This is the built-in help made by Microsoft for the command 'New-AppLockerPolicy', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Creates a new AppLocker policy from a list of file information and other rule creation options.
New-AppLockerPolicy [-FileInformation] <List<FileInformation>> [-IgnoreMissingFileInformation [<SwitchParameter>]] [-Optimize
[<SwitchParameter>]] [-RuleNamePrefix <String>] [-RuleType <List<RuleType>>] [-User <String>] [-Xml [<SwitchParameter>]] [<CommonParameters>]
The New-AppLockerPolicy cmdlet uses a list of file information to automatically generate a list of rules for a given user or group. Rules can
be generated based on publisher, hash, or path information.
Run the Get-AppLockerFileInformation cmdlet to create the list of file information.
By default, the output is an AppLockerPolicy object. If the XML parameter is specified, the output will be the AppLocker policy as an
XML-formatted string.
<
Get-AppLockerFileInformation
Get-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy
<
EXAMPLE 1
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone
-RuleNamePrefix System32
Version RuleCollections RuleCollectionTypes
------- --------------- -------------------
1 {Microsoft.Security.ApplicationId.Po... {Exe}
This example creates an AppLocker policy containing allow rules for all of the executable files in C:\Windows\System32. The policy contains
publisher rules for those files with publisher information and hash rules for those that do not. The rules are prefixed with System32: and the
rules apply to the Everyone group.
EXAMPLE 2
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Path -User Everyone -Optimize -XML
<AppLockerPolicy Version="1"><RuleCollection Type="Exe" EnforcementMode="NotConfigured"><FilePathRule Id="31B2F340-016D
-11D2-945F-00C04FB984F9" Name="%SYSTEM32%\*" Description="" 10 UserOrGroupSid="S-1-5-21-3165297888-301567370-576410423-
13" Action="cAllow"><Conditions><FilePathCondition Path="%SYSTEM32%\*" /></Conditions></FilePathRule></RuleCollection>
</AppLockerPolicy>
This example creates an XML-formatted AppLocker policy for all of the executable files in C:\Windows\System32. The policy contains only path
rules, the rules are applied to the Everyone group, and the Optimize parameter indicates that similar rules are grouped together where
possible.
EXAMPLE 3
C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL" -EventType Audited | New-AppLockerPolicy
-RuleType Publisher,Hash -User domain\FinanceGroup -IgnoreMissingFileInformation | Set-AppLockerPolicy -LDAP
"LDAP://DC13.TailspinToys.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=WingTipToys,DC=com"
This example creates a new AppLocker policy from the audited events in the local Microsoft-Windows-AppLocker/EXE and DLL event log. All of the
rules will be applied to the domain\FinanceGroup group. Publisher rules are created when the publisher information is available, and hash
rules are created if the publisher information is not available. If only path information is available for a file, then the file is skipped
because the IgnoreMissingFileInformation parameter is specified, and the file is included in the warning log. If the
IgnoreMissingFileInformation parameter is not specified when file information is missing, then the cmdlet exits because it cannot create the
specified rule type. After the new AppLocker policy is created, the AppLocker policy of the specified Group Policy Object (GPO) is set. The
existing AppLocker policy in the specified GPO will be overwritten.