Get-AppLockerPolicy
Get-AppLockerPolicy
Gets the local, effective, or domain AppLocker policy.
Syntax
Get-AppLockerPolicy -Local <Boolean> [-XML <Boolean>] [<CommonParameters>]
Get-AppLockerPolicy -Domain <Boolean> -LDAP <String> [-XML <Boolean>] [<CommonParameters>]
Get-AppLockerPolicy -Effective <Boolean> [-XML <Boolean>] [<CommonParameters>]
Detailed Description
The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output is an AppLockerPolicy object or an XML-formatted string.
Parameters
-Local <Boolean>
Gets the AppLocker policy from the local GPO.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-Domain <Boolean>
Gets the AppLocker policy from the GPO that is specified by the path in the LDAP parameter.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-Effective <Boolean>
Gets the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied domain policies on the local computer.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-LDAP <String>
The LDAP path of the Group Policy object. Must specify a unique GPO.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-XML <Boolean>
Specifies that the AppLocker policy be output as an XML-formatted string.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-CommonParameter
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter
Input and Return Types
The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.
Input Type |
. |
Return Type |
By default, Get-AppLockerPolicy returns an AppLockerPolicy object. If you use the XML parameter, it will return the AppLocker policy as an XML-formatted string.. |
Notes
Examples
EXAMPLE 1
C:\PS>Get-AppLockerPolicy -Local
Gets the local AppLocker policy as an AppLockerPolicy object.
EXAMPLE 2
C:\PS>Get-AppLockerPolicy -Domain -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"
Gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.
EXAMPLE 3
C:\PS>Get-AppLockerPolicy -Effective -XML > C:\temp\Effective.xml
Gets the effective policy on the computer, and then sends it in XML format to the specified file.
EXAMPLE 4
C:\PS>Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:\Windows\System32\*.exe -User Everyone
Gets the local AppLocker policy on the computer, and then tests the policy using Test-AppLockerPolicy to test whether the executables in C:\Windows\System32 will be allowed to run by the Everyone group.
See Also
Reference
Set-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy
Get-AppLockerFileInformation