Managing Applocker with Powershell

Check XMLPolicy against installed AppxPackages

Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage)

#to export your currently applied policy run the following command

Get-ApplockerPolicy -Xml -Effective > C:\temp\effective_applockerpolicy.xml

#to test your applocker policy then against the currently effective run

Test-ApplockerPolicy -XmlPolicy "C:\temp\effective_applockerpolicy.xml" -Packages (Get-AppxPackage)

#you could also filter for specific packages and work with wildcards

Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage Microsoft.WindowsStore)
Test-ApplockerPolicy -XmlPolicy "PathtoPolicy" -Packages (Get-AppxPackage Microsoft*)

Fetch Applocker-Policy from Domain Controller

#first find the right gpo. Be sure to have RSAT-Tools installed and sufficient permissions for reading group policy objects. If you want to know how to install RSAT-Tools on Windows 10 1809 and later check out the following URL: 
https://nimdati.com/2019/04/16/windows-10-1809-rsat-installieren-wsus-umgehen/

#replace "*Applocker*" with a part of the name of your gpo
Get-GPO -All | ? DisplayName -like "*Applocker*"

#your result will look like the following (maybe you get more results then one)
DisplayName      : GPO-Applocker-Default
DomainName       : test1.domain.local
Owner            : testdomain\Domain-Admins
Id               : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
....

#what we need is the Id of the gpo
Get-ApplockerPolicy -Domain -LDAP "LDAP://dc1.domain.local/CN={insertgpoid},CN=Policies,CN=System,DC=domain,DC=local"

Get local Applocker policy

Get-ApplockerPolicy -Local

Get effective Applocker policy

Get-ApplockerPolicy -Effective | select -ExpandProperty RuleCollections

#as xml
Get-ApplockerPolicy -Xml -Effective

#save to file
Get-ApplockerPolicy -Xml -Effective > c:\temp\effective_applocker.xml

Leave a Reply

Your email address will not be published.