Check XMLPolicy against installed AppxPackages
Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage)
#to export your currently applied policy run the following command
Get-ApplockerPolicy -Xml -Effective > C:\temp\effective_applockerpolicy.xml
#to test your applocker policy then against the currently effective run
Test-ApplockerPolicy -XmlPolicy "C:\temp\effective_applockerpolicy.xml" -Packages (Get-AppxPackage)
#you could also filter for specific packages and work with wildcards
Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage Microsoft.WindowsStore)
Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage Microsoft*)
Fetch Applocker-Policy from Domain Controller
#first find the right gpo. Be sure to have RSAT-Tools installed and sufficient permissions for reading group policy objects. If you want to know how to install RSAT-Tools on Windows 10 1809 and later check out the following URL:
https://nimdati.com/2019/04/16/windows-10-1809-rsat-installieren-wsus-umgehen/
#replace "*Applocker*" with a part of the name of your gpo
Get-GPO -All | ? DisplayName -like "*Applocker*"
#your result will look like the following (maybe you get more results then one)
DisplayName : GPO-Applocker-Default
DomainName : test1.domain.local
Owner : testdomain\Domain-Admins
Id : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
....
#what we need is the Id of the gpo
Get-ApplockerPolicy -Domain -LDAP "LDAP://dc1.domain.local/CN={insertgpoid},CN=Policies,CN=System,DC=domain,DC=local"
Get local Applocker policy
Get-ApplockerPolicy -Local
Get effective Applocker policy
Get-ApplockerPolicy -Effective | select -ExpandProperty RuleCollections
#as xml
Get-ApplockerPolicy -Xml -Effective
#save to file
Get-ApplockerPolicy -Xml -Effective > c:\temp\effective_applocker.xml