29ab6d569d
fixed syntax
2017-07-11 12:02:21 -07:00
cd812d03bb
copyedits
2017-07-11 11:35:40 -07:00
66763a225b
Document how to clear Applocker rules on an individual system and remote systems
...
In order to clear AppLocker policies from a machine you must use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter using a .XML file which contains the following contents:
<AppLockerPolicy Version="1">
<RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
</AppLockerPolicy>
To use the Set-AppLockerPolicy cmdlet, we must first import the Applocker modules. To do this:
PS C:\Users\Administrator> import-module AppLocker
We will create a file for example called clear.xml and place it in the same directory that we are executing our cmdlet. And fill it with the XML Contents above. Then you must execute using the following command:
C:\Users\Administrator> Set-AppLockerPolicy -XMLPolicy .\clear.xml
This will remove all AppLocker Policies on a machine and could be potentially scripted to use on multiple machines using remote execution tools with accounts with proper access.
2017-07-11 17:58:51 +05:30
55c67d84ac
Update Link URL
...
Updated AppLocker PowerShell Command Reference Link
2017-06-30 10:11:09 +12:00
c5564b2179
Merge pull request #212 from enigma0x3/credit_fix
...
Updated to include Alex Ionescu credit
2017-06-28 16:19:27 -07:00
6d6405321d
Merge pull request #220 from enigma0x3/ntkd_addition
...
Ntkd kernel debugger addition
2017-06-28 16:15:44 -07:00
d12d7affec
added ntkd debugger
...
kernel debugger, nearly identical to kd.exe
2017-06-28 11:18:18 -07:00
afc2e557d3
added link to feature table
2017-06-23 13:46:15 -07:00
cc29c4ba47
clarified TPM 2.0 requirement
2017-06-23 13:07:27 -07:00
483dee8d5a
fix key
2017-06-22 13:42:36 +08:00
5b99799e65
fix document id
2017-06-21 12:55:59 +00:00
34e135859f
Updated to include Alex Ionescu credit
...
Alex contributed to the bash.exe and lxssmanager.dll findings. Reference: https://twitter.com/aionescu/status/876226982534565889
2017-06-20 12:01:19 -04:00
2436f248fb
Updated to include fsiAnyCpu.exe
...
Same as FSI.exe, has different fileName.
2017-06-20 11:07:09 -04:00
fb91e970b0
Updating applying product
...
The applying product of this page is "Windows 10", but it is correctly "Windows Server 2016". Failover-Clustering function can not be enabled on Windows 10.
2017-06-19 18:36:59 +05:30
910b0ba04b
Merge pull request #880 from jotob-msft/block_list4
...
Block list4
2017-06-16 17:22:42 -07:00
4ca36ec740
Remove reference to WSH
2017-06-16 16:59:00 -07:00
bde7f93ecf
Remove reference to WSH
2017-06-16 16:53:56 -07:00
415dc36d3f
Merge pull request #874 from jotob-msft/block_list3
...
Block list3
2017-06-16 11:05:06 -07:00
c304d1940f
Revision to CI policies:steps
2017-06-16 09:50:20 -07:00
c2535782d0
Uploaded planning doc again
2017-06-16 09:37:09 -07:00
a0fe6b1c15
Add and remove content from Deploy CI policies:steps
2017-06-16 09:24:58 -07:00
3a1e19b50b
Revert "Edits to block list process steps document."
2017-06-15 09:45:07 -07:00
ad3cf84400
Merge pull request #865 from jotob-msft/block_list2
...
Edits to block list process steps document.
2017-06-14 12:09:17 -07:00
6e2b5a8c67
Fix line validation warning
2017-06-14 11:57:49 -07:00
4420622fe3
Fix notes2
2017-06-14 11:13:10 -07:00
9a0c467cb5
Fix notes
2017-06-14 10:35:14 -07:00
640a04bf64
removed topic about how Windows 10 uses TPM to allow more review
2017-06-14 10:31:50 -07:00
b0bdc1c877
Fix note and syntax
2017-06-13 17:27:32 -07:00
1479189fb8
Block list edits
2017-06-13 16:44:16 -07:00
285fe39fb0
Revert "Add Microsoft block list topic/scripts"
2017-06-13 16:19:25 -07:00
44efa75f41
Merge pull request #859 from jotob-msft/block_list
...
Add Microsoft block list topic/scripts
2017-06-13 16:11:26 -07:00
6e2c2ca91a
Added further script content
2017-06-13 13:53:15 -07:00
9c0c9efdc9
Added missing parenthesis to planning and deployment doc
2017-06-13 13:09:38 -07:00
3377ac4831
adding default ms.date metadata
2017-06-13 13:05:51 -07:00
c55b22fdb1
Add Microsoft block list topic/scripts
2017-06-13 11:49:59 -07:00
6ed02dada7
fixing realtive path to images
2017-06-13 06:28:18 -07:00
e722e4c327
fixed path to png files
2017-06-12 19:52:32 -07:00
7df60dbb4b
added new tpm topic from cela
2017-06-12 19:35:05 -07:00
7a9456b33c
copyedits
2017-06-12 13:05:38 -07:00
3e0e7e6d13
Merge branch 'master' of https://github.com/Microsoft/windows-itpro-docs
2017-06-12 12:22:50 -07:00
44c02bb430
adding global metadata
2017-06-12 12:06:42 -07:00
edfde175b3
Create tpm-recommendations.md
...
I own the TPM and we need to make a clarification that Bitlocker on TPM 2.0 requires UEFI boot.
2017-06-12 10:15:27 -07:00
c520acf269
removed security baselines file
2017-06-08 12:56:58 -07:00
7fb7ff58aa
Merge pull request #202 from yusufozturk/patch-1
...
Typo fix for ICMP DoS Attack
2017-05-30 08:28:53 -07:00
9c884932a8
Merge pull request #203 from yusufozturk/patch-2
...
Typo fix for ICMP DoS Attack
2017-05-30 08:28:34 -07:00
c8182dad77
Typo fix for ICMP DoS Attack
...
Additional ICMP typo fix
2017-05-29 11:47:07 +02:00
73bba26fd1
Typo fix for ICMP DoS Attack
...
Additional ICMP typo fix
2017-05-29 11:46:03 +02:00
227049635a
Typo fix for ICMP DoS Attack
...
It is ICMP (Internet Control Message Protocol) DoS Attack.
2017-05-29 11:40:46 +02:00
c0498d53d1
fixed path name
2017-05-26 10:52:07 -07:00
d430423d1a
revised reg info
2017-05-25 17:13:14 -07:00
