cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

AppLocker CSP, grouping and multiple policies

MikePalmer75
Brass Contributor

‎Aug 24 2022 12:19 AM

‎Aug 24 2022 12:19 AM

AppLocker CSP, grouping and multiple policies

Morning all,

 

Very shortly my organisation will be looking to migrate the AppLocker policy management from GPO to MEM which has raised a few questions.

 

1. Can you assign multiple AppLocker CSP policies to a target device? I have always assumed that you can only assign the CSP once as it does not have merge support.

2. I have read about grouping guids in the CSP OMA-URI path, anyone have any practical experience in using this feature?

3. We need to manage the rule set better so we are looking at AaronLocker for management. Now the output is a single XML file which is great for GPO but not CSP. Anyone have a PowerShell script which can split the RuleCollection Type="xxx" into separate files to make the upload to the CSP easier?

4. Anyone have a PowerShell to automate the creation of an AppLocker CSP policy and upload the XML components? Looking to have a process which new AppLocker changes will create a new policy to avoid human error and allow strict testing before mass deployment.

 

Regards

 

Mike

2,438 Views
0 Likes
6 Replies
Reply
6 Replies
best response confirmed by MikePalmer75 (Brass Contributor)
Rudy_Ooms_MVP

‎Aug 24 2022 05:12 AM

‎Aug 24 2022 05:12 AM

Solution

Re: AppLocker CSP, grouping and multiple policies

Hi.. I guess this could be your answers you are looking for

1.One csp, one applocker policy :) https://call4cloud.nl/2021/01/applocker-the-meltdown/
2.Check my blog in question 4
3. Notepad and export the rules to seperate files? takes some couple of minutes
4. https://call4cloud.nl/2020/06/applocker-a-la-minute/
1 Like
Reply
MikePalmer75

‎Aug 24 2022 06:46 AM

‎Aug 24 2022 06:46 AM

Re: AppLocker CSP, grouping and multiple policies

Hi @Rudy_Ooms_MVP,

Thank-you for coming back to me so quickly. Will take a look at your PowerShell script for the importing using MS Graph shortly.

Regards

Mike
0 Likes
Reply
MikePalmer75

‎Aug 24 2022 06:58 AM - edited ‎Aug 24 2022 11:01 PM

‎Aug 24 2022 06:58 AM - edited ‎Aug 24 2022 11:01 PM

Re: AppLocker CSP, grouping and multiple policies

@Rudy_Ooms_MVPlooked at the PowerShell script and the JSON file. What data format is the value fields in? For example, if I was to load the json into PowerShell and wish to replace the value content with the data from an updated exe.xml what would I need to convert it into?

Mike

0 Likes
Reply
MikePalmer75

‎Aug 25 2022 12:07 AM

‎Aug 25 2022 12:07 AM

Re: AppLocker CSP, grouping and multiple policies

Asked my own question :) The value field is encoded in Base 64.
0 Likes
Reply
Rudy_Ooms_MVP

‎Aug 25 2022 12:10 AM

‎Aug 25 2022 12:10 AM

Re: AppLocker CSP, grouping and multiple policies

@MikePalmer75 

 

hehe it is indeed :) , did it worked for you?

0 Likes
Reply
MikePalmer75

‎Aug 25 2022 12:23 AM

‎Aug 25 2022 12:23 AM

Re: AppLocker CSP, grouping and multiple policies

Not going to get a chance this week to try an import. Now researching how to take our full applocker xml which is managed by GPO to split it into the five separate xml files so I can automate the whole process from start to end.

My objective is to manage the rules using Aaronlocker then take output, split it down and the upload new policy to MEM all using PowerShell. Makes it easier to manage and removes human error.
0 Likes
Reply