Creating AppLocker Rules using Powershell (Appx)

Hi

Another bug that we needed to work around is creating an Applocker rule for a built-in 1709 app (whether to whitelist or blacklist). Currently, if you try to use the Applocker GUI it crashes with an error in SRPUxSnapin.dll

Luckily there are some PowerShell commands that we can use to create a new ruleset by inserting a new rule into what we are already using.

First, locate the app you want to allow\block from this list:

https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10

You can see which apps are on your device using the command in the article:

Get-AppxPackage |Select Name,PackageFamilyName

The code below is an example of how to allow the ‘input app’ (touchscreen keyboard) and merge it with the currently effective policy

#Get the app we want to allow
$AppXPackage = get-appxpackage -name inputapp

#use this app to get AppLocker information to make the rule
$FileInfo = Get-AppLockerFileInformation -Packages $AppXPackage

#Create a new allow rule for everyone
$rule = New-AppLockerPolicy -RuleType publisher -FileInformation $FileInfo -User Everyone

#Import the currently active rules
$existingRules = Get-AppLockerPolicy -Effective

#Merge them with the new rule
$existingRules.Merge($rule)

Note – I wasn’t able to set the $existingRules.Merge result to a variable so have to overwrite the existing variable.

At this point, you can use this ruleset with the Set-AppLocker Policy commandlet. However, I prefer to export this as an XML file to import into the Group Policy Object:

$existingRules.ToXml() > C:\Temp\AppLockerRules.xml

Once imported you can use the GUI to tweak the rule such as adding a description, changing it to a specific file version or every version above (recommended)

Leave a Reply

Your email address will not be published. Required fields are marked *