Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Test-AppLockerPolicy

Test-AppLockerPolicy

microsoft.security.applicationid.policymanagement.cmdlets.dll

Synopsis

Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.

Syntax

Test-AppLockerPolicy [-XmlPolicy] [-Filter] [-User] [-Path] [<CommonParameters>]

Test-AppLockerPolicy [-XmlPolicy] [-Filter] [-User] [-Packages] [<CommonParameters>]

Test-AppLockerPolicy [-PolicyObject] [-Filter] [-User] [-Path] [<CommonParameters>]

Detailed Description

The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.

To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.

Parameters

-Filter <List<PolicyDecision>>

Specifies the policy decision by which to filter the output for each input file. The acceptable values for this parameter are:  Allowed, Denied, DeniedByDefault, or AllowedByDefault.

Aliases

None

Required?

false

Position

named

Default value

All

Accept pipeline input?

false

Accept wildcard characters?

false

-Packages <List<AppxPackage>>

Specifies a list of installed packaged applications, from which the file information is retrieved.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

true (ByValue, ByPropertyName)

Accept wildcard characters?

false

-Path <List<String>>

Specifies the list of the file paths to test. Regular expressions are supported.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

true (ByValue, ByPropertyName)

Accept wildcard characters?

false

-PolicyObject <AppLockerPolicy>

Specifies the Applocker policy. Can be obtained from the Get-AppLockerPolicy or the New-AppLockerPolicy cmdlet.

Aliases

None

Required?

true

Position

1

Default value

None

Accept pipeline input?

true (ByValue, ByPropertyName)

Accept wildcard characters?

false

-User <String>

Defines the user or group to be used for testing the rules in a specified AppLocker policy. The acceptable values for this parameter are:  -- DNS user name (domain\username) -- User Principal Name (username@domain.com) -- SAM user name (username) -- Security identifier (S-1-5-21-3165297888-301567370-576410423-1103)

Aliases

None

Required?

false

Position

named

Default value

Everyone

Accept pipeline input?

false

Accept wildcard characters?

false

-XmlPolicy <String>

Specifies the file path and name of the XML-formatted file that contains the AppLocker policy.

Aliases

None

Required?

true

Position

1

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

Input Type

Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy

Return Type

Microsoft.Security.ApplicationId.PolicyManagement.AppLockerPolicyDecision

Notes

None

Examples

EXAMPLE 1

This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.

PS C:\>Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone

EXAMPLE 2

This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the file.

PS C:\>Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault

EXAMPLE 3

This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to run, and then redirects the list to a text file.

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)

EXAMPLE 4

This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.

PS C:\>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml

Online Version
Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Get-AppxPackage