Set-AppLockerPolicy
Set-AppLockerPolicy
Sets the AppLocker policy for the specified Group Policy object (GPO).
Syntax
Set-AppLockerPolicy [-XMLPolicy] <String> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf] [<CommonParameters>]
Set-AppLockerPolicy [-PolicyObject] <AppLockerPolicy> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf] [<CommonParameters>]
Detailed Description
The Set-AppLockerPolicy cmdlet sets the specified GPO to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) path is specified, the local GPO is the default setting. If the Merge parameter is not specified, the existing AppLocker policy in the target GPO will be overwritten by the new policy.
Parameters
-XMLPolicy <String>
Specifies the path where the AppLocker policy XML file is saved.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
0 |
-PolicyObject <AppLockerPolicy>
Specifies the AppLockerPolicy object that contains the AppLocker policy. It can be obtained from Get-AppLockerPolicy and New-AppLockerPolicy.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue) |
Position? |
0 |
-LDAP <String>
Specifies the LDAP path of the GPO. It must specify a unique GPO. If this parameter is not specified, the local AppLocker policy is set.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-Merge <Boolean>
When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not specified, then the new policy will overwrite the existing policy.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-Confirm <SwitchParameter>
Prompts you for confirmation before executing the command.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-WhatIf <SwitchParameter>
Describes what would happen if you executed the command without actually executing the command.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-CommonParameter
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter
Input and Return Types
The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.
Input Type |
Set-AppLockerPolicy can take the AppLocker policy as an AppLockerPolicy object or as an XML file containing AppLocker policy.. |
Return Type |
. |
Notes
Examples
EXAMPLE 1
C:\PS>Set-AppLockerPolicy -XMLPolicy C:\Policy.xml
Sets the local AppLocker policy to the policy specified in C:\Policy.xml.
EXAMPLE 2
C:\PS>Set-AppLockerPolicy -XMLPolicy C:\Policy.xml -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"
Sets the GPO specified in the LDAP path to contain the AppLocker policy that is specified in C:\Policy.xml.
EXAMPLE 3
C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge
Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. See the Merge parameter description for more details on how two policies are merged.
See Also
Reference
Get-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy
Get-AppLockerFileInformation