Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Device Guard Configuration
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
# Reboot
# Update after use
New-CIPolicy -Level PcaCertificate -f C:\AuditPolicy.xml -Audit -UserPEs -Fallback Hash
Merge-CIPolicy –OutputFilePath C:\MergedPolicy.xml –PolicyPaths C:\AuditPolicy.xml,C:\BasePolicy.xml
Set-RuleOption –option 3 –FilePath C:\MergedPolicy.xml
ConvertFrom-CIPolicy C:\MergedPolicy.xml C:\MergedPolicy.bin
Move-Item C:\MergedPolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
#reboot
# Check for missing apps, libraries and drivers if none, enforce
Set-RuleOption –option 3 –FilePath C:\MergedPolicy.xml -Delete
ConvertFrom-CIPolicy C:\MergedPolicy.xml C:\MergedPolicy.bin
Move-Item C:\MergedPolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -Force
# reboot
@YunChieh20150123

This comment has been minimized.

Copy link

@YunChieh20150123 YunChieh20150123 commented Sep 28, 2017

this is very useful, thanks!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.