Merge-CIPolicy
Combines the rules in several Code Integrity policy files.
Syntax
Merge-CIPolicy
[-OutputFilePath] <String>
[-PolicyPaths] <String[]>
[-Rules <Rule[]>]
[-AppIdTaggingPolicy]
[<CommonParameters>]Description
The Merge-CIPolicy cmdlet combines the rules in several Code Integrity policy files. This cmdlet creates a single policy .xml file. You can specify rules to add to the merged list. This cmdlet does not save redundant rules. The cmdlet appends a digit to the IDs of the rules to make the IDs of the rules unique.
Examples
Example 1: Merge policies
PS C:\> Merge-CIPolicy -PolicyPaths '.\Policy.xml','.\Policy02.xml' -OutputFilePath '.\MergedPolicy.xml'
Name : MSIT Test CodeSign CA 3
Id : ID_SIGNER_S_17_0
TypeId : Allow
Root : FA6B9A2230CE08BCA81D096B28CF495672401D3A43A0D285CF352464A6C9C7FD
FileVersionRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : False
Name : VeriSign Class 3 Code Signing 2010 CA
Id : ID_SIGNER_S_1D_0
TypeId : Allow
Root : 4843A82ED3B1F2BFBEE9671960E1940C942F688D
FileVersionRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : False
Name : Microsoft Windows Third Party Component CA 2012
Id : ID_SIGNER_S_1E_0
TypeId : Allow
Root : CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46
FileVersionRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : False
Name : \\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Sha1
Id : ID_ALLOW_A_49_1
TypeId : Allow
Root :
FileVersionRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : FalseThis command merges policies defined in the two .xml files into a third file, MergedPolicy.xml. The cmdlet appends _0 to ID of the rules from the first policy, such as ID_SIGNER_S_17_0. It appends _1 to rules from the second policy, such as ID_ALLOW_A_49_1. The command does not include duplicates. For this example, we present only the first few rules.
Parameters
-AppIdTaggingPolicy
This parameter is reserved for future use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OutputFilePath
Specifies the path of the merged .xml policy file.
| Type: | String |
| Aliases: | o |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyPaths
Specifies an array of paths of the policy .xml files that this cmdlet merges.
| Type: | String[] |
| Aliases: | p |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Rules
Specifies an array of Rule objects that this cmdlet adds to the merged policy. To obtain a rule object, use the Get-CIPolicy or New-CIPolicyRule cmdlets.
| Type: | Rule[] |
| Aliases: | r |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Outputs
Rule
This cmdlet returns the rules in the policy that it creates.