This is the built-in help made by Microsoft for the command 'New-AppLockerPolicy', in PowerShell version 4 - as retrieved from
Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Creates a new AppLocker policy from a list of file information and other rule creation options.
New-AppLockerPolicy [-FileInformation] <List<FileInformation>> [-IgnoreMissingFileInformation] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ign
ore | Suspend}] [-InformationVariable [<System.String>]] [-Optimize] [-RuleNamePrefix [<String>]] [-RuleType [<List<RuleType>>]] [-ServiceEnforcement [<System.String>
]] [-User [<String>]] [-Xml] [<CommonParameters>]
The New-AppLockerPolicy cmdlet uses a list of file information to automatically generate a list of rules for a given user or group. Rules can be generated based on pu
blisher, hash, or path information.
Run the Get-AppLockerFileInformation cmdlet to create the list of file information.
By default, the output is an AppLockerPolicy object. If the Xml parameter is specified, the output will be the AppLocker policy as an XML-formatted string.
<
Online Version: http://go.microsoft.com/fwlink/?linkid=287250
Get-AppLockerFileInformation
Get-AppLockerPolicy
Set-AppLockerPolicy
Test-AppLockerPolicy
<
EXAMPLE 1
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -RuleNamePrefix System32
Version RuleCollections RuleCollectionTypes
------- --------------- -------------------
1 {Microsoft.Security.ApplicationId.Po... {Exe}
This example creates an AppLocker policy that contains allow rules for all of the executable files in C:\Windows\System32. The policy contains publisher rules for tho
se files with publisher information and hash rules for those that do not. The rules are prefixed with System32: and the rules apply to the Everyone group.
EXAMPLE 2
C:\PS>Get-ChildItem C:\Windows\System32\*.exe | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Path -User Everyone -Optimize -XML
<AppLockerPolicy Version="1"><RuleCollection Type="Exe" EnforcementMode="NotConfigured"><FilePathRule Id="31B2F340-016D
-11D2-945F-00C04FB984F9" Name="%SYSTEM32%\*" Description="" 10 UserOrGroupSid="S-1-5-21-3165297888-301567370-576410423-
13" Action="cAllow"><Conditions><FilePathCondition Path="%SYSTEM32%\*" /></Conditions></FilePathRule></RuleCollection>
</AppLockerPolicy>
This example creates an XML-formatted AppLocker policy for all of the executable files in C:\Windows\System32. The policy contains only path rules, the rules are appl
ied to the Everyone group, and the Optimize parameter indicates that similar rules are grouped together where possible.
EXAMPLE 3
C:\PS>Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL" -EventType Audited | New-AppLockerPolicy -RuleType Publisher,Hash -Use
r domain\FinanceGroup -IgnoreMissingFileInformation | Set-AppLockerPolicy -LDAP "LDAP://DC13.TailspinToys.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN
=System,DC=WingTipToys,DC=com"
This example creates a new AppLocker policy from the audited events in the local Microsoft-Windows-AppLocker/EXE and DLL event log. All of the rules will be applied t
o the domain\FinanceGroup group. Publisher rules are created when the publisher information is available, and hash rules are created if the publisher information is n
ot available. If only path information is available for a file, then the file is skipped because the IgnoreMissingFileInformation parameter is specified, and the file
is included in the warning log. If the IgnoreMissingFileInformation parameter is not specified when file information is missing, then the cmdlet exits because it can
not create the specified rule type. After the new AppLocker policy is created, the AppLocker policy of the specified Group Policy Object (GPO) is set. The existing Ap
pLocker policy in the specified GPO will be overwritten.