Get-AppLockerPolicy

Applies To: Windows 7, Windows Server 2008 R2

This topic for the IT professional describes how to use Windows PowerShell to retrieve an AppLocker policy from a Group Policy object (GPO) or to discover the effect of an implemented AppLocker policy in Windows Server 2008 R2 and Windows 7.

The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local GPO, from a specified GPO, or from the effective AppLocker policy on the computer. The output of the AppLocker policy is an AppLockerPolicy object or an XML-formatted string.

Syntax

Get-AppLockerPolicy -Local <Boolean> [-XML <Boolean>] [<CommonParameters>]

Get-AppLockerPolicy -Domain <Boolean> -LDAP <String> [-XML <Boolean>] [<CommonParameters>]

Get-AppLockerPolicy -Effective <Boolean> [-XML <Boolean>] [<CommonParameters>]

Parameters

Examples

Gets the local AppLocker policy as an AppLockerPolicy object.

C:\PS>Get-AppLockerPolicy -Local

Gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.

C:\PS>Get-AppLockerPolicy -Domain -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Polices,CN=System,DC=Contoso,DC=com"

Gets the effective policy on the computer, and then sends it in XML format to the specified file.

C:\PS>Get-AppLockerPolicy -Effective -XML > C:\temp\Effective.xml

Gets the effective policy on the computer, and then uses the Test-AppLockerPolicy cmdlet to determine whether members of the Everyone group will be allowed to run the executable files in C:\Windows\System32.

C:\PS>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone