Intune Proactive Remediation to clear old WDAC policy

Recently we had machines not updating their WDAC config from Intune with the Failure 0x87d1fde8

Deleting the file manually fixed this , however we needed to script this

Detection : 


#find old WDAC Files not updating ( 7 days )
$oldcips = Get-ChildItem -Path "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-7))}


if ($oldcips) {

#files found
    Exit 1
} Else {
#files not found
    Exit 0
}


 catch{
    $errMsg = $_.exeption.essage
    Write-Output $errMsg
 }

Remediation

Get-ChildItem -Path "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-7))} | Remove-Item -Force

Other scripts available to clear

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely