Forum Discussion

Iron Contributor

Jan 04, 2023

WDAC not applying via Group Policy

Hello and greetings from Portugal! I'm trying to implement WDAC via group policy. I've used WDAC Wizard and if I copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" I se...

gpo

wdac

HotCakeX

MVP

Feb 16, 2023

Hi,
What if you try with a single policy format (.p7b) file?

There is also the script method for deployment, a built-in tool in Windows 11 22H2 and above makes it very easy.
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-policies-for-windows-11-22h2-and-above

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands

if it's a signed WDAC policy, it needs to be deployed with script:
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies

DiogoSousa

Iron Contributor

Feb 17, 2023

Hi and thanks for the help!

I was using a deprecated way to do this via GPO. Instead of using the bin file, just need to copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" 🙂

Best regards,
Diogo Sousa

HotCakeX
MVP
Feb 27, 2023
Glad you sorted it out 🙂

btw I created a bunch of wiki posts on Github regarding WDAC, signed WDAC etc., all referenced to Microsoft websites, feel free to check it out, learned a lot myself while making it

https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction
- AusSupport01
  Copper Contributor
  Jan 17, 2025
  Can this deploy via GPO?
- AusSupport01
  Copper Contributor
  Jan 17, 2025
  Hi,
  We have hybrid environment and how do we implement for Servers?