Starting my WDAC adventure

In Norwegian there is a saying; “A loved child has many names”. WDAC is no exception:

• Windows Defender Application Control (WDAC)
• Application Control
• App Control for Business

But don’t confuse this child with the older one, “AppLocker”. They could theoretically also co-exist, making me slightly confused. Personally I’m going to stick with “WDAC” as the name. Follow me (if you want to) on this journey to figure out whats going on here.

Going forward

NOTE! My installation of WDAC will be performed with on-prem tooling, expecting non-domain joined (and some domain-joined) servers. Possibly clients, we’ll see. WDAC will be used to create workload specific hardening with maximal security with no “magic exceptions” (ISG/Managed Installer), creating and deploying policies using PowerShell. This blog will also be a place for me to reflect and (hopefully) learn from my mistakes.

Right now it feels like there are a billion things to learn, and here are some of the things I hope to clear up in my future blogs:

• Different deployment methods and WDAC structures based on OS versions (single vs multi-policy)
• Building WDAC policies with WDAC Wizard (Buttons. Yep, yep, yep.)
• WDAC and AppLocker in perfect harmony? or maybe no?
• Strategy for multi-policy setup
• User or Kernel mode?
• Microsoft Default Block rules?
• Unsigned executables and all that jazz…
  • Manually self-sign every time or manually hash every update?

Stay tuned to get some answers to these burning questions!