Get Secure Policy Settings¶
In this AppControl Manager page, you can verify whether a policy with certain secure settings is deployed on the system or not.
App Control for Business policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Learn more about them in here.
Description of the Results¶
- Value: The actual value of the string.
- ValueType: The type of setting:
WldpString,WldpIntegerorWldpBoolean. - ValueSize: the size of the returned value.
- Status: True/False depending on whether the setting exists on the system.
- StatusCode: 0 if the value exists on the system, non-zero if it doesn't.
How To Configure Secure Policy Settings¶
You can use the set-cipolicysetting PowerShell cmdlet to set a secure setting in an XML policy file.
Example 1¶
Set-CIPolicySetting -FilePath 'Policy.xml' -Provider 'WDACConfig' -ValueType 'Boolean' -Value '1' -ValueName 'IsUserModePolicy' -Key '{4a981f19-1f7f-4167-b4a6-915765e34fd6}'
Example 2¶
Set-CIPolicySetting -FilePath 'Policy.xml' -Provider 'SomeProvider' -ValueType 'String' -Value 'HotCakeX' -ValueName 'Author' -Key '{495e96a3-f6e0-4e7e-bf48-e8b6085b824a}'
Example 3¶
Set-CIPolicySetting -FilePath 'Policy.xml' -Provider 'Provider2' -ValueType 'DWord' -Value '66' -ValueName 'Role' -Key '{741b1fcf-e1ce-49e4-a274-5c367b46b00c}'
Notes¶
-
DWordvalue is the same as integer orWldpInteger. -
In order to set a Boolean value using the
Set-CIPolicySettingcmdlet, you need to use 1 for True or 0 for False, that will create a valid policy XML file that is compliant with the CI Policy Schema.