Set option 3 Enabled:Audit Mode to change the policy to audit mode only.Replace the policy rules with 'Allow *' rules.
To make a policy effectively inactive before removing it, you can first replace the policy with a new one that includes the following changes: Otherwise, the policy may redeploy to the computer. Failing to do so will result in a boot start failure.īefore removing any policy, you must first disable the method used to deploy it (such as Group Policy or MDM).
You must then restart the computer so that the UEFI protection of the policy is deactivated. To take effect, this policy must be signed with a certificate included in the section of the original policy you want to replace. The replacement policy must also include. The replacement policy must have the same PolicyId as the one it's replacing and a version that's equal to or greater than the existing policy.
If the policy you are trying to remove is a signed WDAC policy, you must first deploy a signed replacement policy that includes option 6 Enabled:Unsigned System Integrity Policy.
