The following script is an automation process for installing AppLocker policies in a Windows environment using PowerShell. The script first sets the error handling preference to "silently continue" and elevates the privileges of the current process. It then sets the directory to the location of the script and installs the policies from the Files directory. The AppLocker service is then enabled and started, and the status of the service is checked. Finally, the active AppLocker rule categories are printed and the script tests the block rules for executables in the C:\Windows\System32 directory for the user "Everyone".
- Locks down system resources to bare minimum needed for basic OS functionality
- api0cradle/UltimateAppLockerByPassList)
- Microsoft Recommended Block Rules
- MotiBa/AppLocker
- NSA Cyber Bitlocker Guidance
If manually downloaded, the script must be launched from an administrative powershell in the directory containing all the files from the GitHub Repository
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Get-ChildItem -Recurse *.ps1 | Unblock-File
.\sos-applockerhardening.ps1The script may be launched from the extracted GitHub download like this:
iex ((New-Object System.Net.WebClient).DownloadString('https://simeononsecurity.ch/scripts/sosapplocker.ps1'))