windows-itpro-docs

mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-05 20:23:38 +00:00

Files

John Tobin 08a2411eaa Merged PR 3210: Correct Cred Guard CI File Rule for KD_KMCI

Correct Cred Guard CI File Rule for KD_KMCI.

The correction should be as follows:

The line:
    <Deny  ID="ID_DENY_KD"            FriendlyName="kd.exe"             FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />

Should be essentially duplicated with another with a slightly different ID. This is because the same rule is used in the “user mode” and the “kernel mode” sections in the policy, so it needs separate IDs.

SO for example add this:
    <Deny  ID="ID_DENY_KD_KMCI"            FriendlyName="kd.exe"             FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />

(and leave the original line)

Then in this section:
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
      <ProductSigners>
        <FileRulesRef>
          <FileRuleRef RuleID="ID_DENY_KD" />
        </FileRulesRef>
      </ProductSigners>

Update the ID like this:
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
      <ProductSigners>
        <FileRulesRef>
          <FileRuleRef RuleID="ID_DENY_KD_KMCI" />
        </FileRulesRef>
      </ProductSigners>

2017-09-14 23:14:07 +00:00

access-protection

Merge branch 'master' of https://github.com/Microsoft/windows-itpro-docs

2017-09-08 16:31:27 -07:00

application-management

copyedits

2017-09-13 10:10:59 -07:00

client-management

Merged PR 3176: Authentication/AllowAadPasswordReset in Policy CSP

2017-09-13 20:13:09 +00:00

configuration

Merged PR 3191: Updated text, formatting, and content organization