WDAC policy and Powershell constrained language mode

Yevhen UK 0 Reputation points
2024-01-10T19:12:40.5933333+00:00

Hello, if I understood these articles (1 , 2, 3) correctly, when WDAC is enabled, the Powershell session starts in constrained language mode. Please tell me how to allow users to run powershell in Full Language mode without disabling option 11 Disabled:Script Enforcement (Set-RuleOption –FilePath [path to the XML policy] –Option [enter the option number] –Delete) ? it is not very clear how to configure WDAC policies for Powershell. Thanks in advance for the examples and answers!

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,274 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azar 21,230 Reputation points MVP
    2024-01-10T20:43:39.6566667+00:00

    Hey Yevhen UK

    Let me help you, if you eant to configure WDAC policies to allow PowerShell

    Start with Using the Get-RuleOption cmdlet to identify the specific rules associated with PowerShell and constrained language mode.

    Get-RuleOption -FilePath [path to the XML policy] -Id 4101, 4102, 4103

    This will show you the current rules associated with PowerShell in your WDAC policy. Now Use the Set-RuleOption cmdlet to modify specific rule options. For example, you might change the EnforcementMode to "Audit" for PowerShell rules to allow monitoring without blocking.

    Set-RuleOption -FilePath [path to the XML policy] -Id 4101, 4102, 4103 -Option 11 -Value 0

    This sets the enforcement mode for the identified rules to "Audit" (0), allowing you to monitor without blocking.

    If this helps kindly accept the answer thanks very much.