The Microsoft WDAC Wizard is a great tool for building and modifying WDAC policies, but there are times where it is necessary to manually modify the policy XML file. If you are deploying the policy directly to a device to test the changes, converting the policy into the binary CIP file format can be tedious.
The PowerShell command below can be used on any Windows 10/11 device (the binary file name should be the GUID of your policy, I’ve just generated a random GUID for this example).
ConvertFrom-CIPolicy -XmlFilePath MyPolicy.xml -BinaryFilePath "{43558A47-0DAE-499D-96C8-A4206307F83F}.cip"However I’ve built this helper script which will use the cmdlet, and also automatically name the Binary file based on the policy GUID.
.\ConvertPolicyXmlToBinary.ps1 -XmlPolicyFile MyAuditPolicy.xml