Skip to content

New Policy Rules on Server 2025 / W11 - Cannot convert value "467608708" to type "CodeIntegrity.PolicyRules" #8

New issue
New issue
Open
Open
New Policy Rules on Server 2025 / W11 - Cannot convert value "467608708" to type "CodeIntegrity.PolicyRules"#8
@githubths

Description

@githubths
githubths
opened on Apr 11, 2025

It seems that Windows Server 2025 has new policy rules that are not yet in the Module.

Policy Configured by:
Set-OSConfigDesiredConfiguration -Scenario AppControl\WS2025\DefaultPolicy\Audit -Default
Set-OSConfigDesiredConfiguration -Scenario AppControl\WS2025\AppBlockList\Audit -Default

Ref: https://learn.microsoft.com/en-us/windows-server/security/osconfig/osconfig-how-to-configure-app-control-for-business?tabs=configure%2Cview

PS C:\Temp> ConvertTo-WDACCodeIntegrityPolicy -BinaryFilePath "C:\Windows\System32\CodeIntegrity\CIPolicies\Active{9214d8ee-9b0f-4972-9073-a04e917d7989}.CIP" -XmlFilePath c:\temp\test.xml

WARNING: C:\Windows\System32\CodeIntegrity\CIPolicies\Active{9214d8ee-9b0f-4972-9073-a04e917d7989}.CIP has an invalid or unsupported binary CI policy format version value:
0x00000008. If you are sure that you are dealing with a binary code integrity policy, there is a high liklihood that Microsoft updated the binary file for mat to support new
schema elements and that this code will likely need to be updated.
Cannot convert value "467608708" to type "CodeIntegrity.PolicyRules" due to enumeration values that are not valid. Specify one of the following enumeration values and try
again. The possible enumeration values are "EnabledUMCI,EnabledBootMenuProtection,EnabledIntelligentSecurityGraphAuthorization,EnabledInvalidateEAsonReboot,EnabledWindowsLockdow
nTrialMode,RequiredWHQL,EnabledDeveloperModeDynamicCodeTrust,EnabledAllowSupplementalPolicies,DisabledRuntimeFilePathRuleProtection,EnabledAuditMode,DisabledFlightSigning,Enable
dInheritDefaultPolicy,EnabledUnsignedSystemIntegrityPolicy,EnabledDynamicCodeSecurity,RequiredEVSigners,EnabledBootAuditOnFailure,EnabledAdvancedBootOptionsMenu,DisabledScriptEn
forcement,RequiredEnforceStoreApplications,EnabledSecureSettingPolicy,EnabledManagedInstaller,EnabledUpdatePolicyNoReboot,EnabledConditionalWindowsLockdownPolicy".
At C:\Users\azadmin\Downloads\WDACTools-master\WDACTools-master\CIPolicyParser.psm1:2540 char:9

  •     $PolicyRules = [CodeIntegrity.PolicyRules] ($OptionFlags -ban ...

  •     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [], RuntimeException
    • FullyQualifiedErrorId : UndefinedIntegerToEnum

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions