PowerShell Logo Small

Test-AppLockerPolicy



This is the built-in help made by Microsoft for the command 'Test-AppLockerPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Specifies the AppLocker policy to determine whether the input files will be allowed to run for a given user.

SYNTAX


Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter [<List<PolicyDecision>>]] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}]
[-InformationVariable [<System.String>]] [-User [<String>]] -Path <List<String>> [<CommonParameters>]
Test-AppLockerPolicy [-XmlPolicy] <String> [-Filter [<List<PolicyDecision>>]] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}]
[-InformationVariable [<System.String>]] [-User [<String>]] -Packages <List<AppxPackage>> [<CommonParameters>]
Test-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-Filter [<List<PolicyDecision>>]] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore |
Suspend}] [-InformationVariable [<System.String>]] [-User [<String>]] -Path <List<String>> [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Test-AppLockerPolicy cmdlet specifies the AppLocker policy to determine whether a list of files is allowed to run on the local computer for a specified user.


To test AppLocker rules for a nested group, a representative member of the nested group should be specified for the User parameter. For example, a rule that allows the
Everyone group to run calc.exe may not appear to apply correctly when the nested Finance group for the User parameter is specified. Instead, a representative member of the
Finance group should be specified for the User parameter.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?linkid=287252
Get-AppLockerFileInformation
Get-AppLockerPolicy
New-AppLockerPolicy
Set-AppLockerPolicy
Get-AppxPackage

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Test-AppLockerPolicy -XMLPath C:\Policy.xml -Path c:\windows\system32\calc.exe, C:\windows\system32\notepad.exe -User Everyone



This example reports if calc.exe and notepad.exe will be allowed to run for Everyone under the policy specified by C:\Policy.xml.






EXAMPLE 2

PS C:\>Get-ChildItem C:\windows\system32\*.exe | Test-AppLockerPolicy c:\Policy.xml -Filter DeniedByDefault



This example lists the executables under C:\Windows\System32 that everyone will be denied by the policy specified by C:\Policy.xml because there is no explicit rule for the
file.






EXAMPLE 3

PS C:\>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User contoso\saradavis -Filter Denied | Format-List -Property | Set-Content
(ꞌC:\temp\DeniedFiles.txtꞌ)



This example gets the local AppLocker policy, uses the policy to determine which executables in C:\Windows\System32 that contoso\saradavis is explicitly denied access to
run, and then redirects the list to a text file.






EXAMPLE 4

PS C:\>Get-AppxPackage –AllUsers | Test-AppLockerPolicy –XmlPolicy .\SamplePolicy.xml



This example lists all the packages installed on this computer, for all the users, and tests them against a saved policy.