Test-AppLockerPolicy
Test-AppLockerPolicy
Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.
Syntax
Parameter Set: ByXmlPolicy
Test-AppLockerPolicy [-XmlPolicy] <String> -Path <List<String>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]
Parameter Set: ByPolicyObject
Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> -Path <List<String>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]
Parameter Set: ByXmlPolicyAppx
Test-AppLockerPolicy [-XmlPolicy] <String> -Packages <List<AppxPackage>> [-Filter <List<PolicyDecision>> ] [-User <String> ] [ <CommonParameters>]
Detailed Description
The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.
To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.
Parameters
-Filter<List<PolicyDecision>>
Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are: Allowed, Denied, DeniedByDefault, or AllowedByDefault.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
All |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Packages<List<AppxPackage>>
Specifies a list of installed packaged applications, from which the file information is retrieved.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Accept Wildcard Characters? |
false |
-Path<List<String>>
Specifies the list of the file paths to test. Regular expressions are supported.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Accept Wildcard Characters? |
false |
-PolicyObject<AppLockerPolicy>
Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Accept Wildcard Characters? |
false |
-User<String>
Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are:
-- DNS user name (domain\username)
-- User Principal Name (username@domain.com)
-- SAM user name (username)
-- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
Everyone |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-XmlPolicy<String>
Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy
AppLockerPolicy
Outputs
The output type is the type of the objects that the cmdlet emits.
- Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDecision
Examples
EXAMPLE 1
This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.
PS C:\> Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone
EXAMPLE 2
This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the file.
PS C:\> Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault
EXAMPLE 3
This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to run, and then redirects the list to a text file.
PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)
EXAMPLE 4
This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.
PS C:\> Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml
Related topics
Get-AppxPackage