Site icon TOSS

Test-AppLockerPolicy

powershell

Test-AppLockerPolicy is accessible with the help of AppLocker module. To configure AppLocker, go through this link.

Synopsis

Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.

Description

The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.

To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.

Parameters

-Filter >
Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are: Allowed, Denied, DeniedByDefault, or AllowedByDefault.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-InformationAction <System.Management.Automation.ActionPreference>
    Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:

    -- SilentlyContinue
    -- Stop
    -- Continue
    -- Inquire
    -- Ignore
    -- Suspend

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-InformationVariable <System.String>
    Specifies a variable in which to store an information event message.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Packages <List<AppxPackage>>
    Specifies a list of installed packaged applications, from which the file information is retrieved.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       true (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-Path <List<String>>
    Specifies the list of the file paths to test. Regular expressions are supported.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       true (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-PolicyObject <AppLockerPolicy>
    Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.

    Required?                    true
    Position?                    1
    Default value                none
    Accept pipeline input?       true (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-User <String>
    Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are:

    -- DNS user name (domain\username) 
    -- User Principal Name (username@domain.com) 
    -- SAM user name (username) 
    -- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-XmlPolicy <String>
    Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.

    Required?                    true
    Position?                    1
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

Syntax

Test-AppLockerPolicy [-XmlPolicy] <String> -Path <System.Collections.Generic.List`1[System.String]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]

Test-AppLockerPolicy [-XmlPolicy] <String> -Packages <System.Collections.Generic.List`1[Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]

Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> -Path <System.Collections.Generic.List`1[System.String]> [-User <String>] [-Filter <System.Collections.Generic.List`1[Microsoft.Security.ApplicationId.PolicyManagement.PolicyDecision]>] [<CommonParameters>]

———–EXAMPLE 1—————
PS C:>Test-AppLockerPolicy -XMLPath C:\AppPolicy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone
This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\AppPolicy.xml.

———–EXAMPLE 2—————
PS C:>Get-ChildItem C:\windows\system32*.exe | Test-AppLockerPolicy c:\AppPolicy.xml -Filter DeniedByDefault
This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\AppPolicy.xml because there is no explicit rule for the file.

———–EXAMPLE 3—————
PS C:>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32*.exe -User TOSSolution\RaviS -Filter Denied | Format-List -Property | Set-Content (ꞌC:\DeniedFiles.txtꞌ)
This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that TOSSolution\RaviS is explicitly denied access to run, and then redirects the list to a text file.

———–EXAMPLE 4—————
PS C:>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\AllPolicy.xml
This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Test-AppLockerPolicy

You can also read about

To know more PowerShell cmdlets(Commands) on AppLocker click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version