WDAC policy and Powershell constrained language mode

Question

Hello, if I understood these articles (1 , 2, 3) correctly, when WDAC is enabled, the Powershell session starts in constrained language mode. Please tell me how to allow users to run powershell in Full Language mode without disabling option 11 Disabled:Script Enforcement (Set-RuleOption –FilePath [path to the XML policy] –Option [enter the option number] –Delete) ? it is not very clear how to configure WDAC policies for Powershell. Thanks in advance for the examples and answers!

Answer 1

Hey Yevhen UK

Let me help you, if you eant to configure WDAC policies to allow PowerShell

Start with Using the Get-RuleOption cmdlet to identify the specific rules associated with PowerShell and constrained language mode.

Get-RuleOption -FilePath [path to the XML policy] -Id 4101, 4102, 4103

This will show you the current rules associated with PowerShell in your WDAC policy. Now Use the Set-RuleOption cmdlet to modify specific rule options. For example, you might change the EnforcementMode to "Audit" for PowerShell rules to allow monitoring without blocking.

Set-RuleOption -FilePath [path to the XML policy] -Id 4101, 4102, 4103 -Option 11 -Value 0

This sets the enforcement mode for the identified rules to "Audit" (0), allowing you to monitor without blocking.

If this helps kindly accept the answer thanks very much.

Answer 2

WDAC will only enforce Constrained Language mode on PowerShell scripts that are not signed with a trusted code signing script. If you sign the scripts with a trusted code signing certificate, they will be allowed to run in Full Language mode. I believe you may also need to trust/allow the code signing certificate in your WDAC policy.