Get-AppLockerPolicy
Get-AppLockerPolicy
Gets the local, the effective, or a domain AppLocker policy.
Syntax
Parameter Set: LocalPolicy
Get-AppLockerPolicy -Local [-Xml] [ <CommonParameters>]
Parameter Set: DomainPolicy
Get-AppLockerPolicy -Domain -Ldap <String> [-Xml] [ <CommonParameters>]
Parameter Set: EffectivePolicy
Get-AppLockerPolicy -Effective [-Xml] [ <CommonParameters>]
Detailed Description
The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified Group Policy Object (GPO), or the effective policy on the computer.
By default, the output is an AppLockerPolicy object. If the XML parameter is used, then the output will be the AppLocker policy as an XML-formatted string.
Parameters
-Domain
Gets the AppLocker policy from the GPO specified by the path given in the Ldap parameter.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Effective
Gets the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied AppLocker domain policies on the local computer.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Ldap<String>
Specifies the LDAP path of the GPO and must specify a unique GPO.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Local
Gets the AppLocker policy from the local GPO.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Xml
Specifies that the AppLocker policy be output as an XML-formatted string.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
- None
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy
AppLockerPolicy
System.String
Examples
EXAMPLE 1
This example gets the local AppLocker policy as an AppLockerPolicy object.
PS C:\> Get-AppLockerPolicy -Local
EXAMPLE 2
This example gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.
PS C:\> Get-AppLockerPolicy -Domain -LDAP "LDAP:// DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"
EXAMPLE 3
This example gets the effective policy on the computer, and then sends it in XML-format to the specified file on an existing path.
PS C:\> Get-AppLockerPolicy -Effective -Xml | Set-Content (‘c:\temp\curr.xml’)
EXAMPLE 4
This example gets the local AppLocker policy on the computer, and then tests the policy using the Test-AppLockerPolicy cmdlet to test whether the .exe files in C:\Windows\System32 will be allowed to run by the Everyone group.
PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone