Test-AppLockerPolicy

Synopsis

Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.

Syntax

Test-AppLockerPolicy [-XmlPolicy] <String> -Path <List`1[String]> [-User <String>] [-Filter <List`1[PolicyDecision]>] [<CommonParameters>]

Test-AppLockerPolicy [-XmlPolicy] <String> -Packages <List`1[AppxPackage]> [-User <String>] [-Filter <List`1[PolicyDecision]>] [<CommonParameters>]

Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> -Path <List`1[String]> [-User <String>] [-Filter <List`1[PolicyDecision]>] [<CommonParameters>]

Description

The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.

Parameters

-XmlPolicy <String>

Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.

Required? True
Position? 0
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-Path <List`1[String]>

Specifies the list of the file paths to test. Regular expressions are supported.

Required? True
Position? named
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-User <String>

Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are: 

-- DNS user name (domain\username)

-- User Principal Name (username@domain.com)

-- SAM user name (username)

-- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)

Required? False
Position? named
Default value Everyone
Accept pipeline input? false
Accept wildcard characters? False

-Filter <List`1[PolicyDecision]>

Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are:  Allowed, Denied, DeniedByDefault, or AllowedByDefault.

Required? False
Position? named
Default value All
Accept pipeline input? false
Accept wildcard characters? False

-Packages <List`1[AppxPackage]>

Specifies a list of installed packaged applications, from which the file information is retrieved.

Required? True
Position? named
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-PolicyObject <AppLockerPolicy>

Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy

Outputs

Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDecision

Notes

Examples

EXAMPLE 1

PS C:\>Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone

This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.

EXAMPLE 2

PS C:\>Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault

This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the file.

EXAMPLE 3

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)

This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to run, and then redirects the list to a text file.

EXAMPLE 4

PS C:\>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml

This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.

Related links

Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Get-AppxPackage

PowerShell Support

  • Any

Operating System Support

Last edited Aug 17, 2014 at 3:16 PM by camelot, version 1

Comments

No comments yet.