output.xml The applications for which a user is blocked: Step 1: Get-AppLockerPolicy -EFFECTIVE -Xml > output2.xml Step 2: Get-ChildItem -Path "C:\Program Files" -Recurse -Filter *.exe | Convert-Path | Test-AppLockerPolicy -XMLPolicy.\output2.xml"> output.xml The applications for which a user is blocked: Step 1: Get-AppLockerPolicy -EFFECTIVE -Xml > output2.xml Step 2: Get-ChildItem -Path "C:\Program Files" -Recurse -Filter *.exe | Convert-Path | Test-AppLockerPolicy -XMLPolicy.\output2.xml">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) SESSION CODE: WCL303.

Published byLeonard Barnett Modified over 9 years ago

Similar presentations

Presentation on theme: "Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) SESSION CODE: WCL303."— Presentation transcript:

1 Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) SESSION CODE: WCL303

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25 Get AppLocker File Info (for.EXEs) : Get-AppLockerFileInformation -Directory 'C:\Program Files' –recurse -FileType exe Create AppLocker Policy XML rule set: (Get-AppLockerFileInformation… line above) | New-AppLockerPolicy -ruletype publisher, hash -user everyone -XML Create a new Applocker Local GPO with that rule set: Get-AppLockerFileInformation -Directory 'C:\Program Files' -recurse -FileType exe | New-AppLockerPolicy -ruletype publisher, hash -user everyone | Set-AppLockerPolicy –merge

26 Create a new GPO AppLocker Policy: Get-AppLockerFileInformation -Directory 'C:\Program Files' –recurse -FileType exe | New-AppLockerPolicy -ruletype publisher, hash -user everyone | Set-AppLockerPolicy -LDAP "LDAP://DC.fabrikam.com/CN={4391FF66- 197D-4BBE-B83E-4B536A09B543},CN=Policies,CN=System,DC=Fabrikam,DC=com" Dump a domain-based GPO’s AppLocker rules: Get-AppLockerPolicy -Domain -LDAP "LDAP://DC.fabrikam.com/CN={4391FF66- 197D-4BBE-B83E-4B536A09B543},CN=Policies,CN=System,DC=Fabrikam,DC=com“ –XML > output.xml The applications for which a user is blocked: Step 1: Get-AppLockerPolicy -EFFECTIVE -Xml > output2.xml Step 2: Get-ChildItem -Path "C:\Program Files" -Recurse -Filter *.exe | Convert-Path | Test-AppLockerPolicy -XMLPolicy.\output2.xml

27

28

29

30

31

32 What is the Springboard Series? To the IT pro, our goal is Be the definitive resource for Desktop IT pros Open, honest; show don’t tell Information at right time, right level across Adoption Lifecycle Inside of Microsoft we are A turnkey IT pro engagement platform for depth and breadth The program to mobilize MS marketing and field to focus on desktop OS IT pros DEPLOYPILOTMANAGEEXPLOREDISCOVER one-Windows TechCenter in 10 languages Virtual Roundtable Events Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides TalkingAboutWindows Video Blogs

33 www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

34

35 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

36

37

38

Download ppt "Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) SESSION CODE: WCL303."

Similar presentations

Steve Smith Senior Architect The Code Project SESSION CODE: DPR304.

Steve Smith Senior Architect The Code Project SESSION CODE: DPR304.
Death of Security: Breached Hosts/Stolen Data/IP Espionage

Death of Security: Breached Hosts/Stolen Data/IP Espionage
Don Jones Senior Partner and Technologist Concentrated Technology, LLC SESSION CODE: WCL308.

Don Jones Senior Partner and Technologist Concentrated Technology, LLC SESSION CODE: WCL308.
Ron Jacobs Technical Evangelist Microsoft Corporation SESSION CODE: DEV207.

Ron Jacobs Technical Evangelist Microsoft Corporation SESSION CODE: DEV207.
Jason Tolley Technical Director ROK Technology Pty Ltd SESSION CODE: WEM305.

Jason Tolley Technical Director ROK Technology Pty Ltd SESSION CODE: WEM305.
Marc Shepard Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL203.

Marc Shepard Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL203.
Jay Ferron- Global Knowledge Jeremy Chapman - Microsoft Corporation SESSION CODE: WCL201.

Jay Ferron- Global Knowledge Jeremy Chapman - Microsoft Corporation SESSION CODE: WCL201.
Raymond P.L. Comvalius IT Infrastructure Specialist Invendows BV – The Netherlands SESSION CODE: WCL310.

Raymond P.L. Comvalius IT Infrastructure Specialist Invendows BV – The Netherlands SESSION CODE: WCL310.
Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com SESSION CODE: SIA336.

Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com SESSION CODE: SIA336.
Sometimes it is the stuff you know that hinders true progress.

Sometimes it is the stuff you know that hinders true progress.
Anthony (A.J.) Smith Senior Product Manager Microsoft Corporation SESSION CODE: WCL307.

Anthony (A.J.) Smith Senior Product Manager Microsoft Corporation SESSION CODE: WCL307.
The Secrets of Effective Technical Talks: How to Explain Tech without Tucking Them In! Presented by Mark Minasi and Mark Russinovich SESSION CODE: SIA334.

The Secrets of Effective Technical Talks: How to Explain Tech without Tucking Them In! Presented by Mark Minasi and Mark Russinovich SESSION CODE: SIA334.
Ashwin Sarin Program Manager Microsoft Corporation SESSION CODE: COS204.

Ashwin Sarin Program Manager Microsoft Corporation SESSION CODE: COS204.
Maciej Pilecki Consultant, SQL Server MVP Project Botticelli Ltd. SESSION CODE: DAT403.

Maciej Pilecki Consultant, SQL Server MVP Project Botticelli Ltd. SESSION CODE: DAT403.
Boris Jabes Senior Program Manager Microsoft Corporation SESSION CODE: DEV319 Scale & Productivity in Visual C++ 2010.

Boris Jabes Senior Program Manager Microsoft Corporation SESSION CODE: DEV319 Scale & Productivity in Visual C
Peter Provost Sr. Program Manager Microsoft Corporation SESSION CODE: DEV403.

Peter Provost Sr. Program Manager Microsoft Corporation SESSION CODE: DEV403.
Joe SchulmanAdrienne WuProgram ManagerMicrosoft Corporation SESSION CODE: SIA319.

Joe SchulmanAdrienne WuProgram ManagerMicrosoft Corporation SESSION CODE: SIA319.
END USER TOOLS AND PERFORMANCE MANAGEMENT APPS Excel PerformancePoint Svcs/ProClarity BI PLATFORM SQL Server Reporting Services SQL Server Reporting Services.

END USER TOOLS AND PERFORMANCE MANAGEMENT APPS Excel PerformancePoint Svcs/ProClarity BI PLATFORM SQL Server Reporting Services SQL Server Reporting Services.
Janssen Jones Virtual Machine MVP Indiana University SESSION CODE: VIR403.

Janssen Jones Virtual Machine MVP Indiana University SESSION CODE: VIR403.
Mark Russinovich Technical Fellow Microsoft Corporation *Portions derived from David Solomon’s Windows Internals Seminar SESSION CODE: WCL402.

Mark Russinovich Technical Fellow Microsoft Corporation *Portions derived from David Solomon’s Windows Internals Seminar SESSION CODE: WCL402.

Similar presentations

Ads by Google