< Back
Add-AppLockerPolicyHashRule
Post
NAME Add-AppLockerPolicyHashRule
SYNOPSIS
Adds an AppLocker policy file hash rule to an AppLocker policy document.
SYNTAX
Add-AppLockerPolicyHashRule [-AppLockerPolicyDocument] <XmlDocument> [-Name] <String> [-Data] <String>
[-SourceFileLength] <Int32> [-SourceFileName] <String> [-Type] <String> [[-Id] <String>] [[-Description] <String>]
[[-UserOrGroupSid] <String>] [[-Action] <String>] [[-Collection] <String>] [-PassThru] [<CommonParameters>]
DESCRIPTION
Adds a hash rule to an existing AppLocker policy document [XmlDocument]. If not specified, hashes are only
applied to the 'Exe' rule collection and allowed for all users ('S-1-1-0).
PARAMETERS
-AppLockerPolicyDocument <XmlDocument>
AppLocker XmlDocument to append the hash rule to.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Name <String>
AppLocker rule name.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Data <String>
File hash data.
Required? true
Position? 3
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SourceFileLength <Int32>
Soruce file length (in bytes).
Required? true
Position? 4
Default value 0
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SourceFileName <String>
Source file name.
Required? true
Position? 5
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Type <String>
File hash type.
Required? true
Position? 6
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Id <String>
Rule Id.
Required? false
Position? 7
Default value ([System.Guid]::NewGuid().ToString())
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Description <String>
Rule description.
Required? false
Position? 8
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-UserOrGroupSid <String>
Windows Security Identifier to apply the rule to.
Required? false
Position? 9
Default value S-1-1-0
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Action <String>
Permit or restrict execution of the file.
Required? false
Position? 10
Default value Allow
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Collection <String>
Required? false
Position? 11
Default value Exe
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns the created XmlElement object to the pipeline. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Add-AppLockerPolicyHashRule -AppLockerPolicyDocument $appLockerPolicy -Name 'BadApp 1.0.0: BAD.exe' -Data
'0x9E21F97CA6A5215E2728BBE844BF8655D22FA17EA463383E9DEACCEAA39A2FA5' -SourceFileLength 205824 -SourceFileName
'%PROGRAMFILES%\\BADAPP\\BAD.exe -Type 'SHA256'
Adds the specified 'Exe' rule collection SHA256 hash to the AppLocker policy [XmlDocument] in the
'$appLockerPolicy' variable.
RELATED LINKS
SYNOPSIS
Adds an AppLocker policy file hash rule to an AppLocker policy document.
SYNTAX
Add-AppLockerPolicyHashRule [-AppLockerPolicyDocument] <XmlDocument> [-Name] <String> [-Data] <String>
[-SourceFileLength] <Int32> [-SourceFileName] <String> [-Type] <String> [[-Id] <String>] [[-Description] <String>]
[[-UserOrGroupSid] <String>] [[-Action] <String>] [[-Collection] <String>] [-PassThru] [<CommonParameters>]
DESCRIPTION
Adds a hash rule to an existing AppLocker policy document [XmlDocument]. If not specified, hashes are only
applied to the 'Exe' rule collection and allowed for all users ('S-1-1-0).
PARAMETERS
-AppLockerPolicyDocument <XmlDocument>
AppLocker XmlDocument to append the hash rule to.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Name <String>
AppLocker rule name.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Data <String>
File hash data.
Required? true
Position? 3
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SourceFileLength <Int32>
Soruce file length (in bytes).
Required? true
Position? 4
Default value 0
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-SourceFileName <String>
Source file name.
Required? true
Position? 5
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Type <String>
File hash type.
Required? true
Position? 6
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Id <String>
Rule Id.
Required? false
Position? 7
Default value ([System.Guid]::NewGuid().ToString())
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Description <String>
Rule description.
Required? false
Position? 8
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-UserOrGroupSid <String>
Windows Security Identifier to apply the rule to.
Required? false
Position? 9
Default value S-1-1-0
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Action <String>
Permit or restrict execution of the file.
Required? false
Position? 10
Default value Allow
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Collection <String>
Required? false
Position? 11
Default value Exe
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns the created XmlElement object to the pipeline. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Add-AppLockerPolicyHashRule -AppLockerPolicyDocument $appLockerPolicy -Name 'BadApp 1.0.0: BAD.exe' -Data
'0x9E21F97CA6A5215E2728BBE844BF8655D22FA17EA463383E9DEACCEAA39A2FA5' -SourceFileLength 205824 -SourceFileName
'%PROGRAMFILES%\\BADAPP\\BAD.exe -Type 'SHA256'
Adds the specified 'Exe' rule collection SHA256 hash to the AppLocker policy [XmlDocument] in the
'$appLockerPolicy' variable.
RELATED LINKS