Create App Locker rules/policy for all files in a folder using PowerShell

Question

How do you create an AppLocker policy using PowerShell (running under Windows 10) to allow all files within a folder to be run by all 'Users'?

I've only seen how you can do it for individual files, not for a wildcard specification. For example, you can add a default rule using gpedit.msc that allows all files in %PROGRAMFILES%* to be run by all users, but how would you create a rule like that programmatically? I realize I can manipulate XML to achieve what I want, but my hope was to use cmdlets like New-AppLockerPolicy and Get-AppLockerFileInformation instead.

score 0 · Answer 1 · answered Mar 03 '20 at 03:28

Why not just pass in a user list and iterate, using background job or parrallel process to make it more palatable?

# By user 
(Get-ADUser -Filter * -SearchBase 'OU=Finance,OU=UserAccounts').SamAccountName | 
ForEach{New-AppLockerPolicy -RuleType Publisher, Hash -User $PSItem -RuleNamePrefix System32}

# Or just by group name
New-AppLockerPolicy -RuleType Publisher, Hash -User Everyone -RuleNamePrefix System32

Create App Locker rules/policy for all files in a folder using PowerShell

1 Answers1