Add RSOP test

Author: nyanhp

templates/AppLockerProject/build/publish.ps1

@@ -17,5 +17,5 @@ foreach ($policy in (Get-ChildItem -Path (Join-Path -Path $OutputPath -ChildPath
 
     $policyFound = $searcher.FindOne()
 
-    Set-AppLockerPolicy -XmlPolicy (Get-Content -Path $policy.FullName) -Ldap $policyFound.Path
+    Set-AppLockerPolicy -XmlPolicy $policy.FullName -Ldap $policyFound.Path
 }

templates/AppLockerProject/configurationdata/Domains/þdomainfqdnþ.yml

@@ -44,4 +44,5 @@ RuleCollections:
       - Name: Prohibit PowerShell 2 unsigned JIT
         Description: Explicitly deny signed DLLs needed for PowerShell v2
         Action: Deny
+        UserOrGroupSid: S-1-1-0
         Path: '%WINDIR%\assembly\NativeImages_v2.0.50727_32\System.Management.A#\*'

templates/AppLockerProject/configurationdata/Generics/Windows.yml

@@ -16,6 +16,7 @@ RuleCollections:
           LowSection: "*"
           HighSection: 9.9.9.9
       - Name: Prohibit PowerShell 2 unsigned JIT
+        UserOrGroupSid: S-1-1-0
         Description: Explicitly deny signed DLLs needed for PowerShell v2
         Action: Deny
         Path: '%WINDIR%\assembly\NativeImages_v2.0.50727_32\System.Management.A#\*'

templates/AppLockerProject/tests/ConfigurationData/Rsop.tests.ps1

@@ -0,0 +1,15 @@
+BeforeDiscovery {
+    if (Get-DatumRsopCache)
+    {
+        Clear-DatumRsopCache
+    }
+
+    $datum = New-DatumStructure -DefinitionFile (Join-Path "$global:testroot\..\configurationdata" Datum.yml)
+    [hashtable[]] $rsops = (Get-DatumRsop $datum (Get-DatumNodesRecursive -AllDatumNodes $Datum.AllNodes)).RuleCollections.Values.Rules
+}
+
+Describe "RSOP correctness" {
+    It "<Name> Policy rule has SID" -TestCases $rsops {
+        $UserOrGroupSid | Should -Not -BeNullOrEmpty
+    }
+}