deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update citool-commands.md

Browse Source
This commit is contained in:
valemieux 2022-09-12 22:14:44 -07:00
parent fbe5214a3d
commit eadad34b16
1 changed files with 12 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
windows/security/threat-protection/windows-defender-application-control/citool-commands.md
View File

@ -10,9 +10,10 @@ ms.date: 08/07/2022
ms.custom: template-how-to
---
# Manage WDAC Policies with CI Tool
# Manage Windows Defender Application Control (WDAC) Policies with CI Tool
Generates Policy Commands, Token Commands, and Miscellaneous Commands for user mode code and drivers.
CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens.
This article will describe how to use CI Tool to update and manage policies. CI Tool is now included in box as part of Windows and can be interacted with in the command line.
## Policy Commands
@ -46,101 +47,27 @@ Generates Policy Commands, Token Commands, and Miscellaneous Commands for user m
1. Deploy a WDAC policy onto the system
```powershell
PS C:\windows\system32> .\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip -up
C:\Windows\System32>.\CITool.exe -update-policy \windows\system32\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip
Usage: CiTool COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
PS C:\Users\[USER] CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
Operation Successful
Press Enter to Continue
```
2. Refresh the WDAC policies in the \Windows\System32\CodeIntegrity\CiPolicies\Active folder
2. Refresh the WDAC policies
```powershell
PS C:\Users\[USER] cd \Windows\system32\CodeIntegrity\CiPolicies\Active
PS C:\Windows\System32\CodeIntegrity\CiPolicies\Active>.\CITool --refresh
PS C:\Users\[USER] CITool --refresh
Operation Successful
```
3. Remove a specific WDAC policy by its policy ID
```powershell
PS C:\Users\[USER] cd \windows\system32
PS C:\Windows\System32>.\CITool.exe --remove-policy {BF61FE40-8929-4FDF-9EC2-F7A767717F0B}
Usage: CiTool.exe COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
Press Enter to Exit
PS C:\Users\[USER] CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
Operation Successful
Press Enter to Continue
```
4. Display the help menu
```powershell
PS C:\Users\[USER] cd \windows\system32
PS C:\windows\system32> .\CITool.exe -h
PS C:\Users\[USER] CITool -h
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File