Friday, January 6, 2023

AppLocker - How to clear policies from a machine (or multiple)

 









If you need to clear AppLocker polices here's how to do it:

  1. If your using some kind of method to deploy AppLocker policies to your machines, first of all disable it.

  2. The, create an .XML (ex.: clear.xml) file with the following rules:

    <AppLockerPolicy Version="1">
      <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
      <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
      <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
      <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
      <RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
      <RuleCollection Type="ManagedInstaller" EnforcementMode="NotConfigured" />
    </AppLockerPolicy>

  3. Apply the new AppLocker policy opening an elevated PowerShell:
    Import-Module AppLocker
    Set-AppLockerPolicy -XMLPolicy .\clear.xml

  4. Now, we need to run the following commands to stop the AppLocker services and the effects of the previous AppLocker policy:

    appidtel.exe stop [-mionly]
    sc.exe config appid start=demand
    sc.exe config appidsvc start=demand
    sc.exe config applockerfltr start=demand
    sc stop applockerfltr
    sc stop appidsvc
    sc stop appid
And...your done!

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)