-
-
Save p0w3rsh3ll/5bbf4aa4eb05b76000a3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Configuration localApplockerDSCConfig { | |
param | |
( | |
[string[]]$NodeName = 'localhost' | |
) | |
Node $NodeName | |
{ | |
Service AppIDsvc { | |
Name = 'AppIDSvc' | |
StartupType = 'Automatic' | |
State = 'Running' | |
BuiltinAccount = 'LocalService' | |
DependsOn = "[File]XMLPol","[Script]ApplyLocalApplockerPol" | |
} | |
Script ApplyLocalApplockerPol { | |
GetScript = { | |
@{ | |
GetScript = $GetScript | |
SetScript = $SetScript | |
TestScript = $TestScript | |
Result = ([xml](Get-AppLockerPolicy -Effective -Xml)).InnerXML | |
} | |
} | |
SetScript = { | |
Set-AppLockerPolicy -XMLPolicy 'C:\windows\temp\polApplocker.xml' | |
} | |
TestScript = { | |
if( | |
Compare-Object -ReferenceObject ([xml](Get-AppLockerPolicy -Effective -Xml)).InnerXML ` | |
-DifferenceObject ([xml](Get-Content 'C:\windows\temp\polApplocker.xml')).InnerXml | |
) { | |
return $false | |
} else { | |
return $true | |
} | |
} | |
DependsOn = "[File]XMLPol" | |
} | |
File XMLPol { | |
DestinationPath = 'C:\windows\temp\polApplocker.xml' | |
Ensure = 'Present'; | |
Force = $true | |
Contents = @' | |
<AppLockerPolicy Version="1"> | |
<RuleCollection Type="Appx" EnforcementMode="Enabled"> | |
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
</RuleCollection> | |
<RuleCollection Type="Dll" EnforcementMode="NotConfigured" /> | |
<RuleCollection Type="Exe" EnforcementMode="Enabled"> | |
<FilePublisherRule Id="25118d14-e4db-482e-a936-447c8c93739a" Name="Signed by O=TREND MICRO, INC., L=TAIPEI, S=TAIWAN, C=TW" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=TREND MICRO, INC., L=TAIPEI, S=TAIWAN, C=TW" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePublisherRule Id="9f30c729-3921-46d9-9df8-eecbfb014ecd" Name="Signed by O=ORACLE AMERICA, INC., L=REDWOOD SHORES, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=ORACLE AMERICA, INC., L=REDWOOD SHORES, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePublisherRule Id="dcb1232c-6fed-4d95-935f-2dc3fd5ab90e" Name="MICROSOFT MONITORING AGENT, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT MONITORING AGENT" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePathRule Id="68017eb1-38e2-4011-8e56-dc104b27b527" Name="%HOT%\*" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePathCondition Path="%HOT%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%PROGRAMFILES%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%WINDIR%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="*" /> | |
</Conditions> | |
</FilePathRule> | |
</RuleCollection> | |
<RuleCollection Type="Msi" EnforcementMode="Enabled"> | |
<FilePublisherRule Id="1260ef26-70ff-4391-b719-ead2b2578cf8" Name="MICROSOFT MONITORING AGENT, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT MONITORING AGENT" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePublisherRule Id="1f8d1b9c-997c-4ba0-8cf1-999559d44fef" Name="Signed by O=PUPPET LABS, L=PORTLAND, S=OREGON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=PUPPET LABS, L=PORTLAND, S=OREGON, C=US" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePublisherRule Id="42fdff7a-12ce-4b11-9f9b-dc85c02802b5" Name="Signed by O=TREND MICRO, INC., L=TAIPEI, S=TAIWAN, C=TW" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=TREND MICRO, INC., L=TAIPEI, S=TAIWAN, C=TW" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePublisherRule Id="b7af7102-efde-4369-8a89-7a6a392d1473" Name="(Default Rule) All digitally signed Windows Installer files" Description="Allows members of the Everyone group to run digitally signed Windows Installer files." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePathRule Id="465dec27-a086-4915-9f83-a1a697e63091" Name="%HOT%\*" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePathCondition Path="%HOT%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="5b290184-345a-4453-b184-45305f6d9a54" Name="(Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer" Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%WINDIR%\Installer\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="64ad46ff-0d71-4fa0-a30b-3f3d30c5433d" Name="(Default Rule) All Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="*.*" /> | |
</Conditions> | |
</FilePathRule> | |
</RuleCollection> | |
<RuleCollection Type="Script" EnforcementMode="Enabled"> | |
<FilePathRule Id="06dce67b-934c-454f-a263-2515c8796a5d" Name="(Default Rule) All scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%PROGRAMFILES%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="082de031-a84f-4243-9efa-33d3389481f2" Name="%HOT%\*" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> | |
<Conditions> | |
<FilePathCondition Path="%HOT%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="9428c672-5fc3-47f4-808a-a0011f36dd2c" Name="(Default Rule) All scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%WINDIR%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="(Default Rule) All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="*" /> | |
</Conditions> | |
</FilePathRule> | |
</RuleCollection> | |
</AppLockerPolicy> | |
'@ | |
} | |
} | |
} | |
if (-not(test-path -Path C:\DSC -PathType Container)){ | |
mkdir C:\DSC | |
} | |
# Compile the configuration file to a MOF format | |
localApplockerDSCConfig -OutputPath C:\DSC | |
# Run the configuration on localhost | |
Start-DscConfiguration -Path C:\DSC -ComputerName localhost -Verbose -Force -Wait |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment