Skip to content

Commit

Permalink
improved params according to best practices
Browse files Browse the repository at this point in the history
  • Loading branch information
@HotCakeX
HotCakeX committed Dec 1, 2023
1 parent 0ea3746 commit 5f88fe6
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 46 deletions.
2 changes: 1 addition & 1 deletion WDACConfig/Deploy-SignedWDACConfig.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ function Deploy-SignedWDACConfig {
# Sign the files with the specified cert
Start-Process @ProcessParams

Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
Rename-Item "$PolicyID.cip.p7" -NewName "$PolicyID.cip" -Force

if ($Deploy) {
Expand Down
40 changes: 20 additions & 20 deletions WDACConfig/Edit-SignedWDACConfig.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ function Edit-SignedWDACConfig {
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Enforced Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
}
$DriveLettersGlobalRootFix = Invoke-Command -ScriptBlock $DriveLettersGlobalRootFixScriptBlock
}
Expand Down Expand Up @@ -330,9 +330,9 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Audit Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
# Prepare Enforced Mode CIP for Deployment - waiting to be Re-deployed at the right time
Rename-Item '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force
Rename-Item -Path '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force

# A Try-Catch-Finally block so that if any errors occur, the Base policy will be Re-deployed in enforced mode
Try {
Expand Down Expand Up @@ -611,13 +611,13 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
# Sign the files with the specified cert
Start-Process @ProcessParams

Remove-Item ".\$SuppPolicyID.cip" -Force
Rename-Item "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Rename-Item -Path "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
CiTool --update-policy ".\$SuppPolicyID.cip" -json | Out-Null
&$WriteTeaGreen "`nSupplemental policy with the following details has been Signed and Deployed in Enforced Mode:"
Write-Output -InputObject "SupplementalPolicyName = $SuppPolicyName"
Write-Output -InputObject "SupplementalPolicyGUID = $SuppPolicyID"
Remove-Item ".\$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Remove-Item -Path $PolicyPath -Force # Remove the policy xml file in Temp folder we created earlier
}
}
Expand Down Expand Up @@ -695,9 +695,9 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Audit Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
# Prepare Enforced Mode CIP for Deployment - waiting to be Re-deployed at the right time
Rename-Item '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force
Rename-Item -Path '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force

# A Try-Catch-Finally block so that if any errors occur, the Base policy will be Re-deployed in enforced mode
Try {
Expand Down Expand Up @@ -821,13 +821,13 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
# Sign the files with the specified cert
Start-Process @ProcessParams

Remove-Item ".\$SuppPolicyID.cip" -Force
Rename-Item "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Rename-Item -Path "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
CiTool --update-policy ".\$SuppPolicyID.cip" -json | Out-Null
&$WriteTeaGreen "`nSupplemental policy with the following details has been Signed and Deployed in Enforced Mode:"
Write-Output -InputObject "SupplementalPolicyName = $SuppPolicyName"
Write-Output -InputObject "SupplementalPolicyGUID = $SuppPolicyID"
Remove-Item ".\$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Remove-Item -Path $PolicyPath -Force # Remove the policy xml file in Temp folder we created earlier
}
}
Expand Down Expand Up @@ -879,8 +879,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
# Sign the files with the specified cert
Start-Process @ProcessParams

Remove-Item ".\$SuppPolicyID.cip" -Force
Rename-Item "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Rename-Item -Path "$SuppPolicyID.cip.p7" -NewName "$SuppPolicyID.cip" -Force
CiTool --update-policy "$SuppPolicyID.cip" -json | Out-Null
&$WriteTeaGreen "`nThe Signed Supplemental policy $SuppPolicyName has been deployed on the system, replacing the old ones.`nSystem Restart Not immediately needed but eventually required to finish the removal of previous individual Supplemental policies."
Remove-Item -Path "$SuppPolicyID.cip" -Force
Expand Down Expand Up @@ -939,14 +939,14 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item

# Remove the extra files create during module operation that are no longer necessary
if (!$Debug) {
Remove-Item '.\AllowPowerShell.xml', '.\SignTool.xml', '.\AllowMicrosoft.xml', '.\DefaultWindows_Enforced.xml' -Force -ErrorAction SilentlyContinue
Remove-Item '.\Microsoft recommended block rules.xml' -Force
Remove-Item -Path '.\AllowPowerShell.xml', '.\SignTool.xml', '.\AllowMicrosoft.xml', '.\DefaultWindows_Enforced.xml' -Force -ErrorAction SilentlyContinue
Remove-Item -Path '.\Microsoft recommended block rules.xml' -Force
}

# Get the policy ID of the currently deployed base policy based on the policy name that user selected
$CurrentID = ((CiTool -lp -json | ConvertFrom-Json).Policies | Where-Object -FilterScript { $_.IsSystemPolicy -ne 'True' } | Where-Object -FilterScript { $_.Friendlyname -eq $CurrentBasePolicyName }).BasePolicyID
$CurrentID = "{$CurrentID}"
Remove-Item ".\$CurrentID.cip" -Force -ErrorAction SilentlyContinue
Remove-Item -Path ".\$CurrentID.cip" -Force -ErrorAction SilentlyContinue

[System.Xml.XmlDocument]$xml = Get-Content '.\BasePolicy.xml'
$xml.SiPolicy.PolicyID = $CurrentID
Expand All @@ -972,8 +972,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
# Sign the files with the specified cert
Start-Process @ProcessParams

