Last active
January 3, 2019 22:57
-
-
Save tstolswo/bd6d174b65d62d8f392fbb01c92070ee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Connect to ConfigMgr Site | |
$SiteCode = "SITECODE" #SiteCode - Modify this for your environment | |
$ProviderMachineName = "SITESERVER" # SiteServer - Modify this for your environment | |
Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" | |
if (-not (Test-Path "$($SiteCode):\")){ | |
New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName | |
} | |
#Set the working location to the Site | |
Set-Location "$($SiteCode):\" | |
#Set Discovery Script PS Code | |
$DiscoveryScript = @" | |
`$(Get-MPPreference).DisableRealtimeMonitoring | |
"@ | |
#Create Configuration Item | |
$ConfigItem = New-CMConfigurationItem -Name "Verify Windows Defender Real-Time Scanning Status" -CreationType WindowsOS | |
#Add Compliance Rule to CI | |
$ConfigItem | Add-CMComplianceSettingScript -DataType String -DiscoveryScriptLanguage PowerShell -DiscoveryScriptText $DiscoveryScript -SettingName "Defender Real-Time Protection Setting" -NoRule -Is64Bit | |
$CompSetting = $ConfigItem | Get-CMComplianceSetting -SettingName "Defender Real-Time Protection Setting" | |
$CompRule = $CompSetting | New-CMComplianceRuleValue -RuleName "Is False" -ExpressionOperator IsEquals -ExpectedValue "True" | |
$FinishedCI = $ConfigItem | Add-CMComplianceSettingRule -Rule $CompRule | |
#Add CI to new Baseline | |
$CMBaseline = New-CMBaseline -Name $ConfigItem.LocalizedDisplayName | |
$FinishedBL = Set-CMBaseline -Name $ConfigItem.LocalizedDisplayName -AddOSConfigurationItem $ConfigItem.CI_ID |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment