Supplemental policies include all base policy rules by default

[SeniorFeet]

When using the tool to create a supplemental policy, all base policy rules by default are included in the supplemental policy.

If you didn't remove each of these before adding additional rules, this could lead to a mismatch as if you ever needed to change a base policy rule you'd then have to edit all your supplementary rules to ensure there isn't a conflict. Could also result in supplemental policies exceeding max size.

If you have a large base policy, each time you create a new supplementary policy it can result in a prolonged task of removing each of the base rules. Edit: Just tried this and even if you remove the base policy rules they're still added when generating the XML file

[jgeurten]

Apologies for the negative experience, @SeniorFeet. This issue was reported last week to me via email and I have just published a new version of the Wizard to address this issue - https://webapp-wdac-wizard.azurewebsites.net/packages/WDACWizard_1.6.3.0_x64_8wekyb3d8bbwe.MSIX

The Wizard will also auto update every 72 hours without any intervention. Thanks so much for reporting issues and providing feedback!

PR #39 fixes this issue.

[SeniorFeet]

Great, thanks for the quick turnaround!

[SeniorFeet]

Hi, Just tried this with version 1.6.3.0.22. The issue persists, additionally editing of existing supplemental policies still converts them to a base policy.

[jgeurten]

WDAC supplemental policies must inherit most of the policy rules set by the base policy. The exceptions being ISG, managed installer, and disable runtime filepath rules. The Wizard will set the rules in the supplemental to match the states set by the base.

The conversion to base policy still exists, however. Re-opening #46