New-AppLockerPolicy
업데이트 날짜: 2015년 7월
적용 대상: Windows 10
New-AppLockerPolicy
Creates a new AppLocker policy from a list of file information and other rule creation options.
구문
Parameter Set: Default
New-AppLockerPolicy [-FileInformation] <List<FileInformation>> [-IgnoreMissingFileInformation] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-Optimize] [-RuleNamePrefix <String> ] [-RuleType <List<RuleType>> ] [-ServiceEnforcement <System.String> ] [-User <String> ] [-Xml] [ <CommonParameters>]
자세한 설명
The New-AppLockerPolicy cmdlet uses a list of file information to automatically generate a list of rules for a given user or group. Rules can be generated based on publisher, hash, or path information.
Run the Get-AppLockerFileInformation cmdlet to create the list of file information.
By default, the output is an AppLockerPolicy object. If the Xml parameter is specified, the output will be the AppLocker policy as an XML-formatted string.
매개 변수
-FileInformation<List<FileInformation>>
Specifies a file that can contain publisher, path, and hash information. Some information may be missing, such as publisher information for an unsigned file.
별칭 |
none |
필수 여부 |
true |
위치 |
1 |
기본값 |
none |
파이프라인 입력 허용 여부 |
true (ByValue, ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-IgnoreMissingFileInformation
Specifies that, if a rule cannot be created for a file because of missing file information, then evaluation of the remaining file information will continue and a warning log of the files skipped will be generated.
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-InformationAction<System.Management.Automation.ActionPreference>
Specifies how this cmdlet responds to an information event. 이 매개 변수에 허용되는 값은 다음과 같습니다.
-- SilentlyContinue
-- Stop
-- Continue
-- Inquire
-- Ignore
-- Suspend
별칭 |
infa |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-InformationVariable<System.String>
Specifies a variable in which to store an information event message.
별칭 |
iv |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-Optimize
Specifies that similar rules will be grouped together.
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-RuleNamePrefix<String>
Specifies a name to add as the prefix for each rule that is created.
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-RuleType<List<RuleType>>
Specifies the type of rules to create from the file information. Publisher, path, or hash rules can be created from the file information. Multiple rule types may be specified. Therefore, that there are backup rule types if the necessary file information is not available.
For example, if Publisher, Hash
is specified for this parameter, then the hash rules are applied when publisher information is not available.
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-ServiceEnforcement<System.String>
Specifies whether the AppLocker policy for EXE and DLL rule collections applies to non-interactive processes. 이 매개 변수에 허용되는 값은 다음과 같습니다.
-- NotConfigured
-- Enabled
-- ServicesOnly
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-User<String>
Specifies the user or group to which the rules are applied. 이 매개 변수에 허용되는 값은 다음과 같습니다.
-- DNS user name (domain\username)
-- User Principal Name (username@domain.com)
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-Xml
Specifies that the output of the AppLocker policy be as an XML-formatted string.
별칭 |
none |
필수 여부 |
false |
위치 |
named |
기본값 |
none |
파이프라인 입력 허용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
<CommonParameters>
이 cmdlet은 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, -OutVariable 등의 일반 매개 변수를 지원합니다. 자세한 내용은 TechNet의 about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216)
입력
입력 형식은 cmdlet으로 파이프할 수 있는 개체의 형식입니다.
- Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.FileInformation
출력
출력 형식은 cmdlet 실행 시 출력되는 개체의 형식입니다.
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy
AppLockerPolicy
System.String
예
EXAMPLE 1
This example creates an AppLocker policy that contains allow rules for all of the executable files in C:\Windows\System32. The policy contains publisher rules for those files with publisher information and hash rules for those that do not. The rules are prefixed with System32:
and the rules apply to the Everyone group.
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -RuleNamePrefix System32
EXAMPLE 2
This example creates an XML-formatted AppLocker policy for all of the executable files in C:\Windows\System32. The policy contains only path rules, the rules are applied to the Everyone group, and the Optimize parameter indicates that similar rules are grouped together where possible.
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Path -User Everyone -Optimize -XML
EXAMPLE 3
This example creates a new AppLocker policy from the audited events in the local Microsoft-Windows-AppLocker/EXE and DLL event log. All of the rules will be applied to the domain\FinanceGroup group. Publisher rules are created when the publisher information is available, and hash rules are created if the publisher information is not available. If only path information is available for a file, then the file is skipped because the IgnoreMissingFileInformation parameter is specified, and the file is included in the warning log. If the IgnoreMissingFileInformation parameter is not specified when file information is missing, then the cmdlet exits because it cannot create the specified rule type. After the new AppLocker policy is created, the AppLocker policy of the specified Group Policy Object (GPO) is set. The existing AppLocker policy in the specified GPO will be overwritten.
C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL" -EventType Audited | New-AppLockerPolicy -RuleType Publisher,Hash -User domain\FinanceGroup -IgnoreMissingFileInformation | Set-AppLockerPolicy -LDAP "LDAP://DC13.TailspinToys.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=WingTipToys,DC=com"