Get-AppLockerPolicy

Gets the local, effective, or domain AppLocker policy.
Get-AppLockerPolicy -Local* <Boolean> [-XML <Boolean>] [<CommonParameters>]
Get-AppLockerPolicy -Domain* <Boolean> -LDAP* <String> [-XML <Boolean>] [<CommonParameters>]
Get-AppLockerPolicy -Effective* <Boolean> [-XML <Boolean>] [<CommonParameters>]

The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output is an AppLockerPolicy object or an XML-formatted string.

Parameters
-Local <Boolean>

  • This value is required

Gets the AppLocker policy from the local GPO.

-Domain <Boolean>

  • This value is required

Gets the AppLocker policy from the GPO that is specified by the path in the LDAP parameter.

-Effective <Boolean>

  • This value is required

Gets the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied domain policies on the local computer.

-LDAP <String>

  • This value is required

The LDAP path of the Group Policy object. Must specify a unique GPO.

-XML <Boolean>

Specifies that the AppLocker policy be output as an XML-formatted string.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,ErrorAction, ErrorVariable, WarningAction, WarningVariable,OutBuffer, PipelineVariable, and OutVariable.

Outputs

By default, Get-AppLockerPolicy returns an AppLockerPolicy object. If you use the XML parameter, it will return

the AppLocker policy as an XML-formatted string.

Examples
  1.  
    C:PS> Get-AppLockerPolicy -Local
    
       Gets the local AppLocker policy as an AppLockerPolicy object.
  2.  
    C:PS> Get-AppLockerPolicy -Domain -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"
    
       Gets the AppLocker policy of the unique GPO specified by the LDAP path as an AppLockerPolicy object.
  3.  
    C:PS> Get-AppLockerPolicy -Effective -XML > C:tempEffective.xml
    
       Gets the effective policy on the computer, and then sends it in XML format to the specified file.
  4.  
    C:PS> Get-AppLockerPolicy -Local | Test-AppLockerPolicy -Path C:WindowsSystem32*.exe -User Everyone
    
       Gets the local AppLocker policy on the computer, and then tests the policy using Test-AppLockerPolicy to test 
       whether the executables in C:WindowsSystem32 will be allowed to run by the Everyone group.
Additional Notes
 
Related Links

Set-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy
Get-AppLockerFileInformation