This is the built-in help made by Microsoft for the command 'Test-AppLockerPolicy', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.
Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter <List<PolicyDecision>>] [-User <String>] -Path <List<String>> [<CommonParameters>]
Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter <List<PolicyDecision>>] [-User <String>] -Packages <List<AppxPackage>> [<CommonParameters>]
Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-Filter <List<PolicyDecision>>] [-User <String>] -Path <List<String>>
[<CommonParameters>]
The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer
for a specified user.
To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For
example, a rule that allows the Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User
parameter is specified. Instead, a representative member of the Finance group should be specified for the User parameter.
<
Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Get-AppxPackage
<
EXAMPLE 1
PS C:\> Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone
This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.
EXAMPLE 2
PS C:\> Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault
This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because
there is no explicit rule for the file.
EXAMPLE 3
PS C:\> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List
-Property | Set-Content (ꞌC:\temp\DeniedFiles.txtꞌ)
This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is
explicitly denied access to run, and then redirects the list to a text file.
EXAMPLE 4
PS C:\> Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml
This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.