Forum Discussion
AppLocker CSP, grouping and multiple policies
Morning all,
Very shortly my organisation will be looking to migrate the AppLocker policy management from GPO to MEM which has raised a few questions.
1. Can you assign multiple AppLocker CSP policies to a target device? I have always assumed that you can only assign the CSP once as it does not have merge support.
2. I have read about grouping guids in the CSP OMA-URI path, anyone have any practical experience in using this feature?
3. We need to manage the rule set better so we are looking at AaronLocker for management. Now the output is a single XML file which is great for GPO but not CSP. Anyone have a PowerShell script which can split the RuleCollection Type="xxx" into separate files to make the upload to the CSP easier?
4. Anyone have a PowerShell to automate the creation of an AppLocker CSP policy and upload the XML components? Looking to have a process which new AppLocker changes will create a new policy to avoid human error and allow strict testing before mass deployment.
Regards
Mike
- Hi.. I guess this could be your answers you are looking for
1.One csp, one applocker policy 🙂 https://call4cloud.nl/2021/01/applocker-the-meltdown/
2.Check my blog in question 4
3. Notepad and export the rules to seperate files? takes some couple of minutes
4. https://call4cloud.nl/2020/06/applocker-a-la-minute/
7 Replies
- Hi.. I guess this could be your answers you are looking for
1.One csp, one applocker policy 🙂 https://call4cloud.nl/2021/01/applocker-the-meltdown/
2.Check my blog in question 4
3. Notepad and export the rules to seperate files? takes some couple of minutes
4. https://call4cloud.nl/2020/06/applocker-a-la-minute/- Hi Rudy_Ooms_MVP,
Thank-you for coming back to me so quickly. Will take a look at your PowerShell script for the importing using MS Graph shortly.
Regards
MikeRudy_Ooms_MVPlooked at the PowerShell script and the JSON file. What data format is the value fields in? For example, if I was to load the json into PowerShell and wish to replace the value content with the data from an updated exe.xml what would I need to convert it into?
Mike
