in itchef/cookbooks/cpe_applocker/libraries/applocker_helpers.rb [59:90]
def clear_applocker_policy
powershell_script 'Remove all AppLocker rules' do
not_if <<-EOH
$result = $True
(Get-AppLockerPolicy -Local).RuleCollections | ForEach {
$result = $result -And [string]::IsNullOrEmpty($_)
}
$result
EOH
code <<-EOH
$null = Get-AppLockerPolicy -Local -ErrorAction SilentlyContinue
$TempFile = [System.IO.Path]::GetTempFileName()
Set-Content -Path $TempFile -Value '<AppLockerPolicy Version="1">
<RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
<RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
</AppLockerPolicy>'
Set-ApplockerPolicy -XMLPolicy $TempFile
Remove-Item -Force $TempFile
EOH
end
end