Let take one more look at the Windows Defender Application Guard.
You can find the previous posts about WDAG here:
Testing Windows Defender Application Guard on a VM
Windows Defender Application Guard
In the last post we saw that by default we were not allowed to do copy and paste operations
Your admin doesn’t allow you to copy and paste this content between Application Guard and other apps.
This can be allowed by using the GPO:
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender Application GuardConfigure Windows Defender Application Guard clipboard settings
We can here choose between the following Clipboard behavior settings:
- Block clipboard operations(default)
- Enable clipboard operation from an isolated session to the host
- Enable clipboard operation from an host to the isolated session
- Enable clipboard operation both directions
So we can allow cut and paste in any direction we would like.
We can also control what the users are allowed to copy in Clipboard content options:
- Allows text copying (Value of 1)
- Allows image copying (Value of 2)
- Allows both text and image copying (Value of 3)
If we try to open a trusted site inside WDAG, we will see this warning:
If this is a work-related site, open it in a new Microsoft Edge windows outside of Application Guard
We can allow some sites to be open in both in WDAG and on the host itself by using the GPO
Computer ConfigurationPoliciesAdministrative TemplatesNetworkNetwork IsolationDomains categorized as both work and personal
Here we can use a comma-separated list:
Now https://www.mindcore.dk can also open in WDAG:
If the user clicks at the WDAG icon in the upper left corner, it will be possible to click Learn more:
Then the user will get more information (just a little bit):
By default favorites will not be available in Application Guard with this message:
To help protect your PC, favorites and reading list will be unavailable in Application Guard for Microsoft Edge.
We can allow the use of favorites by using this GPO
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender Application GuardAllow data persistence for Windows Defender Application Guard
After enabling this policy we can use favorites and they will be remembered between WDAG sessions, so will cookies and recent URL’s you have used:
But favorites are still not shared with favorites on the host, so two separate favorites lists:
If you try to print from WDAG you will by default have no printers because printing is not allowed:
We can change this behavior by using the GPO
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender Application GuardConfigure Windows Defender Application Guard print settings
Allowed print types holds a lot of options:
- 0. Disables all print functionality
- 1. Enables only XPS printing
- 2. Enables only PDF printing
- 3. Enables both PDF and XPS printing
- 4. Enables only local printing
- 5. Enables both local and XPS printing
- 6. Enables both local and PDF printing
- 7. Enables local, PDF, and XPS printing
- 8. Enables only network printing
- 9. Enables both network and XPS printing
- 10. Enables both network and PDF printing
- 11. Enables network, PDF, and XPS printing
- 12. Enables both network and local printing
- 13. Enables network, local, and XPS printing
- 14. Enables network, local, and PDF printing
- 15. Enables all printing
And now we have the printers redirected to WDAG:
We can reset and restart WDAG with the command wdagtool.exe cleanup, this will still keep our user data like favorites.
Using the command wdagtool.exe cleanup RESET_PERSISTENCE_LAYER, will also cleanup user data like favorites:
Favorites are now gone, but we can start adding again:
We have many more options for WDAG, but I think you get the picture, now test in your own environment.
