cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WDAC not applying via Group Policy

Diogo Sousa
Iron Contributor

‎Jan 04 2023 05:14 AM

‎Jan 04 2023 05:14 AM

WDAC not applying via Group Policy

Hello and greetings from Portugal!

 

I'm trying to implement WDAC via group policy.

I've used WDAC Wizard and if I copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" I see that WDAC get enabled, for example using the MSInfo32.


But, I cannot enable  WDAC via GPO. I've converted the *.xml to *.bin and enable the "Deploy Windows Defender Application Control".

I see the event id 7010 "Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = Enabled" but the thing is MSInfo still doesn't show that WDAC is activated.

 

Can someone please help?

Labels:
1,229 Views
0 Likes
3 Replies
Reply
3 Replies
HotCakeX

‎Feb 16 2023 02:39 AM

‎Feb 16 2023 02:39 AM

Re: WDAC not applying via Group Policy

Hi,
What if you try with a single policy format (.p7b) file?

There is also the script method for deployment, a built-in tool in Windows 11 22H2 and above makes it very easy.
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-co...

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-co...

if it's a signed WDAC policy, it needs to be deployed with script:
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-co...

0 Likes
Reply
Diogo Sousa

‎Feb 17 2023 08:05 AM

‎Feb 17 2023 08:05 AM

Re: WDAC not applying via Group Policy

Hi and thanks for the help!

I was using a deprecated way to do this via GPO. Instead of using the bin file, just need to copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" :)

Best regards,
Diogo Sousa
1 Like
Reply
HotCakeX

‎Feb 27 2023 10:52 AM

‎Feb 27 2023 10:52 AM

Re: WDAC not applying via Group Policy

Glad you sorted it out :)

btw I created a bunch of wiki posts on Github regarding WDAC, signed WDAC etc., all referenced to Microsoft websites, feel free to check it out, learned a lot myself while making it

https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction
0 Likes
Reply