If you want to know how I queried AppLocker event logs using PowerShell then you will want to read this post.

I have configured AppLocker to run in ‘Audit’ mode and wanted a quick method of seeing what would be blocked without having to log on to individual computers and checking the event logs.

That way I can pro-actively monitor computers and build the white-list rules before I turn AppLocker on to ‘Enforce’ mode.

I’ve seen there are a number of AppLocker cmdlets that I’ll be exploring later, but for now, here’s my solution on GitHub.

Get my books:

ConfigMgr - An Administrator’s Guide to Deploying Applications using PowerShell

“Understanding Microsoft Intune: Deploying Applications Using PowerShell” is available for purchase at all good book stores and online outlets. Don’t miss out on the opportunity to take your application deployment skills to the next level. Get your copy today!

Amazon.co.uk

Amazon.com

Apress