forked from tuian/subTee-gits-backups
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dgconfig.ps1
19 lines (18 loc) · 975 Bytes
/
dgconfig.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level LeafCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
# Reboot
# Update after use
New-CIPolicy -Level LeafCertificate -f C:\AuditPolicy.xml -Audit -UserPEs -Fallback Hash
Merge-CIPolicy –OutputFilePath C:\MergedPolicy.xml –PolicyPaths C:\AuditPolicy.xml,C:\BasePolicy.xml
Set-RuleOption –option 3 –FilePath C:\MergedPolicy.xml
ConvertFrom-CIPolicy C:\MergedPolicy.xml C:\MergedPolicy.bin
Move-Item C:\MergedPolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
#reboot