Test-AppLockerPolicy
Test-AppLockerPolicy is accessible with the help of AppLocker module. To configure AppLocker, go through this link.
Synopsis
Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.
Description
The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.
To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.
Parameters
-Filter >
Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are: Allowed, Denied, DeniedByDefault, or AllowedByDefault.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-InformationAction <System.Management.Automation.ActionPreference>
Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:
-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-InformationVariable <System.String>
Specifies a variable in which to store an information event message.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Packages <List<AppxPackage>>
Specifies a list of installed packaged applications, from which the file information is retrieved.
Required? true
Position? named
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-Path <List<String>>
Specifies the list of the file paths to test. Regular expressions are supported.
Required? true
Position? named
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-PolicyObject <AppLockerPolicy>
Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.
Required? true
Position? 1
Default value none
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-User <String>
Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are:
-- DNS user name (domain\username)
-- User Principal Name ([email protected])
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-XmlPolicy <String>
Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.
Required? true
Position? 1
Default value none
Accept pipeline input? false
Accept wildcard characters? falseSyntax
Test-AppLockerPolicy [-XmlPolicy] <String> -Path <System.Collections.Generic.List`1[System.String]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]
Test-AppLockerPolicy [-XmlPolicy] <String> -Packages <System.Collections.Generic.List`1[Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]
Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> -Path <System.Collections.Generic.List`1[System.String]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]
———–EXAMPLE 1—————
PS C:>Test-AppLockerPolicy -XMLPath C:\AppPolicy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone
This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\AppPolicy.xml.
———–EXAMPLE 2—————
PS C:>Get-ChildItem C:\windows\system32*.exe | Test-AppLockerPolicy c:\AppPolicy.xml -Filter DeniedByDefault
This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\AppPolicy.xml because there is no explicit rule for the file.
———–EXAMPLE 3—————
PS C:>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32*.exe -User TOSSolution\RaviS -Filter Denied | Format-List -Property | Set-Content (ꞌC:\DeniedFiles.txtꞌ)
This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that TOSSolution\RaviS is explicitly denied access to run, and then redirects the list to a text file.
———–EXAMPLE 4—————
PS C:>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\AllPolicy.xml
This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.
You can check the Version, CommandType and Source of this cmdlet by giving below command.
Get-Command Test-AppLockerPolicy
You can also read about
- Get-AppLockerFileInformation
- Get-AppLockerPolicy
- New-AppLockerPolicy
- Set-AppLockerPolicy
- Get-AppxPackage
