Set-AppLockerPolicy

Sets the AppLocker policy for the specified Group Policy object (GPO).
Set-AppLockerPolicy [-XMLPolicy*] <String> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf][<CommonParameters>]
Set-AppLockerPolicy [-PolicyObject*] <AppLockerPolicy> [-LDAP <String>] [-Merge <Boolean>] [-Confirm] [-WhatIf][<CommonParameters>]

The Set-AppLockerPolicy cmdlet sets the specified GPO to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) path is specified, the local GPO is the default setting. If the Merge parameter is not specified, the existing AppLocker policy in the target GPO will be overwritten by the new policy.

Parameters
-XMLPolicy <String>

  • This value is required

Specifies the path where the AppLocker policy XML file is saved.

-PolicyObject <AppLockerPolicy>

  • This value is required
  • Accepts pipeline input ByValue

Specifies the AppLockerPolicy object that contains the AppLocker policy. It can be obtained from Get-AppLockerPolicy and New-AppLockerPolicy.

-LDAP <String>

Specifies the LDAP path of the GPO. It must specify a unique GPO. If this parameter is not specified, the local AppLocker policy is set.

-Merge <Boolean>

When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter is not specified, then the new policy will overwrite the existing policy.

-Confirm [<SwitchParameter>]

Prompts you for confirmation before executing the command.

-WhatIf [<SwitchParameter>]

Describes what would happen if you executed the command without actually executing the command.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,ErrorAction, ErrorVariable, WarningAction, WarningVariable,OutBuffer, PipelineVariable, and OutVariable.

Inputs

Set-AppLockerPolicy can take the AppLocker policy as an AppLockerPolicy object or as an XML file containing

AppLocker policy.

Examples
  1.  
    C:PS> Set-AppLockerPolicy -XMLPolicy C:Policy.xml
    
       Sets the local AppLocker policy to the policy specified in C:Policy.xml.
  2.  
    C:PS> Set-AppLockerPolicy -XMLPolicy C:Policy.xml -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com"
    
       Sets the GPO specified in the LDAP path to contain the AppLocker policy that is specified in C:Policy.xml.
  3.  
    C:PS> Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge
    
       Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO 
       specified in the LDAP path. See the Merge parameter description for more details on how two policies are merged.
Additional Notes
 
Related Links

Get-AppLockerPolicy
New-AppLockerPolicy
Test-AppLockerPolicy
Get-AppLockerFileInformation