Set-HVCIOptions

Modifies hypervisor Code Integrity options for a policy.

Syntax

Set-HVCIOptions
   [-Enabled]
   [-Strict]
   [-DebugMode]
   [-DisableAllowed]
   [-FilePath] <String>
   [<CommonParameters>]
Set-HVCIOptions
   [-None]
   [-FilePath] <String>
   [<CommonParameters>]

Description

The Set-HVCIOptions cmdlet modifies hypervisor Code Integrity options for a policy. The policy stores these options in the HvciOptions property of the policy. You can specify any combination of the following values:

  • Enabled
  • DebugMode
  • Strict

Examples

Example 1: Assign the Strict option

PS C:\> Set-HVCIOptions -Strict -FilePath '.\Policy.xml'   
PS C:\> Get-Content -Path '.Policy.xml'
    <CiSigner SignerId="ID_SIGNER_S_21" />
  </CiSigners>
  <HvciOptions>2</HvciOptions>
</SiPolicy>

The first command assigns the Strict option in Policy.xml.

The second command displays the contents of the policy. This example shows the last few lines of the policy, which include the HvciOptions property. It now has a value of 2.

Parameters

-DebugMode

Indicates that this cmdlet turns on DebugMode in the policy.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAllowed

Indicates that this cmdlet allows for HVCI to be disabled by the user outside of the Code Integrity policy enablement method.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Enabled

Indicates that this cmdlet turns on Enabled in the policy.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FilePath

Specifies the path of the policy .xml file that this cmdlet modifies.

Type:String
Aliases:f
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-None

Indicates that this cmdlet removes all hypervisor Code Integrity options from the policy. In the policy itself, HvciOptions takes a value of zero (0).

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Strict

Indicates that this cmdlet turns on Strict in the policy.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False