Create App Locker rules/policy for all files in a folder using PowerShell

695 Views Asked by Dan At 02 March 2020 at 21:04

How do you create an AppLocker policy using PowerShell (running under Windows 10) to allow all files within a folder to be run by all 'Users'?

I've only seen how you can do it for individual files, not for a wildcard specification. For example, you can add a default rule using gpedit.msc that allows all files in %PROGRAMFILES%* to be run by all users, but how would you create a rule like that programmatically? I realize I can manipulate XML to achieve what I want, but my hope was to use cmdlets like New-AppLockerPolicy and Get-AppLockerFileInformation instead.

Original Q&A

There are 1 best solutions below

postanote On 03 March 2020 at 03:28

Why not just pass in a user list and iterate, using background job or parrallel process to make it more palatable?

# By user 
(Get-ADUser -Filter * -SearchBase 'OU=Finance,OU=UserAccounts').SamAccountName | 
ForEach{New-AppLockerPolicy -RuleType Publisher, Hash -User $PSItem -RuleNamePrefix System32}

# Or just by group name
New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -RuleNamePrefix System32

Create App Locker rules/policy for all files in a folder using PowerShell

There are 1 best solutions below

Related Questions in POWERSHELL

Related Questions in APPLOCKER

Trending Questions

Popular # Hahtags

Popular Questions