Windows Patching has broken Applocker Policy Merge

Updated: Feb 14

For the past 5 or 6 years local Applocker policies have been created with Powershell scripts and since Jan 2021 (ish) importing and merging .xml files produced the following error with the following command:

Set-AppLockerPolicy -XmlPolicy "C:\Secure10\Applocker\Enforce.xml" -Merge

Set-AppLockerPolicy : The specified rule collection already exists in the policy.

At line:1 char:1

+ Set-AppLockerPolicy -XmlPolicy "C:\Secure10\Applocker\Enforce.xml" -M ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [Set-AppLockerPolicy], RuleCollectionAlreadyExistsException + FullyQualifiedErrorId : Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.RuleCollectionAlreadyExistsException,Microsoft.Security.App


Fresh installation of Windows 10, deploy the PS script and import local policies without issue. Merge can be executed multiple times for all the xml files that PowerShell has generated. Same client, commands and polices but updated and merge wont work....

This issue is one for Microsoft to resolve and once an answer is forthcoming I'll post it.

Anyone else experienced the same problem?

28 views0 comments