deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/code-integrity-policy-commands.md
valemieux 1c0742872c Update code-integrity-policy-commands.md
2022-08-08 15:50:13 -07:00

178 lines
6.1 KiB
Markdown
Raw Blame History

---
title: CI Policy, Token, and Miscellaneous Commands
description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands.
author: valemieux
ms.author: v-alemieux
ms.service: security
ms.topic: how-to
ms.date: 08/07/2022
ms.custom: template-how-to
---
# CIPolicyCommands
Generates Policy Commands, Token Commands, and Miscellaneous Commands for user mode code and drivers.
## Policy Commands
| Command | Description | Alias |
| | | |
|--------|---------|---------|
|--update-policy /Path/To/Policy/File | Add or update a policy on the current system | -up |
| --remove-policy PolicyGUID | Remove a policy indicated by PolicyGUID from the system | -rp |
| --list-policies | Dump information about all policies on the system, whether they be active or not | -lp |
## Token Commands
| Command | Description | Alias |
| | | |
|--------|---------|---------|
|--add-token Path/To/Token/File [--token-id ID] | Deploy a token onto the current system, with an optional specific ID. | -at |
|--remove-token ID | Remove a Token indicated by ID from the system. | -rt |
|--list-tokens | Dump information about all tokens on the system | -lt |
>[!NOTE] Regarding --add-token, if <[ID]> is specified, a pre-existing token with [ID] should not exist.
## Miscellaneous Commands
| Command | Description | Alias |
| | | |
|--------|---------|---------|
|--device-id | Dump the Code Integrity Device ID | -id |
|--refresh | Attempt to Refresh CI Policies | -r |
|--help | Display help | -h |
## Examples
1. Update Policy/Deploy
Extract policy file to C:\windows\system32
```powershell
PS C:\Users\<USER> cd \windows\system32
PS C:\windows\system32> .\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip -up
C:\Windows\System32>.\CITool.exe -update-policy \windows\system32\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip
Usage: CiTool.exe COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
```
2. Refresh the policy
```powershell
PS C:\Users\[USER] cd \windows\system32
PS C:\Windows\System32>.\CITool.exe --refresh
Operation Successful
```
3. Remove the policy
```powershell
PS C:\Users\[USER] cd \windows\system32
PS C:\Windows\System32>.\CITool.exe --remove-policy {BF61FE40-8929-4FDF-9EC2-F7A767717F0B}
Usage: CiTool.exe COMMAND [Command-Options] [-json]
Commands:
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
----------------------------- Global Flags---------------------------------
-json
Format output as json and suppress input
Press Enter to Exit
```
4. Display help
```powershell
PS C:\Users\[USER] cd \windows\system32
PS C:\windows\system32> .\CITool.exe -h
----------------------------- Policy Commands ---------------------------------
--update-policy /Path/To/Policy/File
Add or update a policy on the current system
aliases: -up
--remove-policy PolicyGUID
Remove a policy indicated by PolicyGUID from the system
aliases: -rp
--list-policies
Dump information about all policies on the system, whether they be active or not
aliases: -lp
----------------------------- Token Commands ---------------------------------
--add-token Path/To/Token/File [--token-id ID]
Deploy a token onto the current system, with an optional specific ID
If [ID] is specified, a pre-existing token with [ID] should not exist.
aliases:-at
--remove-token ID
Remove a Token indicated by ID from the system.
aliases: -rt
--list-tokens
Dump information about all tokens on the system
aliases: -lt
----------------------------- Misc Commands ---------------------------------
--device-id
Dump the Code Integrity Device Id
aliases: -id
--refresh
Attempt to Refresh CI Policies
aliases: -r
--help
Display this message
aliases: -h
```
Reference in New Issue View Git Blame Copy Permalink