Share via


Get-AppLockerPolicy

Get-AppLockerPolicy

Gets the local, effective, or domain AppLocker policy.

Syntax

Get-AppLockerPolicy -Local <Boolean> [-XML <Boolean>] [<CommonParameters>]


Get-AppLockerPolicy -Domain <Boolean> -LDAP <String> [-XML <Boolean>] [<CommonParameters>]


Get-AppLockerPolicy -Effective <Boolean> [-XML <Boolean>] [<CommonParameters>]

Detailed Description

The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output is an AppLockerPolicy object or an XML-formatted string.

Parameters

-Local <Boolean>

Gets the AppLocker policy from the local GPO.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Domain <Boolean>

Gets the AppLocker policy from the GPO that is specified by the path in the LDAP parameter.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Effective <Boolean>

Gets the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied domain policies on the local computer.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-LDAP <String>

The LDAP path of the Group Policy object. Must specify a unique GPO.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-XML <Boolean>

Specifies that the AppLocker policy be output as an XML-formatted string.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-CommonParameter

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter

Input and Return Types

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.

Input Type

.

Return Type

By default, Get-AppLockerPolicy returns an AppLockerPolicy object. If you use the XML parameter, it will return the AppLocker policy as an XML-formatted string..

Notes

Examples

EXAMPLE 1

C:\PS>Get-AppLockerPolicy -Local

Gets the local AppLocker policy as an AppLockerPolicy object.

EXAMPLE 2

C:\PS>Get-AppLockerPolicy -Domain -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" 

Gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.

EXAMPLE 3

C:\PS>Get-AppLockerPolicy -Effective -XML > C:\temp\Effective.xml

Gets the effective policy on the computer, and then sends it in XML format to the specified file.

EXAMPLE 4

C:\PS>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone

Gets the local AppLocker policy on the computer, and then tests the policy using Test-AppLockerPolicy to test whether the executables in C:\Windows\System32 will be allowed to run by the Everyone group.

See Also

Reference

Set-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy
Get-AppLockerFileInformation