Get-ApplockerReport (Function)

Here is another time saver I use almost daily. You can enter a servername here, and answer the how many days question to get a nice list of applocker logs. This is very useful to quickly see if something is being blocked.

Function Get-AppLockerReport
{
        param
                (
        [array]$ServerNames
                )
        $TimeInput = Read-Host "Enter number of days to query logs"
        $AppLockerServers = $ServerNames
        $StartTime = (Get-Date).AddDays(-$TimeInput)

        Foreach ($AppLockerServer in $AppLockerServers)
                {
                $AppLockerServer
                Get-WinEvent -filterhashtable @{LogName="Microsoft-Windows-AppLocker/EXE and DLL";
                StartTime=$StartTime} -Computername $AppLockerServer | Where-Object {$_.LevelDisplayName -eq "Error"} | group-object message -noelement | Format-List
                }
}