|
Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64 User : ServerPC ( 0) PHP Version : 8.2.12 Disable Function : NONE Directory : C:/Windows/schemas/CodeIntegrity/ExamplePolicies/ |
Upload File : |
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
<VersionEx>0.0.0.0</VersionEx>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Advanced Boot Options Menu</Option>
</Rule>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
<Option>Enabled:Inherit Default Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Update Policy No Reboot</Option>
</Rule>
<Rule>
<Option>Enabled:Intelligent Security Graph Authorization</Option>
</Rule>
<Rule>
<Option>Enabled:Developer Mode Dynamic Code Trust</Option>
</Rule>
<Rule>
<Option>Enabled:Revoked Expired As Unsigned</Option>
</Rule>
<Rule>
<Option>Enabled:Allow Supplemental Policies</Option>
</Rule>
<Rule>
<Option>Disabled:Script Enforcement</Option>
</Rule>
<Rule>
<Option>Enabled:Conditional Windows Lockdown Policy</Option>
</Rule>
</Rules>
<!--EKUS-->
<EKUs>
<EKU ID="ID_EKU_WINDOWS" Value="010A2B0601040182370A0306" FriendlyName="" />
<EKU ID="ID_EKU_ELAM" Value="010A2B0601040182373D0401" FriendlyName="" />
<EKU ID="ID_EKU_HAL_EXT" Value="010a2b0601040182373d0501" FriendlyName="" />
<EKU ID="ID_EKU_WHQL" Value="010A2B0601040182370A0305" FriendlyName="" />
<EKU ID="ID_EKU_STORE" Value="010a2b0601040182374c0301" FriendlyName="Windows Store EKU - 1.3.6.1.4.1.311.76.3.1 Windows Store" />
</EKUs>
<!--File Rules-->
<FileRules>
</FileRules>
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_AZURECODESIGNING_0" Name="Azure Code Signing WellKnown Value">
<CertRoot Type="Wellknown" Value="16" />
</Signer>
<Signer ID="ID_SIGNER_AUTHROOT_0" Name="Authroot Dummy WellKnown Value">
<CertRoot Type="Wellknown" Value="14" />
</Signer>
<Signer ID="ID_SIGNER_WINDOWS_PRODUCTION_0" Name="Microsoft Product Root 2010 Windows EKU">
<CertRoot Type="Wellknown" Value="06" />
<CertEKU ID="ID_EKU_WINDOWS" />
</Signer>
<Signer ID="ID_SIGNER_ELAM_PRODUCTION_0" Name="Microsoft Product Root 2010 ELAM EKU">
<CertRoot Type="Wellknown" Value="06" />
<CertEKU ID="ID_EKU_ELAM" />
</Signer>
<Signer ID="ID_SIGNER_HAL_PRODUCTION_0" Name="Microsoft Product Root 2010 HAL EKU">
<CertRoot Type="Wellknown" Value="06" />
<CertEKU ID="ID_EKU_HAL_EXT" />
</Signer>
<Signer ID="ID_SIGNER_WHQL_SHA2_0" Name="Microsoft Product Root 2010 WHQL EKU">
<CertRoot Type="Wellknown" Value="06" />
<CertEKU ID="ID_EKU_WHQL" />
</Signer>
<Signer ID="ID_SIGNER_WHQL_SHA1_0" Name="Microsoft Product Root WHQL EKU SHA1">
<CertRoot Type="Wellknown" Value="05" />
<CertEKU ID="ID_EKU_WHQL" />
</Signer>
<Signer ID="ID_SIGNER_WHQL_MD5_0" Name="Microsoft Product Root WHQL EKU MD5">
<CertRoot Type="Wellknown" Value="04" />
<CertEKU ID="ID_EKU_WHQL" />
</Signer>
<Signer ID="ID_SIGNER_MICROSOFT_PRODUCT_1997_UMCI_1" Name="MincryptKnownRootMicrosoftProductRoot1997">
<CertRoot Type="Wellknown" Value="04" />
</Signer>
<Signer ID="ID_SIGNER_MICROSOFT_PRODUCT_2001_UMCI_1" Name="MincryptKnownRootMicrosoftProductRoot2001">
<CertRoot Type="Wellknown" Value="05" />
</Signer>
<Signer ID="ID_SIGNER_MICROSOFT_PRODUCT_2010_UMCI_1" Name="MincryptKnownRootMicrosoftProductRoot2010">
<CertRoot Type="Wellknown" Value="06" />
</Signer>
<Signer ID="ID_SIGNER_MICROSOFT_STANDARD_2011_UMCI_1" Name="MincryptKnownRootMicrosoftStandardRoot2011">
<CertRoot Type="Wellknown" Value="07" />
</Signer>
<Signer ID="ID_SIGNER_MICROSOFT_CODEVERIFICATION_2006" Name="MincryptKnownRootMicrosoftCodeVerificationRoot2006">
