Set-CIPolicySetting

Modifies the SecureSettings within the Code Integrity policy.

Syntax

Set-CIPolicySetting
   [-FilePath] <String>
   -Provider <String>
   -Key <String>
   -ValueName <String>
   -ValueType <String>
   -Value <String>
   [<CommonParameters>]
Set-CIPolicySetting
   [-FilePath] <String>
   -Provider <String>
   -Key <String>
   -ValueName <String>
   [-Delete]
   [<CommonParameters>]

Description

The Set-CIPolicySetting cmdlet modifies the Secure Settings within a Code Integrity policy. Specify the .xml file of the policy to modify. Secure Settings are queried by Windows APIs to set security behaviors.

Examples

Example 1: Set the Code Integrity policy

Set-CIPolicySetting -FilePath C:\Policies\WDAC_policy.xml -Key "{12345678-9abc-def0-1234-56789abcdef0}" -Provider WSH -Value $True -ValueName EnterpriseDefinedClsId -ValueType Boolean

This command sets the Code Integrity policy to allow for the specified Provider, Key and ValueName.

Parameters

-Delete

Indicates that this cmdlet removes a Secure Setting from the Code Integrity policy identified by Provider, Key and ValueName.

Type:SwitchParameter
Aliases:d
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-FilePath

Specifies the full path of the policy .xml file.

Type:String
Aliases:f
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Key

Specifies the Secure Setting key. The key is the GUID of the program to run in this format:

{33333333-4444-4444-1616-161616161616}

Type:String
Aliases:k
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Provider

Specifies the Secure Setting provider. The provider is the platform on which the code runs.

Type:String
Aliases:p
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Value

Specifies the Secure Setting value. Specify $True to allow or $False to deny.

Specify $False, or deny, only for base policies, not supplemental policies.

Type:String
Aliases:v
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ValueName

Specifies the value name.

Type:String
Aliases:vn
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ValueType

Specifies the value type. Valid values are:

  • Boolean
  • DWord
  • Binary
  • String
Type:String
Aliases:vt
Accepted values:Boolean, DWord, Binary, String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

Object