summaryrefslogtreecommitdiff
path: root/ansible/scripts/setup-defender-gpo.ps1
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/scripts/setup-defender-gpo.ps1')
-rw-r--r--ansible/scripts/setup-defender-gpo.ps150
1 files changed, 50 insertions, 0 deletions
diff --git a/ansible/scripts/setup-defender-gpo.ps1 b/ansible/scripts/setup-defender-gpo.ps1
new file mode 100644
index 0000000..688949a
--- /dev/null
+++ b/ansible/scripts/setup-defender-gpo.ps1
@@ -0,0 +1,50 @@
+param (
+ [string]$DomainName = "contoso.com"
+)
+
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+Import-Module GroupPolicy -ErrorAction Stop
+
+$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])"
+$DomainUsers = Get-ADGroup "Domain Users" -ErrorAction Stop
+
+$GpoName = "DisableMicrosoftDefender"
+
+try {
+ $GPO = New-GPO -Name $GpoName -Comment "GPO to disable Microsoft Defender in test environment" -ErrorAction Stop
+ Write-Host "[INFO] Created GPO '$GpoName'"
+
+ Set-GPPermission -Name $GPO.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group -ErrorAction Stop
+ Write-Host "[INFO] Set GpoEditDeleteModifySecurity permissions for '$($DomainUsers.Name)' on GPO '$GpoName'"
+
+ $RegistrySettings = @(
+ @{
+ Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"
+ ValueName = "DisableAntiSpyware"
+ Value = 1
+ Type = "DWORD"
+ },
+ @{
+ Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"
+ ValueName = "DisableRealtimeMonitoring"
+ Value = 1
+ Type = "DWORD"
+ }
+ )
+
+ foreach ($Setting in $RegistrySettings) {
+ Set-GPRegistryValue -Name $GpoName -Key $Setting.Key -ValueName $Setting.ValueName -Type $Setting.Type -Value $Setting.Value -ErrorAction Stop
+ Write-Host "[INFO] Set registry value: $($Setting.Key)\$($Setting.ValueName) = $($Setting.Value)"
+ }
+
+ New-GPLink -Name $GPO.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes -ErrorAction Stop
+ Write-Host "[INFO] Created GP link for '$GpoName' on $DomainNameDN"
+}
+catch {
+ Write-Host "[ERR] Failed to configure GPO '$GpoName': $_"
+}
+
+Stop-Transcript
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-14 18:55:30 +0000