Closed bryan-osisoft closed 3 years ago
Some additional information: Two Allow rules are part of both Deny policy files: WDACRules-20210122-0524-Deny-Audit.xml WDACRules-20210122-0524-Deny-Enforce.xml
<Allow ID="ID_ALLOW_A_1_0" FriendlyName="" FileName="*" />
<Allow ID="ID_ALLOW_A_2_0" FriendlyName="" FileName="*" />
But I dont think its a bug as both rules are referenced further down below to block two signing scenarios:
This is by design. The policy is "Allow everything except these specific things". Without the Allow rules, then the policy would implicitly block everything and explicitly* block a few things, but allow nothing.