none
AppLocker - PowerShell scripts - C# PowerShell invoke RRS feed

  • Question

  • I created an AppLocker policy that allows certain PowerShell scripts([123.ps1], [xxx.ps1], [Set.ps1]) to execute.
    There are no default rules.
    The created policy is set to local GPO.
    The rule works fine for the scripts that are allowed ([123.ps1] and [xxx.ps1] can be executed).
    Also a new file [zzz.ps1] will be blocked, as expected.

    I then use C# code to run a PowerShell script(Set.ps1) to set a new policy.
    If I execute a PowerShell script [abc.ps1], not included in policy file, it executes without any issue.
    As per policy, it should be blocked from execution.
    Is this a known issue?

    NB: ApplicationIdentity service is running.

    Does using Runspace [Namespace:System.Management.Automation.Runspaces] to invoke PowerShell from C# have any adverse effect on AppLocker policy for PowerShell script files?
    Is there any relation of AppLocker policy and Execution policy for PowerShell scripts?
    Will Execution policy  override AppLocker policy?

    Regards,
    Amal

    Friday, June 21, 2019 12:51 PM

All replies

  • You need to ask C# questions in the C# forum.

    \_(ツ)_/

    Friday, June 21, 2019 1:45 PM
  • Refer to this article on AppLocker. Specifically it mentions that before the script host (Powershell) runs it checks AppLocker. Since you are running a script programmatically you are the script host, not Powershell. Therefore you are not impacted by the AppLocker rules.

    If you wanted your app to follow the rules of AppLocker you'd need to either call AppLocker to check (just like Powershell does) or use Process to run Powershell directly on the script.

    For questions related to how AppLocker works and how it interacts with Powershell please post in the TechNet forums. The behavior of these tools is outside the scope of the C# forums.


    Michael Taylor http://www.michaeltaylorp3.net

    Friday, June 21, 2019 2:26 PM
    Moderator
  • I get it. It is not actually c# issue as I suspected. More to do with PowerShell and AppLocker. I have figured out that the issue is ps scripts are allowed to run in constrained language mode even if these scripts are not supported by AppLocker, provided there are Allow rules for other ps scripts in AppLocker. Anyway thanks for your replies. Regards, Amal

    Amal

    Saturday, June 22, 2019 10:42 AM
  • Hi AmalJesudas,

    Thank you for posting here.

    It seems that your question hovered between c# and PowerShell, I will move it to where is forum for forum to redirect it to the correct forum.

    The Visual C# forum discusses and asks questions about the C# programming language, IDE, libraries, samples, and tools.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, June 24, 2019 1:35 AM
    Moderator
  • Thanks Jack. I was trying to move to PowerShell forum. But somehow I was unable to do so form my mobile.

    Amal

    Monday, June 24, 2019 6:23 AM
  • Hi jrv,

    This is more a PowerShell or AppLocker question. 

    C# call was only one suspicious case.

    Moving this to c# forum seems incorrect.

     


    Amal

    Monday, June 24, 2019 6:25 AM
  • The code is all C#. C# is using a library to run the code.  The issue concerns how to use AppLocker and how AppLocker works.  It is nt a PowerShell script issue.

    Applocker only targets an app.  A C# program that uses PowerShell must be defined in AppLocker.


    \_(ツ)_/

    Monday, June 24, 2019 12:20 PM