Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.
For CodeIntegrity/Policy, you can use the [certutil -encode](http://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.
+Here is a sample certutil invocation:
+ +``` +certutil -encode WinSiPolicy.p7b WinSiPolicy.txt +``` + +Use only the data enclosed in the BEGIN CERTIFIFCATE and END CERTIFICATE section. Ensure that you have removed all line breaks before passing the data to the CSP node.
+An alternative to using certutil would be to use the following PowerShell invocation:
+ +``` +[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -PathIf you are using Hybrid MDM management with System Center Configuration Manager please ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.
Data type is string. Supported operations are Get, Add, Delete, and Replace.