Skip to content

Instantly share code, notes, and snippets.

@hybriz

hybriz/dg.ps1

Forked from darkoperator/dg.ps1
Created Nov 3, 2017
Embed
What would you like to do?
Device Guard Configuration
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
# Reboot
# Update after use
New-CIPolicy -Level PcaCertificate -f C:\AuditPolicy.xml -Audit -UserPEs -Fallback Hash
Merge-CIPolicy –OutputFilePath C:\MergedPolicy.xml –PolicyPaths C:\AuditPolicy.xml,C:\BasePolicy.xml
Set-RuleOption –option 3 –FilePath C:\MergedPolicy.xml
ConvertFrom-CIPolicy C:\MergedPolicy.xml C:\MergedPolicy.bin
Move-Item C:\MergedPolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
#reboot
# Check for missing apps, libraries and drivers if none, enforce
Set-RuleOption –option 3 –FilePath C:\MergedPolicy.xml -Delete
ConvertFrom-CIPolicy C:\MergedPolicy.xml C:\MergedPolicy.bin
Move-Item C:\MergedPolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -Force
# reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.