deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
Vinay Pamnani (from Dev Box) f5963a72d6 Update ms.topic
2024-06-07 10:13:34 -06:00

2.7 KiB
Raw Blame History

title, description, ms.localizationpriority, ms.date, ms.topic
title description ms.localizationpriority ms.date ms.topic
Understanding Windows Defender Application Control (WDAC) secure settings Learn about secure settings in Windows Defender Application Control. medium 04/05/2023 conceptual

Understanding WDAC Policy Settings

Windows Defender Application Control (WDAC) policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, ValueName, and a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.

An example settings section of a Windows Defender Application Control policy:

<Settings>
  <Setting Provider="Contoso" Key="FooApplication" ValueName="DisableMacroExecution">
    <Value>
      <Boolean>true</Boolean>
    </Value>
  </Setting>
</Settings>

Example Scenario

An application that may want to restrict its capabilities, when used on a system with an active Windows Defender Application Control policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso's Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don't want Foo Application to execute macros on a system with a WDAC policy.

WldpQuerySecurityPolicy

API that queries the secure settings of a Windows Defender Application Control policy.

Syntax

HRESULT WINAPI WldpQuerySecurityPolicy(
    _In_ const UNICODE_STRING * Provider,
    _In_ const UNICODE_STRING * Key,
    _In_ const UNICODE_STRING * ValueName,
    _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType,
    _Out_writes_bytes_opt_(*ValueSize) PVOID Value,
    _Inout_ PULONG ValueSize)

Parameters

Provider [in] Setting Provider name.

Key [in]

Key name of the Key-Value pair under Setting Provider "Provider".

ValueName [in]

The value name of the "Key-Value" pair.

ValueType [in, out]

Pointer to receive the value type.

Value [in, out]

Pointer to a buffer to receive the value. The buffer should be of size "ValueSize". If this value is NULL, this function returns the required buffer size for Value.

ValueSize [in, out]

On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer.

Return Value

This method returns S_OK if successful or a failure code otherwise.