deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into fr-content-freshness-2023-09

Browse Source
This commit is contained in:
Gary Moore
2023-10-02 15:04:52 -07:00
committed by GitHub
parent 4febdc8ec8 77bf2e6539
commit ae8f9a3130
2 changed files with 49 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/client-management/mdm/configuration-service-provider-ddf.md
View File

@ -20,7 +20,7 @@ This article lists the OMA DM device description framework (DDF) files for vario
As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
- [DDF v2 Files, December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
- [DDF v2 Files, September 2023](https://download.microsoft.com/download/0/e/c/0ec027e5-8971-49a2-9230-ec9352bc3ead/DDFv2September2023.zip)
## DDF v2 schema
@ -582,6 +582,7 @@ DDF v2 XML schema definition is listed below along with the schema definition fo
You can download the older DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10 and 11 December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)

65
windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
View File

@ -1,42 +1,71 @@
---
title: Managing CI Policies and Tokens with CiTool
description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
ms.topic: how-to
ms.date: 04/05/2023
title: Managing CI policies and tokens with CiTool
description: Learn how to use policy commands, token commands, and miscellaneous commands in CiTool
ms.topic: reference
ms.date: 10/02/2023
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
---
# CiTool technical reference
CiTool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CiTool to update and manage policies. CiTool is currently included as part of the Windows image in Windows 11 version 22H2.
CiTool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. You can use this tool to manage Windows Defender Application Control policies and CI tokens. This article describes how to use CiTool to update and manage policies. It's currently included as part of the Windows image in Windows 11, version 22H2.
## Policy Commands
## Policy commands
| Command | Description | Alias |
|--------|---------|---------|
| --update-policy `</Path/To/Policy/File>` | Add or update a policy on the current system | -up |
| --remove-policy `<PolicyGUID>` | Remove a policy indicated by PolicyGUID from the system | -rp |
| --list-policies | Dump information about all policies on the system, whether they're active or not | -lp |
| `--update-policy </Path/To/Policy/File>` | Add or update a policy on the current system. | `-up` |
| `--remove-policy <PolicyGUID>` | Remove a policy indicated by PolicyGUID from the system. | `-rp` |
| `--list-policies` | Dump information about all policies on the system, whether they're active or not. | `-lp` |
## Token Commands
## Token commands
| Command | Description | Alias |
|--------|---------|---------|
| --add-token `<Path/To/Token/File>` <--token-id ID> | Deploy a token onto the current system, with an optional specific ID. | -at |
| --remove-token `<ID>` | Remove a Token indicated by ID from the system. | -rt |
| --list-tokens | Dump information about all tokens on the system | -lt |
| `--add-token <Path/To/Token/File> <--token-id ID>` | Deploy a token onto the current system, with an optional specific ID. | `-at` |
| `--remove-token <ID>` | Remove a token indicated by ID from the system. | `-rt` |
| `--list-tokens` | Dump information about all tokens on the system. | `-lt` |
> [!NOTE]
> Regarding `--add-token`, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
> Regarding `--add-token`, if `<ID>` is specified, a pre-existing token with `<ID>` shouldn't exist.
## Miscellaneous Commands
## Miscellaneous commands
| Command | Description | Alias |
|--------|---------|---------|
| --device-id | Dump the Code Integrity Device ID | -id |
| --refresh | Attempt to Refresh WDAC Policies | -r |
| --help | Display the tool's help menu | -h |
| `--device-id` | Dump the code integrity device ID. | `-id` |
| `--refresh` | Attempt to refresh WDAC policies. | `-r` |
| `--help` | Display the tool's help menu. | `-h` |
## Output attributes and descriptions
### List policies (`--list-policies`)
```output
Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
Friendly Name: Microsoft Windows Driver Policy
Version: 2814751463178240
Platform Policy: true
Policy is Signed: true
Has File on Disk: false
Is Currently Enforced: true
Is Authorized: true
Status: 0
```
| Attribute | Description | Example value |
|--------|---------|---------|
| Policy ID | Lists the ID of the policy. | `d2bda982-ccf6-4344-ac5b-0b44427b6816` |
| Base Policy ID | Lists the ID of the base policy. | `d2bda982-ccf6-4344-ac5b-0b44427b6816` |
| Friendly Name | Value listed in `<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">` | `Microsoft Windows Driver Policy` |
| Version | Version of the policy listed in `<VersionEx>` | `2814751463178240` |
| Platform Policy | Indicates whether the policy is provided by Microsoft, for example in the vulnerable driver blocklist policy. | `true` |
| Policy is Signed | Indicates whether the policy has a valid signature. | `true` |
| Has File on Disk | Indicates whether the policy file is currently on the disk. | `false` |
| Is Currently Enforced | Indicates whether the policy file is active. | `true` |
| Is Authorized | If the policy requires a token to be activated, this value is the state of authorization for the token. If the policy doesn't require a token, this value matches the value for the **Is Currently Enforced** property. | `true` |
## Examples