내보내기(0) 인쇄
모두 확장

Use the AppLocker Windows PowerShell Cmdlets

게시: 2012년 4월

업데이트 날짜: 2012년 5월

적용 대상: Windows 8, Windows Server 2012

This topic describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies in Windows Server 2012 and Windows 8.

The five AppLocker cmdlets are designed to streamline the administration of an AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Microsoft Management Console (MMC) snap-in extension to the Local Security Policy snap-in and Group Policy Management Console.

To edit or update a Group Policy Object (GPO) by using the AppLocker cmdlets, you must have Edit Setting permission. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission. To perform tasks by using the Local Security policy snap-in, you must be a member of the local Administrators group, or equivalent, on the computer.

To use the AppLocker cmdlets, you must first import the AppLocker module by using the following command at the Windows PowerShell command prompt: C:\PS> Import-Module AppLocker. Scripting must be enabled on the computer.

The Get-AppLockerFileInformation (http://go.microsoft.com/fwlink/?LinkId=169154) cmdlet retrieves the AppLocker file information from a list of files or from an event log. File information that is retrieved can include publisher information, file hash information, and file path information. File information from an event log may not contain all of these fields. Files that are not signed do not have any publisher information.

The Set-AppLockerPolicy (http://go.microsoft.com/fwlink/?LinkId=169167) cmdlet sets the specified GPO to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default.

The Get-AppLockerPolicy (http://go.microsoft.com/fwlink/?LinkId=169165) cmdlet gets the AppLocker policy from the local GPO, from a specified GPO, or from the effective AppLocker policy on the computer. The output of the AppLocker policy is an AppLockerPolicy object or an XML-formatted string.

The New-AppLockerPolicy (http://go.microsoft.com/fwlink/?LinkId=169166) cmdlet uses a list of file information to automatically generate rules for a given user or group. It can generate rules based on publisher, hash, or path information. Use Get-AppLockerFileInformation to create the list of file information.

The Test-AppLockerPolicy (http://go.microsoft.com/fwlink/?LinkID=169000) cmdlet uses the specified AppLocker policy to test whether a specified list of files are allowed to run or not on the local computer for a specific user.

참고 항목

이 정보가 도움이 되었습니까?
(1500자 남음)
의견을 주셔서 감사합니다.

커뮤니티 추가 항목

추가
Microsoft는 MSDN 웹 사이트에 대한 귀하의 의견을 이해하기 위해 온라인 설문 조사를 진행하고 있습니다. 참여하도록 선택하시면 MSDN 웹 사이트에서 나가실 때 온라인 설문 조사가 표시됩니다.

참여하시겠습니까?
표시:
© 2014 Microsoft