Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Get-AppLockerPolicy

Get-AppLockerPolicy

microsoft.security.applicationid.policymanagement.cmdlets.dll

Synopsis

Gets the local, the effective, or a domain AppLocker policy.

Syntax

Get-AppLockerPolicy [-Xml] [-Local] [<CommonParameters>]

Get-AppLockerPolicy [-Xml] [-Domain] [-Ldap] [<CommonParameters>]

Get-AppLockerPolicy [-Xml] [-Effective] [<CommonParameters>]

Detailed Description

The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified Group Policy Object (GPO), or the effective policy on the computer.

By default, the output is an AppLockerPolicy object. If the XML parameter is used, then the output will be the AppLocker policy as an XML-formatted string.

Parameters

-Domain <SwitchParameter>

Gets the AppLocker policy from the GPO specified by the path given in the Ldap parameter.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Effective <SwitchParameter>

Gets the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied AppLocker domain policies on the local computer.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Ldap <String>

Specifies the LDAP path of the GPO and must specify a unique GPO.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Local <SwitchParameter>

Gets the AppLocker policy from the local GPO.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Xml <SwitchParameter>

Specifies that the AppLocker policy be output as an XML-formatted string.

Aliases

None

Required?

false

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

Input Type

None

Return Type

Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy
System.String

Notes

None

Examples

EXAMPLE 1

This example gets the local AppLocker policy as an AppLockerPolicy object.

PS C:\>Get-AppLockerPolicy -Local
                                Version RuleCollections                         RuleCollectionTypes 
                                ------- ---------------                         ------------------- 
                                      1 {}                                      {} 

EXAMPLE 2

This example gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.

PS C:\>Get-AppLockerPolicy -Domain -LDAP "LDAP:// DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"

EXAMPLE 3

This example gets the effective policy on the computer, and then sends it in XML-format to the specified file on an existing path.

PS C:\>Get-AppLockerPolicy -Effective -Xml | Set-Content ('c:\temp\curr.xml')

EXAMPLE 4

This example gets the local AppLocker policy on the computer, and then tests the policy using the Test-AppLockerPolicy cmdlet to test whether the .exe files in C:\Windows\System32 will be allowed to run by the Everyone group.

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone

Online Version
Get-AppLockerFileInformation
New-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy