Set-AppLockerPolicy

Article
09/08/2009

Set-AppLockerPolicy

Sets the AppLocker policy for the specified Group Policy object (GPO).

Syntax

Set-AppLockerPolicy [-XMLPolicy] <String> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf] [<CommonParameters>]


Set-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf] [<CommonParameters>]

Detailed Description

The Set-AppLockerPolicy cmdlet sets the specified GPO to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) path is specified, the local GPO is the default setting. If the Merge parameter is not specified, the existing AppLocker policy in the target GPO will be overwritten by the new policy.

Parameters

-XMLPolicy <String>

Specifies the path where the AppLocker policy XML file is saved.

Attributes

Name	Value
Required?	true
Accept wildcard characters?	false
Accept Pipeline Input?	false
Position?	0

-PolicyObject <AppLockerPolicy>

Specifies the AppLockerPolicy object that contains the AppLocker policy. It can be obtained from Get-AppLockerPolicy and New-AppLockerPolicy.

Attributes

Name	Value
Required?	true
Accept wildcard characters?	false
Accept Pipeline Input?	true (ByValue)
Position?	0

-LDAP <String>

Specifies the LDAP path of the GPO. It must specify a unique GPO. If this parameter is not specified, the local AppLocker policy is set.

Attributes

Name	Value
Required?	false
Accept wildcard characters?	false
Accept Pipeline Input?	false
Position?	named

-Merge <Boolean>

When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not specified, then the new policy will overwrite the existing policy.

Attributes

Name	Value
Required?	false
Accept wildcard characters?	false
Accept Pipeline Input?	false
Position?	named

-Confirm <SwitchParameter>

Prompts you for confirmation before executing the command.

Attributes

Name	Value
Required?	false
Accept wildcard characters?	false
Accept Pipeline Input?	false
Position?	named

-WhatIf <SwitchParameter>

Describes what would happen if you executed the command without actually executing the command.

Attributes

Name	Value
Required?	false
Accept wildcard characters?	false
Accept Pipeline Input?	false
Position?	named

-CommonParameter

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter

Input and Return Types

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.

Input Type	Set-AppLockerPolicy can take the AppLocker policy as an AppLockerPolicy object or as an XML file containing AppLocker policy..
Return Type	.

Notes

Examples

EXAMPLE 1

C:\PS>Set-AppLockerPolicy -XMLPolicy C:\Policy.xml

Sets the local AppLocker policy to the policy specified in C:\Policy.xml.

EXAMPLE 2

C:\PS>Set-AppLockerPolicy -XMLPolicy C:\Policy.xml -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"

Sets the GPO specified in the LDAP path to contain the AppLocker policy that is specified in C:\Policy.xml.

EXAMPLE 3

C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge

Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. See the Merge parameter description for more details on how two policies are merged.

Set-AppLockerPolicy