-
|
Hi, I'm struggling to get my head around one aspect of creating WDAC policies with the Wizard. I'm new to this, so please forgive me if it's trivial! Say I have a multiple policy base policy. I deploy that to some machines and then collect the blocked/audited events (using DfE advanced hunting in my case). I then want to create a supplemental policy (I'd rather have base+supplemental(s) than merge new policies with the base on) that will permit some of the blocked/audited executables to run. I can create a policy using the WDAC Wizard Policy Editor by giving it the log/event files, but this isn't (as far as I can tell) linked in any way to the base policy. So, my question is - how do I convert this new policy into a child of the base policy (I think the term might be a linked policy) using WDAC Wizard? I think I can do it in Powershell using Set-CIPolicyIdInfo (as discussed under "Linking to the base policy" here, but I'd have thought this would be a feature of the wizard somewhere. But I can't find it! Thanks in advance, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi, You can either do this Set-CIPolicyIdInfo -FilePath ".\Supplemental_Policy.xml" -BasePolicyToSupplementPath ".\Base_Policy.xml"or this Set-CIPolicyIdInfo -FilePath ".\Supplemental_Policy.xml" -SupplementsBasePolicyID "{GUID}" |
Beta Was this translation helpful? Give feedback.
-
|
That's great - it's what I've been using so good to know I'm on the right tracks! Many thanks, |
Beta Was this translation helpful? Give feedback.
-
|
You're welcome ^^ |
Beta Was this translation helpful? Give feedback.
Hi,
I'm not sure about the WDAC Wizard method but everything you need is available in the ConfigCI module's cmdlets.
https://learn.microsoft.com/en-us/powershell/module/configci/set-cipolicyidinfo?view=windowsserver2022-ps
You can either do this
or this