Confirm-WDACConfig.psm1

#Requires -RunAsAdministrator
function Confirm-WDACConfig {
    [CmdletBinding()]
    Param(
        [Alias("L")]
        [Parameter(Mandatory = $false, ParameterSetName = "List Active Policies")][Switch]$ListActivePolicies,

        [Alias("V")]
        [Parameter(Mandatory = $false, ParameterSetName = "Verify WDAC Status")][Switch]$VerifyWDACStatus,

        [Alias("S")]
        [Parameter(Mandatory = $false, ParameterSetName = "Check SmartAppControl Status")][Switch]$CheckSmartAppControlStatus,

        [Parameter(Mandatory = $false, ParameterSetName = "List Active Policies")][Switch]$OnlyBasePolicies,
        [Parameter(Mandatory = $false, ParameterSetName = "List Active Policies")][Switch]$OnlySupplementalPolicies,
        
        [Parameter(Mandatory = $false)][Switch]$SkipVersionCheck
    )

    begin {
        # Importing resources such as functions by dot-sourcing so that they will run in the same scope and their variables will be usable
        . "$psscriptroot\Resources.ps1"

        # Stop operation as soon as there is an error anywhere, unless explicitly specified otherwise
        $ErrorActionPreference = 'Stop'         
        if (-NOT $SkipVersionCheck) { . Update-self }        

        # Script block to show only non-system Base policies
        $OnlyBasePoliciesBLOCK = {
            $BasePolicies = (CiTool -lp -json | ConvertFrom-Json).Policies | Where-Object { $_.IsSystemPolicy -ne "True" } | Where-Object { $_.PolicyID -eq $_.BasePolicyID }           
            Write-Host "`nThere are currently $(($BasePolicies.count)) Non-system Base policies deployed" -ForegroundColor Cyan
            $BasePolicies
        }
        # Script block to show only non-system Supplemental policies
        $OnlySupplementalPoliciesBLOCK = {
            $SupplementalPolicies = (CiTool -lp -json | ConvertFrom-Json).Policies | Where-Object { $_.IsSystemPolicy -ne "True" } | Where-Object { $_.PolicyID -ne $_.BasePolicyID }           
            Write-Host "`nThere are currently $(($SupplementalPolicies.count)) Non-system Supplemental policies deployed`n" -ForegroundColor Cyan
            $SupplementalPolicies
        }        
    }

    process {
        if ($ListActivePolicies) {
            if ($OnlyBasePolicies) { &$OnlyBasePoliciesBLOCK }
            if ($OnlySupplementalPolicies) { &$OnlySupplementalPoliciesBLOCK }               
            if (!$OnlyBasePolicies -and !$OnlySupplementalPolicies) { &$OnlyBasePoliciesBLOCK; &$OnlySupplementalPoliciesBLOCK }
        }
        
        if ($VerifyWDACStatus) {
            Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard | Select-Object -Property *codeintegrity* | Format-List
            Write-host "2 -> Enforced`n1 -> Audit mode`n0 -> Disabled/Not running`n" -ForegroundColor Cyan
        }

        if ($CheckSmartAppControlStatus) {
            Get-MpComputerStatus | Select-Object -Property SmartAppControlExpiration, SmartAppControlState
            if ((Get-MpComputerStatus).SmartAppControlState -eq "Eval") {
                Write-Host "Smart App Control is in Evaluation mode.`n"
            }
            elseif ((Get-MpComputerStatus).SmartAppControlState -eq "On") {
                Write-Host "Smart App Control is turned on.`n"
            }
            elseif ((Get-MpComputerStatus).SmartAppControlState -eq "Off") {
                Write-Host "Smart App Control is turned off.`n"
            }
        }    
    }
    
    <#
.SYNOPSIS
Show the status of WDAC on the system and lists the current deployed policies and shows details about each of them
 
.LINK
https://github.com/HotCakeX/Harden-Windows-Security/wiki/Confirm-WDACConfig
 
.DESCRIPTION
Using official Microsoft methods, Show the status of WDAC (Windows Defender Application Control) on the system, list the current deployed policies and show details about each of them.
 
.COMPONENT
Windows Defender Application Control, ConfigCI PowerShell module
 
.FUNCTIONALITY
Using official Microsoft methods, Show the status of WDAC (Windows Defender Application Control) on the system, list the current deployed policies and show details about each of them.
 
.PARAMETER ListActivePolicies
Lists the currently deployed policies and shows details about each of them
 
.PARAMETER VerifyWDACStatus
Shows the status of WDAC (Windows Defender Application Control) on the system
 
.PARAMETER CheckSmartAppControlStatus
Checks the status of Smart App Control and reports the results on the console
 
.PARAMETER SkipVersionCheck
Can be used with any parameter to bypass the online version check - only to be used in rare cases
 
#>
 
}

# Set PSReadline tab completion to complete menu for easier access to available parameters - Only for the current session
Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete