WDAC rules are not generated on Windows Server 2019
simon-baer opened this issue · 1 comments
WDAC is supported on Windows Server 2016 and later.
However the Create-Policies script does not generate WDAC policies and reports the following:
AaronLocker supports WDAC on Windows 10 version 1903 (build 18362) and greater. Current build is 17763. Processing AppLocker only.
After I disabled the check in Create-Policies.ps1, the script reports errors on the Set-CIPolicyIdInfo command because on Windows Server 2019 this commandlet does not have a -ResetPolicyID parameter.
WDAC is supported on WS2016 and later, but the WDAC feature set has evolved quite a lot since its first release in 2015. The features required for AaronLocker-like functionality using WDAC aren't present in WS2016 or WS2019.
The required AppLocker features are all present, though.