deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 14:17:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md

3.7 KiB
Raw Blame History

title, description, author, ms.author, ms.reviewer, ms.topic, ms.date, ms.custom, ms.prod, ms.technology
title description author ms.author ms.reviewer ms.topic ms.date ms.custom ms.prod ms.technology
Managing CI Policies and Tokens with CiTool Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool valemieux jogeurte jsuther1974 how-to 12/03/2022 template-how-to windows-client itpro-security

CITool.exe technical reference

CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies. CI Tool is currently included in Windows 11, version 22H2.

Policy Commands

Command Description Alias
--update-policy </Path/To/Policy/File> Add or update a policy on the current system -up
--remove-policy <PolicyGUID> Remove a policy indicated by PolicyGUID from the system -rp
--list-policies Dump information about all policies on the system, whether they're active or not -lp

Token Commands

Command Description Alias
--add-token <Path/To/Token/File> <--token-id ID> Deploy a token onto the current system, with an optional specific ID. -at
--remove-token <ID> Remove a Token indicated by ID from the system. -rt
--list-tokens Dump information about all tokens on the system -lt

Note

Regarding --add-token, if <ID> is specified, a pre-existing token with <ID> should not exist.

Miscellaneous Commands

Command Description Alias
--device-id Dump the Code Integrity Device ID -id
--refresh Attempt to Refresh WDAC Policies -r
--help Display the tool's help menu -h

Examples

  1. Deploy a WDAC policy onto the system

    PS C:\Users\<USER> CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
Operation Successful
Press Enter to Continue

  2. Refresh the WDAC policies

    PS C:\Users\<USER> CITool --refresh
Operation Successful

  3. Remove a specific WDAC policy by its policy ID

    PS C:\Users\<USER> CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
Operation Successful
Press Enter to Continue

  4. Display the help menu

    PS C:\Users\<USER> CITool -h

----------------------------- Policy Commands ---------------------------------
  --update-policy /Path/To/Policy/File
      Add or update a policy on the current system
      aliases: -up
  --remove-policy PolicyGUID
      Remove a policy indicated by PolicyGUID from the system
      aliases: -rp
  --list-policies
      Dump information about all policies on the system, whether they be active or not
      aliases: -lp
----------------------------- Token Commands ---------------------------------
  --add-token Path/To/Token/File <--token-id ID>
      Deploy a token onto the current system, with an optional specific ID
          If <ID> is specified, a pre-existing token with <ID> should not exist.
      aliases:-at
  --remove-token ID
      Remove a Token indicated by ID from the system.
      aliases: -rt
  --list-tokens
      Dump information about all tokens on the system
      aliases: -lt
----------------------------- Misc Commands ---------------------------------
  --device-id
      Dump the Code Integrity Device Id
      aliases: -id
  --refresh
      Attempt to Refresh CI Policies
      aliases: -r
  --help
      Display this message
      aliases: -h