PSADT blocked by wdac in audit mode

The Toolkit General Discussion
1

hey guys,

do you have any idea, why the AppDeployToolkitMain.cs gets blocked by WDAC in audit mode with enabled dynamic code security?

1 Like
2

you might have a partial solution here:
AppDeployToolkitMain.cs could not be opened - The Toolkit / General Discussion - PSAppDeployToolkit Community

If you get it working, please report back .

There is also another solution here but it’s not official (aka Merged-in)
precompiled cs as wdac audit enable breaks ADT by Numidian · Pull Request #819 · PSAppDeployToolkit/PSAppDeployToolkit (github.com)

It involves replacing AppDeployToolkitMain.cs with AppDeployToolkitMain.dll !

3

Disabling WDAC Option 19 works. Afterwards, I can use the toolkit normally. However, it’s at the expense of security. We will leave the option disabled until it is clarified why something is already being blocked in the audit mode.

In the meantime, I have tried to compile the AppDeployToolkitMain.cs into an AppDeployToolkitMain.dll. For this, I used the .NET SDK 7.0. and I created an ‘AppDeployToolkitMain.csproj’ and saved it in the ‘AppDeployToolkit’ folder. After that, I ran 'dotnet build

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Library</OutputType>
    <TargetFramework>net5.0</TargetFramework>
    <EnableDefaultCompileItems>false</EnableDefaultCompileItems>
  </PropertyGroup>

  <ItemGroup>
    <Compile Include="AppDeployToolkitMain.cs" />
  </ItemGroup>

</Project>

After that, I modified the Toolkit/AppDeployToolkit/AppDeployToolkitMain.ps1 with the string [String]$appDeployCustomTypesSourceCode = Join-Path -Path $scriptRoot -ChildPath ‘AppDeployToolkitMain.dll’ and signed every binary with a own code signing certificat.

Unfortunately, there is now another problem. When executing the toolkit, I receive the following error message.

C:\Install\WDAC\Deploy-Application.ps1 : Module [C:\Install\WDAC\AppDeployToolkit\AppDeployToolkitMain.ps1] failed to load: 
Mindestens ein Typ in der Assembly kann nicht geladen werden. Rufen Sie die LoaderExceptions-Eigenschaft ab, wenn Sie weitere Informationen benötigen.
 
In C:\Install\WDAC\AppDeployToolkit\AppDeployToolkitMain.ps1:15732 Zeichen:5
+     Add-Type -Path $appDeployCustomTypesSourceCode -ReferencedAssembl ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Deploy-Application.ps1
1 Like
4

Now it works. I use an older .NET SDK an the csc.exe

.\csc.exe /target:library /out:AppDeployToolkitMain.dll C:\data\PSADT-Vorlage\AppDeployToolkit\AppDeployToolkitMain.cs
1 Like
5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.