New-CMWdacSetting
Create a Microsoft Defender Application Control settings policy object.
Syntax
New-CMWdacSetting
[-EnforcementMode <CMWDACEnforcementMode>]
[-EnforceRestart <Boolean>]
[-EnableIntelligentSecurityGraph]
[-TrustedFolders <DirectoryInfo[]>]
[-TrustedFiles <FileInfo[]>]
-Name <String>
[-Description <String>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Create a Microsoft Defender Application Control settings policy object.
Use the New-CMSettingDeployment cmdlet to deploy this setting to a collection.
Examples
Example 1: New audit mode Application Control policy
This example creates a new policy object to put Application Control in audit mode.
New-CMWdacSetting -Name "NewAudit" -EnforcementMode AuditModeExample 2: New policy that doesn't reboot the client
This example creates a new policy that doesn't force the client to restart when it applies the policy.
New-CMWdacSetting -Name "NewNoReboot" -EnforceRestart $falseExample 3: New policy custom trusted binaries
This example creates a new policy that adds specific files to the list of trusted files.
New-CMWdacSetting -Name "NewTrustedFiles" -TrustedFiles "abc.exe", "xyz.dll"Parameters
-Description
Specify an optional description to better identify this policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableIntelligentSecurityGraph
Add this parameter to authorize software that the Microsoft Intelligent Security Graph trusts. This service includes Windows Defender SmartScreen and other Microsoft services. For this software to be trusted, the device must be running Windows Defender SmartScreen and Windows 10 version 1709 or later.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnforcementMode
Choose one of the following enforcement methods for Microsoft Defender Application Control:
EnforceMode: Only trusted executables can run.AuditMode: Allow all executables to run. Add an entry to the Windows event log when untrusted executables run.
| Type: | CMWDACEnforcementMode |
| Accepted values: | AuditMode, EnforceMode |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnforceRestart
After the client processes the policy, a restart is scheduled on the client. It follows the client settings for Computer Restart. Applications currently running on the device won't have the new Application Control policy applied to them until after the device restarts.
Set this parameter to $true to force the device to restart after the client applies the policy.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specify a name for this policy to identify it.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TrustedFiles
Add trust for specific files.
| Type: | FileInfo[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TrustedFolders
Add trust for specific folders.
| Type: | DirectoryInfo[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.PowerShell.Cmdlets.EP.WDAC.CMWdacSettings