-2

I'm trying to disable my device guard policy, what I have done is: windows + R --> gpedit.msc --> Local Computer Policy --> Computer configuration --> Administrative templates --> System --> Device guard --> Deploy Windows Defender Application Control --> Set to not configured as shown on image

DEVICE GUARD NOT CONFIGURED

Then I open msinfo32.exe to check if the policy is still active, System Summary --> Windows defender Aplication --> is set to audit as shown on image

audit and not disabled

How can I disable this policy??

marcosagni98
  • 80
  • 1
  • 12
  • 1
    Try asking at SuperUser for stand-alone workstation case, at ServerFault for domain-joined computers. This doesn't seem to be a programming question, so it's out of SO's scope. – vonPryz Aug 24 '21 at 11:31

3 Answers3

1

You can use CITool to remove deployed unsigned WDAC policies.

If the WDAC policy is signed, here is the official method for removal.

I've created a PowerShell module that automates all of these processes (and a lot more):

Available on GitHub and PowerShell gallery

SpyNet
  • 323
  • 8
0

I solve it doing this in powershell: rm "C:\Windows\System32\CodeIntegrity\SiPolicy.p7b"

marcosagni98
  • 80
  • 1
  • 12
0

Had the same issue after deploying Intune default application control policy. After much hassle I solved this by delete all the files in Windows\System32\AppLocker. Hopefully this helps.

Roel Forbes
  • 36
  • 2
  • I solved it deleting C:\Windows\System32\CodeIntegrity\SiPolicy.p7b which is the file that enforces the policy on the computer – marcosagni98 Mar 17 '23 at 10:16