From 32a92a4fd19baa6438c0443deb247e93d02b1948 Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Mon, 14 Jul 2025 16:16:45 +0300
Subject: added defender disabling gpo, changed print messages in scripts,
 logging set domain network

---
 ansible/roles/dc01/tasks/main.yaml               | 3 +++
 ansible/roles/dc01/tasks/setup_defender_gpo.yaml | 7 +++++++
 2 files changed, 10 insertions(+)
 create mode 100644 ansible/roles/dc01/tasks/setup_defender_gpo.yaml

(limited to 'ansible/roles/dc01/tasks')

diff --git a/ansible/roles/dc01/tasks/main.yaml b/ansible/roles/dc01/tasks/main.yaml
index d9b0b40..472c191 100644
--- a/ansible/roles/dc01/tasks/main.yaml
+++ b/ansible/roles/dc01/tasks/main.yaml
@@ -29,6 +29,9 @@
 - name: execute setup-gpo.ps1 as domain admin
   import_tasks: setup_gpo.yaml
 
+- name: execute setup-defender-gpo.ps1 as domain admin
+  import_tasks: setup_defender_gpo.yaml
+
 - name: reboot after gpo setup
   import_tasks: reboot.yaml
 
diff --git a/ansible/roles/dc01/tasks/setup_defender_gpo.yaml b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml
new file mode 100644
index 0000000..56e7809
--- /dev/null
+++ b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml
@@ -0,0 +1,7 @@
+- name: execute setup-defender-gpo.ps1 as domain admin
+  ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ main_domain_name }}"
+  become: yes
+  become_method: runas
+  become_user: "{{ main_domain_name }}\\Administrator"
+  vars:
+    ansible_become_password: "{{ default_win_password }}"
-- 
cgit v1.2.3