security.ps1
|
function isadmin { $id = [Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() return $id.IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator") } function uac_disable { $key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' setprop $key 'ConsentPromptBehaviorAdmin' 'DWORD' 0 setprop $key 'EnableLUA' 'DWORD' 0 } function pwsh_bypass { Set-ExecutionPolicy -force -scope LocalMachine -ExecutionPolicy bypass Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass if (installed pwsh) { pwsh -c '& {Set-ExecutionPolicy -force -scope localmachine -ExecutionPolicy bypass}' pwsh -c '& {Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass}' } if (installed powershell) { powershell -c '& {Set-ExecutionPolicy -force -scope LocalMachine -ExecutionPolicy bypass}' powershell -c '& {Set-ExecutionPolicy -force -scope currentuser -ExecutionPolicy bypass}' } } function defender_disable { $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' setprop $key 'DisableAntiVirus' 'DWORD' 1 setprop $key 'DisableBehaviorMonitoring' 'DWORD' 1 setprop $key 'DisableOnAccessDetection' 'DWord' 1 setprop $key 'DisableScanOnRealtimeEnable' 'DWord' 1 setprop $key 'DisableAntiSpyware' 'DWord' 1 setprop $key 'DisableSpecialRunningModes' 'DWORD' 1 setprop $key 'DisableTamperProtection' 'DWORD' 1 setprop $key 'DisableAntiSpywareDefinitionUpdate' 'DWORD' 1 setprop $key 'AllowCloudProtection' 'DWORD' 0 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' setprop $key 'DisableRealtimeMonitoring' 'DWORD' 1 setprop $key 'DisableBehaviorMonitoring' 'DWord' 1 setprop $key 'DisableOnAccessProtection' 'DWord' 1 setprop $key 'DisableScanOnRealtimeEnable' 'DWord' 1 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet' setprop $key 'DisableBlockAtFirstSeen' 'DWORD' 1 $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' setprop $key 'DisableEnhancedNotifications' 'DWORD' 1 setprop $key 'DisableGenericReports' 'DWORD' 1 setprop $key 'DisableGenericRemediation' 'DWORD' 1 } function pwexpire_disable { $key = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordPolicy" setprop $key "DisablePasswordExpiration" "DWORD" 1 } function ucpd_disable { # requires restart to take effect [void](Disable-ScheduledTask '\Microsoft\Windows\AppxDeploymentClient\UCPD velocity') $key = 'HKLM:\SYSTEM\CurrentControlSet\Services\UCPD' setprop $key 'Start' 'DWORD' 4 } |