mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 23:07:23 +00:00
6.1 KiB
6.1 KiB
title, description, author, ms.author, ms.service, ms.topic, ms.date, ms.custom
| title | description | author | ms.author | ms.service | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|---|---|
| CI Policy, Token, and Miscellaneous Commands | Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands. | valemieux | v-alemieux | security | how-to | 08/07/2022 | template-how-to |
CIPolicyCommands
Generates Policy Commands, Token Commands, and Miscellaneous Commands for user mode code and drivers.
Policy Commands
| Command | Description | Alias |
| --update-policy /Path/To/Policy/File | Add or update a policy on the current system | -up |
| --remove-policy PolicyGUID | Remove a policy indicated by PolicyGUID from the system | -rp |
| --list-policies | Dump information about all policies on the system, whether they be active or not | -lp |
Token Commands
| Command | Description | Alias |
| --add-token Path/To/Token/File [--token-id ID] | Deploy a token onto the current system, with an optional specific ID. | -at |
| --remove-token ID | Remove a Token indicated by ID from the system. | -rt |
| --list-tokens | Dump information about all tokens on the system | -lt |
[!NOTE] Regarding --add-token, if <[ID]> is specified, a pre-existing token with [ID] should not exist.
Miscellaneous Commands
| Command | Description | Alias |
| --device-id | Dump the Code Integrity Device ID | -id |
| --refresh | Attempt to Refresh CI Policies | -r |
| --help | Display help | -h |
Examples
- Update Policy/Deploy Extract policy file to C:\windows\system32
PS C:\Users\<USER> cd \windows\system32
PS C:\windows\system32> .\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip -up
C:\Windows\System32>.\CITool.exe -update-policy \windows\system32\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip
Usage: CiTool.exe COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
- Refresh the policy
PS C:\Users\[USER] cd \windows\system32
PS C:\Windows\System32>.\CITool.exe --refresh
Operation Successful
- Remove the policy
PS C:\Users\[USER] cd \windows\system32
PS C:\Windows\System32>.\CITool.exe --remove-policy {BF61FE40-8929-4FDF-9EC2-F7A767717F0B}
Usage: CiTool.exe COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
Press Enter to Exit
- Display help
PS C:\Users\[USER] cd \windows\system32
PS C:\windows\system32> .\CITool.exe -h
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h