deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
c19fa00cc3ec2d444be06aec695c70a841f15c40
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
LauraKellerGitHub 8548ff01cf thirty files config mgr rebrand
2019-12-20 14:47:14 -08:00

2.8 KiB
Raw Blame History

title, description, keywords, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, audience, ms.collection, author, ms.reviewer, ms.author, manager, ms.date
title description keywords ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority audience ms.collection author ms.reviewer ms.author manager ms.date
Merge Windows Defender Application Control policies (Windows 10) Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. Learn how with this guide. whitelisting, security, malware 8d6e0474-c475-411b-b095-1c61adb2bdbb w10 deploy library security medium ITPro M365-security-compliance jsuther1974 isbrahm dansimp dansimp 05/03/2018

Merge Windows Defender Application Control policies

Applies to:

  • Windows 10
  • Windows Server 2016

Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. For example, after a WDAC policy is created and audited, you might want to merge audit events from another WDAC policy.

Note

Because only one SiPolicy.p7b file can be active on a system, the last management authority to write the policy wins. If there was already a policy deployed by using Group Policy and then a managed installer using Microsoft Endpoint Configuration Manager targeted the same device, the Configuration Manager policy would overwrite the SiPolicy.p7b file.

To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session:

  1. Initialize the variables that will be used:

    $CIPolicyPath=$env:userprofile+"\Desktop\"

    $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"

    $AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"

    $MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"

    $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"

    Note

    The variables in this section specifically expect to find an initial policy on your desktop called InitialScan.xml and an audit WDAC policy called DeviceGuardAuditPolicy.xml. If you want to merge other WDAC policies, update the variables accordingly.

  2. Use Merge-CIPolicy to merge two policies and create a new WDAC policy:

    Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy

  3. Use ConvertFrom-CIPolicy to convert the merged WDAC policy to binary format:

    ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin

Now that you have created a new WDAC policy, you can deploy the policy binary to systems manually or by using Group Policy or Microsoft client management solutions. For information about how to deploy this new policy with Group Policy, see Deploy and manage Windows Defender Application Control with Group Policy.