WDAC changes

2023-11-07 09:26:35 +01:00
parent 9c248aa419
commit 1420134c5f
6 changed files with 5166 additions and 420 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,9 @@
+Installation Script
 ```ps
 irm https://git.justw.tf/Lightemerald/setup-script/raw/branch/main/setupScript.ps1 | iex
+```
+
+WDAC Installation Script
+```ps
+irm https://git.justw.tf/Lightemerald/setup-script/raw/branch/main/setupWDAC.ps1 | iex
 ```
--- a/SetupWDAC.ps1
+++ b/SetupWDAC.ps1
@@ -0,0 +1,9 @@
+$DownloadFile = "https://git.justw.tf/Lightemerald/setup-script/raw/branch/main/{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.cip"
+$LocalFile = Join-Path -Path $env:LOCALAPPDATA -ChildPath "Temp\{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.cip"
+Write-Host "Downloading file from $DownloadFile to $LocalFile"
+Invoke-WebRequest -Uri $DownloadFile -OutFile $LocalFile -UseBasicParsing
+Write-Host "Copying file from $LocalFile to C:\Windows\System32\CodeIntegrity\CiPolicies\Active\"
+Copy-Item -Path $LocalFile -Destination "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\"
+Write-Host "Deleting file from $LocalFile"
+Remove-Item -Path $LocalFile
+Write-Host "File copied!"
--- a/TS.xml
+++ b/TS.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
-	<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&UserLocale=fr-FR&KeyboardLayout=040c%3A0000040c&ProcessorArchitecture=amd64&ComputerName=IPR-PC&TimeZoneMode=Explicit&TimeZone=Romance+Standard+Time&PartitionMode=Unattended&PartitionLayout=GPT&RecoveryMode=Partition&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AdministratorAccountName=Admin&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&UserAccountName=Prof&UserAccountName=Eleve&UserAccountName=&UserAccountName=&UserAccountName=&UserAccountName=&LockoutMode=Default&EnableLongPaths=true&EnableRemoteDesktop=true&HardenSystemDriveAcl=true&AllowPowerShellScripts=true&DisableLastAccess=true&NoAutoRebootWithLoggedOnUsers=true&RunScriptOnFirstLogon=true&DisableAppSuggestions=true&WifiMode=Unattended&WifiName=IPR2&WifiAuthentication=WPA2PSK&WifiPassword=WIFIPASSWORD&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveClipchamp=true&RemoveClock=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveGetStarted=true&RemoveInternetExplorer=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveNews=true&RemoveOneDrive=true&RemoveOneNote=true&RemovePaint3D=true&RemovePeople=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnipAndSketch=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Configure&WdacAuditMode=AuditingOnBootFailure&WdacScriptMode=Unrestricted-->
+	<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&UserLocale=fr-FR&KeyboardLayout=040c%3A0000040c&ProcessorArchitecture=amd64&ComputerName=IPR-PC&TimeZoneMode=Explicit&TimeZone=Romance+Standard+Time&PartitionMode=Unattended&PartitionLayout=GPT&RecoveryMode=Partition&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AdministratorAccountName=Admin&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&UserAccountName=Prof&UserAccountName=Eleve&UserAccountName=&UserAccountName=&UserAccountName=&UserAccountName=&LockoutMode=Default&EnableLongPaths=true&EnableRemoteDesktop=true&HardenSystemDriveAcl=true&AllowPowerShellScripts=true&DisableLastAccess=true&NoAutoRebootWithLoggedOnUsers=true&RunScriptOnFirstLogon=true&DisableAppSuggestions=true&WifiMode=Unattended&WifiName=IPR2&WifiAuthentication=WPA2PSK&WifiPassword=WIFIPASSWORD&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveClipchamp=true&RemoveClock=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveGetStarted=true&RemoveInternetExplorer=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveNews=true&RemoveOneDrive=true&RemoveOneNote=true&RemovePaint3D=true&RemovePeople=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnipAndSketch=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Skip-->
 	<settings pass="offlineServicing"></settings>
 	<settings pass="windowsPE">
 		<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -543,214 +543,6 @@
 					<Order>113</Order>
 					<Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f</Path>
 				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>114</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-StrictMode -Version 'Latest';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>115</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $ErrorActionPreference = 'Stop';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>116</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $guid= '{d26bff32-33a2-48a3-b037-10357ee48427}';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>117</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $xml = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.xml";"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>118</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $binary = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.cip";"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>119</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Copy-Item -LiteralPath 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml' -Destination $xml;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>120</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 0;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>121</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 6;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>122</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 9;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>123</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 16;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>124</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 18;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>125</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 5 -Delete;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>126</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 11;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>127</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 10;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>128</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Merge-CIPolicy -PolicyPaths $xml -OutputFilePath $xml -Rules $("</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>129</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 	@("</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>130</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Windows\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>131</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Program Files\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>132</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Program Files (x86)\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>133</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\debug\WIA\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>134</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Reports\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>135</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Rules\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>136</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Templates\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>137</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Registration\CRMLog\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>138</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Com\dmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>139</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\FxsTmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>140</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\LogFiles\WMI\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>141</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Microsoft\Crypto\RSA\MachineKeys\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>142</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\drivers\color\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>143</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\PRINTERS\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>144</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\SERVERS\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>145</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks_Migrated\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>146</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>147</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Com\dmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>148</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\FxsTmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>149</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>150</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>151</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Temp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>152</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\tracing\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>153</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 	) ^| ForEach-Object -Process { $_; }"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>154</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>155</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc = [xml]::new();"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>156</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.Load( $xml );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>157</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $nsmgr = [System.Xml.XmlNamespaceManager]::new( $doc.NameTable );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>158</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $nsmgr.AddNamespace( 'pol', 'urn:schemas-microsoft-com:sipolicy' );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>159</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.SelectSingleNode( '/pol:SiPolicy/pol:PolicyID', $nsmgr ).InnerText = $guid;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>160</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.SelectSingleNode( '/pol:SiPolicy/pol:BasePolicyID', $nsmgr ).InnerText = $guid;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>161</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $node = $doc.SelectSingleNode( '//pol:SigningScenario[@Value=''12'']/pol:ProductSigners/pol:AllowedSigners', $nsmgr );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>162</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $node.ParentNode.RemoveChild( $node );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>163</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.Save( $xml );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>164</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo ConvertFrom-CIPolicy -XmlFilePath $xml -BinaryFilePath $binary;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>165</Order>
-					<Path>powershell.exe -NoProfile -File "%TEMP%\wdac.ps1"</Path>
-				</RunSynchronousCommand>
 			</RunSynchronous>
 		</component>
 		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -802,4 +594,4 @@
 			</OOBE>
 		</component>
 	</settings>
-</unattend>
+</unattend>
--- a/autounattend.xml
+++ b/autounattend.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
-	<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&UserLocale=fr-FR&KeyboardLayout=040c%3A0000040c&ProcessorArchitecture=amd64&ComputerName=IPR-PC&TimeZoneMode=Explicit&TimeZone=Romance+Standard+Time&PartitionMode=Unattended&PartitionLayout=GPT&RecoveryMode=Partition&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AdministratorAccountName=Admin&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&UserAccountName=Prof&UserAccountName=Eleve&UserAccountName=&UserAccountName=&UserAccountName=&UserAccountName=&LockoutMode=Default&EnableLongPaths=true&EnableRemoteDesktop=true&HardenSystemDriveAcl=true&AllowPowerShellScripts=true&DisableLastAccess=true&NoAutoRebootWithLoggedOnUsers=true&RunScriptOnFirstLogon=true&DisableAppSuggestions=true&WifiMode=Unattended&WifiName=IPR2&WifiAuthentication=WPA2PSK&WifiPassword=WIFIPASSWORD&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveClipchamp=true&RemoveClock=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveGetStarted=true&RemoveInternetExplorer=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveNews=true&RemoveOneDrive=true&RemoveOneNote=true&RemovePaint3D=true&RemovePeople=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnipAndSketch=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Configure&WdacAuditMode=AuditingOnBootFailure&WdacScriptMode=Unrestricted-->
+	<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&UserLocale=fr-FR&KeyboardLayout=040c%3A0000040c&ProcessorArchitecture=amd64&ComputerName=IPR-PC&TimeZoneMode=Explicit&TimeZone=Romance+Standard+Time&PartitionMode=Unattended&PartitionLayout=GPT&RecoveryMode=Partition&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AdministratorAccountName=Admin&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&AdministratorAccountName=&UserAccountName=Prof&UserAccountName=Eleve&UserAccountName=&UserAccountName=&UserAccountName=&UserAccountName=&LockoutMode=Default&EnableLongPaths=true&EnableRemoteDesktop=true&HardenSystemDriveAcl=true&AllowPowerShellScripts=true&DisableLastAccess=true&NoAutoRebootWithLoggedOnUsers=true&RunScriptOnFirstLogon=true&DisableAppSuggestions=true&WifiMode=Unattended&WifiName=IPR2&WifiAuthentication=WPA2PSK&WifiPassword=WIFIPASSWORD&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveClipchamp=true&RemoveClock=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveGetStarted=true&RemoveInternetExplorer=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveNews=true&RemoveOneDrive=true&RemoveOneNote=true&RemovePaint3D=true&RemovePeople=true&RemovePowerAutomate=true&RemovePowerShellISE=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnipAndSketch=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Skip-->
 	<settings pass="offlineServicing"></settings>
 	<settings pass="windowsPE">
 		<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -543,214 +543,6 @@
 					<Order>113</Order>
 					<Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f</Path>
