search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.84k stars 143 forks source link

WDACConfig update 0.2.2 #101

Closed HotCakeX closed 1 year ago

HotCakeX commented 1 year ago

What's changed so far

  1. Added new parameter for Deploy-SignedWDAC cmdlet, called -SignOnly, indicating that the cmdlet will only output a signed WDAC policy ready for deployment and will not deploy it on the system. This is specially useful for when you want to deploy the policy somewhere else using the Citool.exe built-in tool.
  2. Improved the UX by implementing file picker UI for when you need to browse for the SignTool.exe in Edit-SignedWDACConfig, Remove-WDACConfig and Deploy-SignedWDACConfig
  3. Improved the self updating mechanism and its messages.
  4. Fixed a bug in an edge case where Remove-WDACConfig cmdlet wouldn't auto complete policy names if one of the policies didn't have a friendly name.
  5. Remove-WDACConfig cmdlet now shows -PolicyNames first above the -PolicyIDs for more convenience.
HotCakeX commented 1 year ago
  1. Added new parameter for Deploy-SignedWDAC cmdlet, called -Deploy. When used, it will deploy the signed policy on the current system, otherwise it will only create the signed policy. This is specially useful for when you want to deploy the policy somewhere else using the Citool.exe built-in tool.
  2. Changed all the -Deployit parameter names to -Deploy.
  3. Added -Deploy parameter for New-WDACConfig -PrepMSFTOnlyAudit and New-WDACConfig -PrepDefaultWindowsAudit. This allows you to deploy those audit policies remotely to collect audit logs.
  4. Added error handling for Get-CommonWDACConfig cmdlet when the user configuration json file is nonexistent.
  5. Added Filepicker UI for -CertPath parameter of all the cmdlets that use it.
  6. Removed -DeployLatestDriverBlockRules parameter from New-WDACConfig cmdlet and instead added the optional -Deploy parameter to New-WDACConfig -GetDriverBlockRules, it does the same task.
  7. Removed -DeployLatestBlockRules parameter from New-WDACConfig cmdlet and instead added the optional -Deploy parameter to New-WDACConfig -GetBlockRules, it does the same task.
  8. The confirm-WDACConfig now runs all 3 checks if you use it without passing any parameters.
HotCakeX commented 1 year ago
  1. Significantly improved the Invoke-WDACSimulation cmdlet's performance. It's faster, better and outputs CSV file for the result of the simulation.