![]() ![]() $className = "MDM_AppLocker_Script03" #Do not change this Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=`'$parentID`' and InstanceID='MSI'" | Remove-CimInstance $className = "MDM_AppLocker_MSI03" #Do not change this Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=`'$parentID`' and InstanceID='EXE'" | Remove-CimInstance $className = "MDM_AppLocker_ApplicationLaunchRestrictions01_EXE03" #Do not change this ![]() Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=`'$parentID`' and InstanceID='DLL'" | Remove-CimInstance $className = "MDM_AppLocker_DLL03" #Do not change this $parentID = "./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/$GroupName" ![]() $GroupName = "AppLocker001" #Your own groupName when the AppIDSvc is started) unless an AppLocker 'Allow' rule is created for powershell.exe.Īdd the following resource definition below to allow Administrators to run powershell.exe: # Must enable access to powershell.exe since it is used by the applocker_rule provider to enforce rules.Īpplocker_rule ],Įxceptions => ,ĭescription => 'Sample rule specifying conditions and exceptions, no filepath param.$namespaceName = "root\cimv2\mdm\dmmap" #Do not change this The provider uses powershell.exe to enforce the resource and will fail after AppLocker is started (i.e. AppLocker may restrict access to powershell.exe. Please note that this AppLocker custom provider will fail without access to powershell.exe. Modify the Puppet Master's Puppetfile by adding the following line: mod 'autostructure-applocker', '1.0.0' PowerShell Rule It is enabled by default, so no action should be required. Note: pluginsync is necessary to download the powershell.rb provider file to the agent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |