ArcadeCab CabinetPlans2
60 pages
1 - Beginner's Guide - Crusader Kings II Wiki
No ratings yet
1 - Beginner's Guide - Crusader Kings II Wiki
5 pages
VIrtualization 2.0 For Dummies
No ratings yet
VIrtualization 2.0 For Dummies
88 pages
The Big Book of PowerShell Error Handling
No ratings yet
The Big Book of PowerShell Error Handling
28 pages
Car Wars
90% (10)
Car Wars
68 pages
Crusader Kings II Game Guide
100% (2)
Crusader Kings II Game Guide
206 pages
Flash Cs4 Help
No ratings yet
Flash Cs4 Help
474 pages
Using Adobe Bridge and Adobe Version Cue CS4
100% (3)
Using Adobe Bridge and Adobe Version Cue CS4
93 pages
Adobe Acrobat 9 Pro Extended
100% (8)
Adobe Acrobat 9 Pro Extended
533 pages
Using Adobe Bridge and Adobe Version Cue CS4
100% (3)
Using Adobe Bridge and Adobe Version Cue CS4
93 pages
Google Hacking Database PDF
0% (1)
Google Hacking Database PDF
100 pages
SQL Crash Course
No ratings yet
SQL Crash Course
17 pages
Introduction To Database Systems
No ratings yet
Introduction To Database Systems
42 pages
Useful Google Hacks
100% (4)
Useful Google Hacks
7 pages
TITLE 28 United States Code Sec. 3002
91% (11)
TITLE 28 United States Code Sec. 3002
77 pages
Microsoft Access For Beginners PDF
100% (2)
Microsoft Access For Beginners PDF
196 pages
Excel Cheat Sheet: Travis Cuzick
100% (1)
Excel Cheat Sheet: Travis Cuzick
15 pages
Full download Network Security and Cryptography Sarhan M. Musa pdf docx
No ratings yet
Full download Network Security and Cryptography Sarhan M. Musa pdf docx
40 pages
Master Cyber Digital Forensics
50% (2)
Master Cyber Digital Forensics
114 pages
Mythic Magazine #015
100% (3)
Mythic Magazine #015
34 pages
SFDSFD401 - Basics and Fundamentals of Database
No ratings yet
SFDSFD401 - Basics and Fundamentals of Database
77 pages
JCL Reference
No ratings yet
JCL Reference
722 pages
Record Keeping and Documentation
100% (4)
Record Keeping and Documentation
18 pages
How To Debloat Windows 10 - Ultimate Guide 2023
No ratings yet
How To Debloat Windows 10 - Ultimate Guide 2023
21 pages
Release Notes On The Brain Application
No ratings yet
Release Notes On The Brain Application
8 pages
M06-operate-word-processing-application
No ratings yet
M06-operate-word-processing-application
80 pages
Realflow Maya Connectivity
No ratings yet
Realflow Maya Connectivity
17 pages
Reservoir Engineering Analysis
100% (2)
Reservoir Engineering Analysis
282 pages

Powershell Commandlets - AppLocker Module

Uploaded by

Powershell Commandlets - AppLocker Module

Uploaded by

Powershell Commandlets

Compiled by Les Lewis

This is for informational use, placed into an easy to read format.

Get-AppLockerFileInformation [-FileType {Exe | Dll |

Get-AppLockerFileInformation [[-Packages] <List<AppxPackage>>] [-

PS C:\>Get-AppLockerFileInformation -Directory C:\Windows\system32\

PS C:\>Get-AppLockerFileInformation -Path "C:\Program Files

PS C:\>Get-AppXPackage –AllUsers | Get-AppLockerFileInformation

PS C:\>Get-AppLockerFileInformation -EventLog -EventType Audited

PS C:\>Get-AppLockerFileInformation -EventLog -EventType Audited |

Get-AppLockerPolicy [-InformationAction {SilentlyContinue | Stop |

Get-AppLockerPolicy [-InformationAction {SilentlyContinue | Stop |

By default, the output is an AppLockerPolicy object. If the Xml

This example gets the local AppLocker policy as an AppLockerPolicy

PS C:\>Get-AppLockerPolicy -Domain -LDAP

PS C:\>Get-AppLockerPolicy -Effective -Xml | Set-Content

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path

Run the Get-AppLockerFileInformation cmdlet to create the list of

By default, the output is an AppLockerPolicy object. If the Xml

For example, if Publisher, Hash is specified for this parameter,

-- DNS user name (domain\username)

C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-

Version RuleCollections RuleCollectionTypes

This example creates an AppLocker policy that contains allow rules

C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-

This example creates an XML-formatted AppLocker policy for all of

C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-

Set-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-

The input values for the AppLocker policy can be an AppLockerPolicy

PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml

This example sets the local AppLocker policy to the policy

PS C:\> Set-AppLockerPolicy -XMLPolicy C:\Policy.xml -LDAP

PS C:\> Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP

Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter

Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-Filter

To test AppLocker rules for a nested group, a representative member

-- DNS user name (domain\username)

PS C:\>Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path

This example reports if calc.exe and notepad.exe will be allowed to

PS C:\>Get-ChildItem C:\windows\system32\*.exe | Test-

This example lists the executables under C:\Windows\System32 that

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path

PS C:\>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy

You might also like