How to clear a local Applocker policy

There are 3 main actions in this menu when you edit the local Applocker policy. You can Import, Export and Clear a policy.

Let’s see how one can clear a local Applocker policy.

If you use Windows PowerShell, you can directly access the built-in Applocker module.
In this case, you can use the following shortcut:

$null | New-AppLockerPolicy -User EveryOne -EA 0 | 
Set-AppLockerPolicy -Verbose

NB: EA is the Alias of ErrorAction and 0 means SilentlyContinue.
It’s required to avoid displaying a message saying:

New-AppLockerPolicy : Cannot validate argument on parameter ‘FileInformation’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

Even if there’s an error thrown, a Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy is created and sent to the output stream.

Unfortunately, the same shortcut cannot be used within PowerShell 7.0.1 (current latest version).
You need the following 2 steps:

# step 1: write an empty policy to a file
$null | New-AppLockerPolicy -User EveryOne -EA 0 -Xml | 
Out-File ~/Documents/empty.xml

# step 2: import that file
Set-AppLockerPolicy ~/Documents/empty.xml

NB: Notice the addition of the -XML switch in the first step.

Here’s another approach for Windows PowerShell that looks like the example provided by Microsoft, named delete-an-applocker-rule that tells you actually how to clear *all* the rules.

The following example doesn’t write a file to disk and directly clears the local Applocker Policy

#Requires -Module Applocker
#Requires -PSEdition Desktop
#Requires -RunAsAdministrator
Function Clear-ApplockerLocalPolicy {
Begin {}
Process {
Try {
$null = Get-AppLockerPolicy -Local -ErrorAction SilentlyContinue
<AppLockerPolicy Version="1">
<RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
<RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
) |
Set-AppLockerPolicy -ErrorAction Stop
Write-Verbose -Message 'Successfully cleared local Applocker policy'
} catch {
Write-Error $_
End {}

NB: Notice the first call at line 11 to a built-in command from the Applocker module. It’s used to avoid this error message: Unable to find type [Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.AppLockerPolicy].
If that first call at line 11 is missing, when you do the following, you get:

Weird, isn’t? If you’ve an explanation, please add a comment 🙂

1 thought on “How to clear a local Applocker policy

  1. I got the same error with Get-AppLockerPolicyInfo. I commented the follow lines and It worked succesfully.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.