AaronLocker icon indicating copy to clipboard operation
AaronLocker copied to clipboard
verified publisher icon microsoft

WDAC rules are not generated on Windows Server 2019

Open simon-baer opened this issue 2 years ago • 1 comments

WDAC is supported on Windows Server 2016 and later. However the Create-Policies script does not generate WDAC policies and reports the following: AaronLocker supports WDAC on Windows 10 version 1903 (build 18362) and greater. Current build is 17763. Processing AppLocker only.

After I disabled the check in Create-Policies.ps1, the script reports errors on the Set-CIPolicyIdInfo command because on Windows Server 2019 this commandlet does not have a -ResetPolicyID parameter.

simon-baer avatar Jul 24 '23 14:07 simon-baer

WDAC is supported on WS2016 and later, but the WDAC feature set has evolved quite a lot since its first release in 2015. The features required for AaronLocker-like functionality using WDAC aren't present in WS2016 or WS2019. The required AppLocker features are all present, though.

AaronMargosis avatar Jul 26 '23 14:07 AaronMargosis