PSADT blocked by wdac in audit mode

hey guys,

do you have any idea, why the AppDeployToolkitMain.cs gets blocked by WDAC in audit mode with enabled dynamic code security?

you might have a partial solution here:
AppDeployToolkitMain.cs could not be opened - The Toolkit / General Discussion - PSAppDeployToolkit Community

If you get it working, please report back .

There is also another solution here but it’s not official (aka Merged-in)
precompiled cs as wdac audit enable breaks ADT by Numidian · Pull Request #819 · PSAppDeployToolkit/PSAppDeployToolkit (github.com)

It involves replacing AppDeployToolkitMain.cs with AppDeployToolkitMain.dll !

Disabling WDAC Option 19 works. Afterwards, I can use the toolkit normally. However, it’s at the expense of security. We will leave the option disabled until it is clarified why something is already being blocked in the audit mode.

In the meantime, I have tried to compile the AppDeployToolkitMain.cs into an AppDeployToolkitMain.dll. For this, I used the .NET SDK 7.0. and I created an ‚ÄėAppDeployToolkitMain.csproj‚Äô and saved it in the ‚ÄėAppDeployToolkit‚Äô folder. After that, I ran 'dotnet build

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Library</OutputType>
    <TargetFramework>net5.0</TargetFramework>
    <EnableDefaultCompileItems>false</EnableDefaultCompileItems>
  </PropertyGroup>

  <ItemGroup>
    <Compile Include="AppDeployToolkitMain.cs" />
  </ItemGroup>

</Project>

After that, I modified the Toolkit/AppDeployToolkit/AppDeployToolkitMain.ps1 with the string [String]$appDeployCustomTypesSourceCode = Join-Path -Path $scriptRoot -ChildPath ‚ÄėAppDeployToolkitMain.dll‚Äô and signed every binary with a own code signing certificat.

Unfortunately, there is now another problem. When executing the toolkit, I receive the following error message.

C:\Install\WDAC\Deploy-Application.ps1 : Module [C:\Install\WDAC\AppDeployToolkit\AppDeployToolkitMain.ps1] failed to load: 
Mindestens ein Typ in der Assembly kann nicht geladen werden. Rufen Sie die LoaderExceptions-Eigenschaft ab, wenn Sie weitere Informationen benötigen.
 
In C:\Install\WDAC\AppDeployToolkit\AppDeployToolkitMain.ps1:15732 Zeichen:5
+     Add-Type -Path $appDeployCustomTypesSourceCode -ReferencedAssembl ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Deploy-Application.ps1
1 Like

Now it works. I use an older .NET SDK an the csc.exe

.\csc.exe /target:library /out:AppDeployToolkitMain.dll C:\data\PSADT-Vorlage\AppDeployToolkit\AppDeployToolkitMain.cs
1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.