diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 6e21277b67..f9355db522 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -115,7 +115,7 @@ href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide href: configure-wdac-managed-installer.md - - name: Managing WDAC Policies with CI Tool + - name: CITool.exe technical reference href: operations/citool-commands.md - name: WDAC AppId Tagging guide href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 9beafe889b..555d544b8f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -10,7 +10,7 @@ ms.reviewer: aaroncz ms.author: jogeurte ms.manager: jsuther manager: aaroncz -ms.date: 10/06/2022 +ms.date: 12/03/2022 ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium @@ -29,13 +29,22 @@ ms.localizationpriority: medium This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host. -> [!NOTE] -> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. - -## Deploying policies for Windows 10 version 1903 and above - You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). +## Deploying policies for Windows 11 22H2 and above + +You can use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the example below with the actual path to your WDAC policy binary file. + +```powershell +# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = from the Policy XML) +$PolicyBinary = "" +citool.exe --update-policy $PolicyBinary --json +``` + +## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above + +To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. + 1. Initialize the variables to be used by the script. ```powershell @@ -58,7 +67,9 @@ You should now have one or more WDAC policies converted into binary form. If not & $RefreshPolicyTool ``` -## Deploying policies for Windows 10 versions earlier than 1903 +## Deploying policies for all other versions of Windows and Windows Server + +Use WMI to apply policies on all other versions of Windows and Windows Server. 1. Initialize the variables to be used by the script. diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md index 88273c3c74..e9f786a561 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md @@ -3,15 +3,15 @@ title: Managing CI Policies and Tokens with CiTool description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool author: valemieux ms.author: jogeurte -ms.reviewer: jogeurte +ms.reviewer: jsuther1974 ms.topic: how-to -ms.date: 08/07/2022 +ms.date: 12/03/2022 ms.custom: template-how-to ms.prod: windows-client ms.technology: itpro-security --- -# Manage Windows Defender Application Control (WDAC) Policies with CI Tool +# CITool.exe technical reference CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies. CI Tool is currently included in Windows 11, version 22H2. @@ -21,7 +21,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi |--------|---------|---------| | --update-policy `` | Add or update a policy on the current system | -up | | --remove-policy `` | Remove a policy indicated by PolicyGUID from the system | -rp | -| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp | +| --list-policies | Dump information about all policies on the system, whether they're active or not | -lp | ## Token Commands @@ -32,7 +32,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi | --list-tokens | Dump information about all tokens on the system | -lt | > [!NOTE] -> Regarding --add-token, if `` is specified, a pre-existing token with `` should not exist. +> Regarding `--add-token`, if `` is specified, a pre-existing token with `` should not exist. ## Miscellaneous Commands