AppLocker Cmdlets in Windows PowerShell

This reference topic for the IT professional introduces the five Windows PowerShell cmdlets that can be used to help manage AppLocker policies in Windows Server 2008 R2 and Windows 7.

The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help author, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Microsoft Management Console (MMC) snap-in extension to the Local Security Policy snap-in and Group Policy Management Console.

Note

To use the AppLocker cmdlets, you must first import the AppLocker module by using the following command at the PowerShell command prompt: C:\PS> Import-Module AppLocker . Scripting must be enabled on the computer.

For information about PowerShell, see the Windows PowerShell Help file (WindowsPowerShellHelp.chm) on Windows Server 2008 R2 and Windows 7.

This section contains the syntax, parameter values, descriptions, and other important notes and descriptions that are necessary to both understand and run each of the AppLocker cmdlets. AppLocker cmdlets include:

Usage

Retrieve application information

The Get-AppLockerFileInformation cmdlet retrieves the AppLocker file information from a list of files or from an event log. File information that is retrieved can include publisher information, file hash information, and file path information. File information from an event log may not contain all of these fields. Files that are not signed do not have any publisher information.

Set AppLocker policy

The Set-AppLockerPolicy cmdlet sets the specified GPO to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default.

Retrieve an AppLocker policy

The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output of the AppLocker policy is an AppLockerPolicy object or an XML-formatted string.

Generate rules for a given user or group

The New-AppLockerPolicy cmdlet uses a list of file information to automatically generate rules for a given user or group. It can generate rules based on publisher, hash, or path information. Use Get-AppLockerFileInformation to create the list of file information.

Test the AppLocker Policy against a file set

The Test-AppLockerPolicy cmdlet uses the specified AppLocker policy to test whether a specified list of files are allowed to run or not on the local computer for a specific user.