Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Test-AppLockerPolicy

Updated: August 15, 2012

Applies To: Windows Server 2012

Test-AppLockerPolicy

Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.

Syntax

Parameter Set: ByXmlPolicy
Test-AppLockerPolicy [-XmlPolicy] <String> -Path <List<String>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]

Parameter Set: ByPolicyObject
Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> -Path <List<String>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]

Parameter Set: ByXmlPolicyAppx
Test-AppLockerPolicy [-XmlPolicy] <String> -Packages <List<AppxPackage>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]




Detailed Description

The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.

To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.

Parameters

-Filter<List<PolicyDecision>>

Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are:  Allowed, Denied, DeniedByDefault, or AllowedByDefault.


Aliases

none

Required?

false

Position?

named

Default Value

All

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Packages<List<AppxPackage>>

Specifies a list of installed packaged applications, from which the file information is retrieved.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-Path<List<String>>

Specifies the list of the file paths to test. Regular expressions are supported.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-PolicyObject<AppLockerPolicy>

Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-User<String>

Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are: 
-- DNS user name (domain\username)
-- User Principal Name (username@domain.com)
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)


Aliases

none

Required?

false

Position?

named

Default Value

Everyone

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-XmlPolicy<String>

Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy

    AppLockerPolicy


Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDecision

Examples

EXAMPLE 1

This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.


PS C:\> Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone

EXAMPLE 2

This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the file.


PS C:\> Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault

EXAMPLE 3

This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to run, and then redirects the list to a text file.


PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)

EXAMPLE 4

This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.


PS C:\> Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml

Related topics

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.