<CertRoot Type="Wellknown" Value="08" />
</Signer>
<Signer ID="ID_SIGNER_DRM_UMCI_1" Name="MincryptKnownRootMicrosoftDMDRoot2005">
<CertRoot Type="Wellknown" Value="0C" />
</Signer>
<Signer ID="ID_SIGNER_STORE_1" Name="Microsoft MarketPlace PCA 2011">
<CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
<CertEKU ID="ID_EKU_STORE" />
</Signer>
<!-- Included only for update and supplemental signers -->
<Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT_0" Name="Microsoft Flighting Root 2014 Windows EKU">
<CertRoot Type="Wellknown" Value="0E" />
<CertEKU ID="ID_EKU_WINDOWS" />
</Signer>
<Signer ID="ID_SIGNER_TEST2010" Name="MincryptKnownRootMicrosoftTestRoot2010">
<CertRoot Type="Wellknown" Value="0A" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION_0" />
<AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION_0" />
<AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION_0" />
<AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2_0" />
<AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1_0" />
<AllowedSigner SignerId="ID_SIGNER_WHQL_MD5_0" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_CODEVERIFICATION_2006" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_AUTHROOT_0" />
<AllowedSigner SignerId="ID_SIGNER_AZURECODESIGNING_0" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_PRODUCT_1997_UMCI_1" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_PRODUCT_2001_UMCI_1" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_PRODUCT_2010_UMCI_1" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_STANDARD_2011_UMCI_1" />
<AllowedSigner SignerId="ID_SIGNER_MICROSOFT_CODEVERIFICATION_2006" />
<AllowedSigner SignerId="ID_SIGNER_DRM_UMCI_1" />
<AllowedSigner SignerId="ID_SIGNER_STORE_1" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
<CiSigners>
<CiSigner SignerId="ID_SIGNER_AUTHROOT_0" />
<CiSigner SignerId="ID_SIGNER_STORE_1" />
</CiSigners>
<HvciOptions>0</HvciOptions>
<BasePolicyID>{0283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</BasePolicyID>
<PolicyID>{0283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</PolicyID>
<Settings>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
<String>VerifiedAndReputableDesktop</String>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>27555.1000.240208</String>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="NoRevalidationUponRefresh" ValueName="NoRevalidationUponRefreshValue">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="ShellSmartscreenSuppressed">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="BrowserSmartscreenSuppressed">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="ISGSmartscreenTrustSuppressed">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="VerifiedAndReputableUI">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="WindowsLockdownOfficeExtensions">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="VerifiedAndReputablePerfMode">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="VerifiedAndReputableTrustMode">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="WindowsLockdownDangerousExtensionValidation">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="WindowsLockdownDangerousExtensionEnforcement">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="DisableMshtmlUmci">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="Microsoft" Key="WindowsLockdownPolicySettings" ValueName="VerifiedAndReputableAllowAntiMalware">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
</Settings>
</SiPolicy>