Hi
I am trying to create a new Applocker policy for particular executables using Powershell commands. I want to create a Path rule for a particular group. I am following this link: https://learn.microsoft.com/en-us/powershell/module/applocker/new-applockerpolicy?view=win10-ps. Using this link, I am trying to create a Powershell script to create a Deny AppLocker rule for attrib.exe file for all users in "Domain Users".
$Policy = Get-ChildItem C:\Windows\System32\attrib.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Path -User "Domain Users" -Optimize -RuleNamePrefix "Block attrib1"
foreach($RuleCollection in $Policy.RuleCollections)
{
foreach($Rule in $RuleCollection)
{
$Rule.Action = 'Deny'
}
}
$GPO_ID = (Get-GPO -Name "SampleGPO").Id
Set-AppLockerPolicy -PolicyObject $Policy -Ldap "LDAP://cn={$GPO_ID},cn=policies,cn=system,DC=addc,DC=altairone,DC=com"
But when I see the path in the properties of this rule, I see the rule is being created for all the files under %SYSTEM32% as shown in the picture.
Can someone guide to create rule just for single file?