Test an AppLocker Policy by Using Test-AppLockerPolicy
게시: 2012년 4월
업데이트 날짜: 2012년 5월
적용 대상: Windows 8, Windows Server 2012
This procedural topic describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer in Windows Server 2012 and Windows 8.
The Test-AppLockerPolicy Windows PowerShell cmdlet can be used to determine whether any of the rules in your rule collections will be blocked on your reference computer or the computer on which you maintain policies. Perform the following steps on any computer where the AppLocker policies are applied.
임의의 사용자 계정을 사용하여 이 절차를 완료할 수 있습니다.
Export the effective AppLocker policy. To do this, you must use the Get-AppLockerPolicy Windows PowerShell cmdlet.
Open a Windows PowerShell Prompt window as an administrator.
Before you can use the AppLocker cmdlets, you must import them into Windows PowerShell. To do this, run the following command:
Use the Get-AppLockerPolicy cmdlet to export the effective AppLocker policy to an XML file:
Get-AppLockerPolicy –Effective –XML > <PathofFiletoExport.XML>
- Open a Windows PowerShell Prompt window as an administrator.
Use the Get-ChildItem cmdlet to specify the directory that you want to test, specify the Test-AppLockerPolicy cmdlet with the XML file from the previous step to test the policy, and use the Export-CSV cmdlet to export the results to a file to be analyzed:
Get-ChildItem <DirectoryPathtoReview> -Filter <FileExtensionFilter> -Recurse | Convert-Path | Test-AppLockerPolicy –XMLPolicy <PathToExportedPolicyFile> -User <domain\username> -Filter <TypeofRuletoFilterFor> | Export-CSV <PathToExportResultsTo.CSV>
The following shows example input for Test-AppLockerPolicy:
PS C:\ Get-AppLockerPolicy –Effective –XML > C:\Effective.xml
PS C:\ Get-ChildItem 'C:\Program Files\Microsoft Office\' –filter *.exe –Recurse | Convert-Path | Test-AppLockerPolicy –XMLPolicy C:\Effective.xml –User contoso\zwie –Filter Denied,DeniedByDefault | Export-CSV C:\BlockedFiles.csv
In the example, the effective AppLocker policy is exported to the file C:\Effective.xml. The Get-ChildItem cmdlet is used to recursively gather path names for the .exe files in C:\Program Files\Microsoft Office\. The XMLPolicy parameter specifies that the C:\Effective.xml file is an XML AppLocker policy file. By specifying the User parameter, you can test the rules for specific users, and the Export-CSV cmdlet allows the results to be exported to a comma-separated file. In the example,
-FilterDenied,DeniedByDefault displays only those files that will be blocked for the user under the policy.