Export (0) Print
Expand All
1 out of 5 rated this helpful - Rate this topic

Determine Which Applications Are Digitally Signed on a Reference Computer

Updated: May 23, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic describes how to use AppLocker logs and tools to determine which applications are digitally signed.

The Windows PowerShell cmdlet Get-AppLockerFileInformation can be used to determine which applications installed on your reference computers are digitally signed. Perform the following steps on each reference computer that you used to define the AppLocker policy. The computer does not need to be joined to the domain.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

  1. From the command line on the reference computer, run Get-AppLockerFileInformation with the appropriate parameters.

    The Get-AppLockerFileInformation cmdlet retrieves the AppLocker file information from a list of files or from an event log. File information that is retrieved can include publisher information, file hash information, and file path information. File information from an event log may not contain all of these fields. Files that are not signed do not have any publisher information.

  2. Analyze the publisher's name and digital signature status from the output of the command.

For command parameters, syntax, and examples, see Get-AppLockerFileInformation.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.