Remove-Item ".\$CurrentID.cip" -Force
Rename-Item "$CurrentID.cip.p7" -NewName "$CurrentID.cip" -Force
Remove-Item -Path ".\$CurrentID.cip" -Force
Rename-Item -Path "$CurrentID.cip.p7" -NewName "$CurrentID.cip" -Force
# Deploy the new base policy with the same GUID on the system
CiTool --update-policy "$CurrentID.cip" -json | Out-Null
# Keep the new base policy XML file that was just deployed, in the current directory, so user can keep it for later
Expand All @@ -982,8 +982,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
'Lightly_Managed_system_Policy' = 'SignedAndReputable.xml'
'DefaultWindows_WithBlockRules' = 'DefaultWindowsPlusBlockRules.xml'
}
Remove-Item ".\$CurrentID.cip" -Force
Remove-Item $PolicyFiles[$NewBasePolicyType] -Force -ErrorAction SilentlyContinue
Remove-Item -Path ".\$CurrentID.cip" -Force
Remove-Item -Path $PolicyFiles[$NewBasePolicyType] -Force -ErrorAction SilentlyContinue
Rename-Item -Path '.\BasePolicy.xml' -NewName $PolicyFiles[$NewBasePolicyType]
&$WritePink "Base Policy has been successfully updated to $NewBasePolicyType"
&$WriteLavender 'Keep in mind that your previous policy path saved in User Configurations is no longer valid as you just changed your Base policy.'
Expand Down
20 changes: 10 additions & 10 deletions WDACConfig/Edit-WDACConfig.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ function Edit-WDACConfig {
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Enforced Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
}

$DriveLettersGlobalRootFix = Invoke-Command -ScriptBlock $DriveLettersGlobalRootFixScriptBlock
Expand Down Expand Up @@ -262,9 +262,9 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Audit Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
# Prepare Enforced Mode CIP for Deployment - waiting to be Re-deployed at the right time
Rename-Item '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force
Rename-Item -Path '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force

# A Try-Catch-Finally block so that if any errors occur, the Base policy will be Re-deployed in enforced mode
Try {
Expand Down Expand Up @@ -445,9 +445,9 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
Write-Output -InputObject "PolicyName = $PolicyName"
Write-Output -InputObject "PolicyGUID = $PolicyID"
# Remove Audit Mode CIP
Remove-Item ".\$PolicyID.cip" -Force
Remove-Item -Path ".\$PolicyID.cip" -Force
# Prepare Enforced Mode CIP for Deployment - waiting to be Re-deployed at the right time
Rename-Item '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force
Rename-Item -Path '.\EnforcedMode.cip' -NewName ".\$PolicyID.cip" -Force

# A Try-Catch-Finally block so that if any errors occur, the Base policy will be Re-deployed in enforced mode
Try {
Expand Down Expand Up @@ -716,7 +716,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
&$WriteTeaGreen "`nSupplemental policy with the following details has been Deployed in Enforced Mode:"
Write-Output -InputObject "SupplementalPolicyName = $SuppPolicyName"
Write-Output -InputObject "SupplementalPolicyGUID = $SuppPolicyID"
Remove-Item ".\$SuppPolicyID.cip" -Force
Remove-Item -Path ".\$SuppPolicyID.cip" -Force
Remove-Item -Path $PolicyPath -Force # Remove the policy xml file in Temp folder we created earlier
}
}
Expand Down Expand Up @@ -804,8 +804,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
Set-HVCIOptions -Strict -FilePath .\BasePolicy.xml

# Remove the extra files create during module operation that are no longer necessary
Remove-Item '.\AllowPowerShell.xml', '.\DefaultWindows_Enforced.xml', '.\AllowMicrosoft.xml' -Force -ErrorAction SilentlyContinue
Remove-Item '.\Microsoft recommended block rules.xml' -Force
Remove-Item -Path '.\AllowPowerShell.xml', '.\DefaultWindows_Enforced.xml', '.\AllowMicrosoft.xml' -Force -ErrorAction SilentlyContinue
Remove-Item -Path '.\Microsoft recommended block rules.xml' -Force

# Get the policy ID of the currently deployed base policy based on the policy name that user selected
$CurrentID = ((CiTool -lp -json | ConvertFrom-Json).Policies | Where-Object -FilterScript { $_.IsSystemPolicy -ne 'True' } | Where-Object -FilterScript { $_.Friendlyname -eq $CurrentBasePolicyName }).BasePolicyID
Expand All @@ -819,15 +819,15 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
# Deploy the new base policy with the same GUID on the system
CiTool --update-policy "$CurrentID.cip" -json | Out-Null
# Remove the policy binary after it's been deployed
Remove-Item "$CurrentID.cip" -Force
Remove-Item -Path "$CurrentID.cip" -Force

# Keep the new base policy XML file that was just deployed, in the current directory, so user can keep it for later
$PolicyFiles = @{
'AllowMicrosoft_Plus_Block_Rules' = 'AllowMicrosoftPlusBlockRules.xml'
'Lightly_Managed_system_Policy' = 'SignedAndReputable.xml'
'DefaultWindows_WithBlockRules' = 'DefaultWindowsPlusBlockRules.xml'
}
Remove-Item $PolicyFiles[$NewBasePolicyType] -Force -ErrorAction SilentlyContinue
Remove-Item -Path $PolicyFiles[$NewBasePolicyType] -Force -ErrorAction SilentlyContinue
Rename-Item -Path '.\BasePolicy.xml' -NewName $PolicyFiles[$NewBasePolicyType] -Force
&$WritePink "Base Policy has been successfully updated to $NewBasePolicyType"
&$WriteLavender 'Keep in mind that your previous policy path saved in User Configurations is no longer valid as you just changed your Base policy.'
Expand Down
Loading

0 comments on commit 5f88fe6

Please sign in to comment.