deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update citool-commands.md

Browse Source
This commit is contained in:
valemieux
2022-09-15 06:06:46 -07:00
parent eadad34b16
commit 5090368490
1 changed files with 54 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
windows/security/threat-protection/windows-defender-application-control/citool-commands.md
View File

@ -19,20 +19,20 @@ This article will describe how to use CI Tool to update and manage policies. CI
| Command | Description | Alias |
|--------|---------|---------|
| --update-policy /Path/To/Policy/File | Add or update a policy on the current system | -up |
| --remove-policy PolicyGUID | Remove a policy indicated by PolicyGUID from the system | -rp |
| --update-policy </Path/To/Policy/File> | Add or update a policy on the current system | -up |
| --remove-policy <PolicyGUID> | Remove a policy indicated by PolicyGUID from the system | -rp |
| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp |
## Token Commands
| Command | Description | Alias |
|--------|---------|---------|
| --add-token Path/To/Token/File [--token-id ID] | Deploy a token onto the current system, with an optional specific ID. | -at |
| --remove-token ID | Remove a Token indicated by ID from the system. | -rt |
| --add-token <Path/To/Token/File> <--token-id ID> | Deploy a token onto the current system, with an optional specific ID. | -at |
| --remove-token <ID> | Remove a Token indicated by ID from the system. | -rt |
| --list-tokens | Dump information about all tokens on the system | -lt |
>[!NOTE]
>Regarding --add-token, if [ID] is specified, a pre-existing token with [ID] should not exist.
>Regarding --add-token, if <ID> is specified, a pre-existing token with <ID> should not exist.
## Miscellaneous Commands
@ -47,27 +47,27 @@ This article will describe how to use CI Tool to update and manage policies. CI
1. Deploy a WDAC policy onto the system
```powershell
PS C:\Users\[USER] CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
PS C:\Users\<USER> CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
Operation Successful
Press Enter to Continue
```
2. Refresh the WDAC policies
```powershell
PS C:\Users\[USER] CITool --refresh
PS C:\Users\<USER> CITool --refresh
Operation Successful
```
3. Remove a specific WDAC policy by its policy ID
```powershell
PS C:\Users\[USER] CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
PS C:\Users\<USER> CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
Operation Successful
Press Enter to Continue
```
4. Display the help menu
```powershell
PS C:\Users\[USER] CITool -h
PS C:\Users\<USER> CITool -h
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
@ -80,9 +80,9 @@ PS C:\Users\[USER] CITool -h
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
--add-token Path/To/Token/File <--token-id ID>
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
If <ID> is specified, a pre-existing token with <ID> should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.