deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update about rebootless removal of unsigned policies

Browse Source 
Update about rebootless removal of unsigned policies
This commit is contained in:
Violet Hansen
2024-10-17 11:31:55 +03:00
committed by GitHub
parent ab83cbe538
commit 4ee0c07f77
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md
View File

@ -35,9 +35,6 @@ To make a policy effectively inactive before removing it, you can first replace
4. Allow all COM objects. See [Allow COM object registration in an App Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md#examples);
5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only.
> [!IMPORTANT]
> After you remove a policy, restart the computer for it to take effect. You can't remove App Control policies without restarting the device.
### Remove App Control policies using CiTool.exe
Beginning with the Windows 11 2022 Update, you can remove App Control policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the App Control policy you want to remove:
@ -46,7 +43,8 @@ Beginning with the Windows 11 2022 Update, you can remove App Control policies u
CiTool.exe -rp "{PolicyId GUID}" -json
```
Then restart the computer.
> [!NOTE]
> Beginning with the Windows 11 2024 update, unsigned policies can be removed using CiTool.exe without requiring a restart. In previous versions of Windows, however, a restart is required to complete the removal process.
### Remove App Control policies using MDM solutions like Intune