 				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>114</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-StrictMode -Version 'Latest';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>115</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $ErrorActionPreference = 'Stop';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>116</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $guid= '{d26bff32-33a2-48a3-b037-10357ee48427}';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>117</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $xml = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.xml";"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>118</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $binary = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.cip";"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>119</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Copy-Item -LiteralPath 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml' -Destination $xml;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>120</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 0;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>121</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 6;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>122</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 9;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>123</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 16;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>124</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 18;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>125</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 5 -Delete;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>126</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 11;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>127</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Set-RuleOption -FilePath $xml -Option 10;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>128</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo Merge-CIPolicy -PolicyPaths $xml -OutputFilePath $xml -Rules $("</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>129</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 	@("</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>130</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Windows\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>131</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Program Files\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>132</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule 'C:\Program Files (x86)\*';"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>133</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\debug\WIA\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>134</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Reports\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>135</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Rules\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>136</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Templates\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>137</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Registration\CRMLog\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>138</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Com\dmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>139</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\FxsTmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>140</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\LogFiles\WMI\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>141</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Microsoft\Crypto\RSA\MachineKeys\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>142</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\drivers\color\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>143</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\PRINTERS\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>144</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\SERVERS\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>145</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks_Migrated\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>146</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>147</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Com\dmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>148</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\FxsTmp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>149</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>150</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Tasks\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>151</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\Temp\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>152</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 		New-CIPolicyRule -FilePathRule '%WINDIR%\tracing\*' -Deny;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>153</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo 	) ^| ForEach-Object -Process { $_; }"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>154</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>155</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc = [xml]::new();"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>156</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.Load( $xml );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>157</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $nsmgr = [System.Xml.XmlNamespaceManager]::new( $doc.NameTable );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>158</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $nsmgr.AddNamespace( 'pol', 'urn:schemas-microsoft-com:sipolicy' );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>159</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.SelectSingleNode( '/pol:SiPolicy/pol:PolicyID', $nsmgr ).InnerText = $guid;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>160</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.SelectSingleNode( '/pol:SiPolicy/pol:BasePolicyID', $nsmgr ).InnerText = $guid;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>161</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $node = $doc.SelectSingleNode( '//pol:SigningScenario[@Value=''12'']/pol:ProductSigners/pol:AllowedSigners', $nsmgr );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>162</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $node.ParentNode.RemoveChild( $node );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>163</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo $doc.Save( $xml );"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>164</Order>
-					<Path>cmd.exe /c "&gt;&gt;"%TEMP%\wdac.ps1" echo ConvertFrom-CIPolicy -XmlFilePath $xml -BinaryFilePath $binary;"</Path>
-				</RunSynchronousCommand>
-				<RunSynchronousCommand wcm:action="add">
-					<Order>165</Order>
-					<Path>powershell.exe -NoProfile -File "%TEMP%\wdac.ps1"</Path>
-				</RunSynchronousCommand>
 			</RunSynchronous>
 		</component>
 		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -802,4 +594,4 @@
 			</OOBE>
 		</component>
 	</settings>
-</unattend>
+</unattend>
--- a/{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.cip
+++ b/{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.cip
--- a/{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.xml
+++ b/{b4d6b24c-c3ad-44e5-9dea-72c1ed9577b8}.xml