mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 05:47:23 +00:00
32 lines
6.4 KiB
Markdown
32 lines
6.4 KiB
Markdown
---
|
|
title: Inbox WDAC policies
|
|
description: This article describes the inbox WDAC policies that may be active on a device.
|
|
ms.manager: jsuther
|
|
ms.date: 03/10/2023
|
|
ms.topic: conceptual
|
|
ms.localizationpriority: medium
|
|
---
|
|
|
|
# Inbox WDAC policies
|
|
|
|
> [!NOTE]
|
|
> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
|
|
|
This article describes the Windows Defender Application Control (WDAC) policies that ship inbox with Windows and may be active on your devices. To see which policies are active on your device, use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) or check the *CodeIntegrity - Operational* event log for 3099 policy activation events.
|
|
|
|
## Inbox WDAC Policies
|
|
|
|
| **Policy Name** | **Policy ID** | **Policy Type** | **Description** |
|
|
|-----------|-----------|-----------|-----------|
|
|
| **Microsoft Windows Driver Policy** | {d2bda982-ccf6-4344-ac5b-0b44427b6816} | Kernel-only Base policy | This policy blocks known [vulnerable or malicious kernel drivers](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules). It's active by default on Windows 11 22H2, [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85), [Windows 11 SE](/education/windows/windows-11-se-overview), and anywhere [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\driversipolicy.p7b` and in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\driversipolicy.p7b`. |
|
|
| **Windows10S_Lockdown_Policy_Supplementable** | {5951a96a-e0b5-4d3d-8fb8-3e5b61030784} | Base policy | This policy is active on devices running [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\winsipolicy.p7b`. |
|
|
| **WindowsE_Lockdown_Policy** | {82443e1e-8a39-4b4a-96a8-f40ddc00b9f3} | Base policy | This policy is active on devices running [Windows 11 SE](/education/windows/windows-11-se-overview). Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}.cip`. |
|
|
| **WindowsE_Lockdown_Flight_Policy_Supplemental** | {5dac656c-21ad-4a02-ab49-649917162e70} | Supplemental policy | This policy is active on devices running [Windows 11 SE](/education/windows/windows-11-se-overview) that are enrolled in the [Windows Insider](https://insider.windows.com) program. Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{5dac656c-21ad-4a02-ab49-649917162e70}.cip`. |
|
|
| **WindowsE_Lockdown_Test_Policy_Supplemental** | {CDD5CB55-DB68-4D71-AA38-3DF2B6473A52} | Supplemental policy | This policy is active on devices running [Windows 11 SE](/education/windows/windows-11-se-overview) with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{CDD5CB55-DB68-4D71-AA38-3DF2B6473A52}.cip`. |
|
|
| **VerifiedAndReputableDesktop** | {0283ac0f-fff1-49ae-ada1-8a933130cad6} | Base policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) turned on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{0283ac0f-fff1-49ae-ada1-8a933130cad6}.cip`. |
|
|
| **VerifiedAndReputableDesktopFlightSupplemental** | {1678656c-05ef-481f-bc5b-ebd8c991502d} | Supplemental policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) turned on and enrolled in the [Windows Insider](https://insider.windows.com) program. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{1678656c-05ef-481f-bc5b-ebd8c991502d}.cip`. |
|
|
| **VerifiedAndReputableDesktopTestSupplemental** | {0939ED82-BFD5-4D32-B58E-D31D3C49715A} | Supplemental policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) turned on and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{0939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip`. |
|
|
| **VerifiedAndReputableDesktopEvaluation** | {1283ac0f-fff1-49ae-ada1-8a933130cad6} | Base policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) in *evaluation mode*. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{1283ac0f-fff1-49ae-ada1-8a933130cad6}.cip`. |
|
|
| **VerifiedAndReputableDesktopEvaluationFlightSupplemental** | {2678656c-05ef-481f-bc5b-ebd8c991502d} | Supplemental policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) in *evaluation mode* and enrolled in the [Windows Insider](https://insider.windows.com) program. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{2678656c-05ef-481f-bc5b-ebd8c991502d}.cip`. |
|
|
| **VerifiedAndReputableDesktopEvaluationTestSupplemental** | {1939ED82-BFD5-4D32-B58E-D31D3C49715A} | Supplemental policy | This policy is active on devices running Windows 11 with [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) in *evaluation mode* and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\CIPolicies\Active\{1939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip`. |
|