Create Software Restriction Policy with Powershell

Posted on 2013-10-18
Medium Priority
Last Modified: 2015-04-08
Hi all,

I've been reading up about the Cryptlocker malware, and came across an article that explained how you can prevent your PCs becoming infected. It involves setting up a Software Restriction Policy with the following parameters:

Path: %localAppData%\*.exe
Security Level: Disallowed
Description: Don't allow executables from AppData


Path: %localAppData%\*\*.exe
Security Level: Disallowed
Description: Don't allow executables from AppData

I know how to do this manually via editing the Local Security Policy on a machine, however I have 120 machines (all Win7) to update in various locations.

So I was wondering whether anyone knew of a way to set up the above policy using a powershell script? If so, I could roll the script out to the PCs with Windows Intune, which would be a massive time saver.

Much appreciated,
Question by:adriaanvw
  • 3
LVL 59

Expert Comment

ID: 39583328
Does your win7 edition support applocker (the better SRPol)? Applocker can be controlled by powershell. Appl. is available with ultimate and enterprise.

Author Comment

ID: 39590563
Yes, we use Win7 Enterprise. However I would prefer to use the method described if at all possible...
LVL 59

Accepted Solution

McKnife earned 1500 total points
ID: 39591764
I would definitely advise you to use applocker. It is the same as softw. restriction policy, only better and powershell can be used.

Expert Comment

ID: 40713844
I realise this is an old Thread. But Applocker only works on Windows 7 Ent not pro
Therefore SRP are the only option unless you have ent windows
Is there any way of making SRP work via powershell or the Command line?
LVL 59

Expert Comment

ID: 40714249
Hi rampant.

Please open up a new thread. And when you do, please specify why you wouldn't use local or domain GPOs to manage SRPs.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question