-
Notifications
You must be signed in to change notification settings - Fork 1
/
Install-ExploitProtectionPolicy.ps1
49 lines (43 loc) · 1.57 KB
/
Install-ExploitProtectionPolicy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#Requires -RunAsAdministrator
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
# Source folder
$srcFolder = Split-Path -Parent $Myinvocation.mycommand.path
$srcFile = Join-Path $srcFolder -ChildPath 'EP-W11.xml'
$destFolder = Join-Path $Env:windir -ChildPath 'EP'
$destFile = Join-Path $destFolder -ChildPath 'EP.xml'
# Create the destination folder
if (-Not (Test-Path $destFolder)) {
try {
New-Item -Path $destFolder -ItemType Directory -Force
}
catch {
Write-Warning 'Unable to create the destination folder, aborting...'
Pause
exit 1
}
}
# Copy the policy file
try {
Copy-Item -Path $srcFile -Destination $destFile -Force
}
catch {
Write-Warning 'Unable to copy the policy file, aborting...'
Pause
exit 1
}
if (-Not (Test-Path 'HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection')) {
New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection' -Force | Out-Null
}
try {
Set-ProcessMitigation -PolicyFilePath $destFile
Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection' -Name 'ExploitProtectionSettings' -Value "$destFile" -Force | Out-Null
}
catch {
Write-Warning 'Unable to apply the new policy...'
$string_err = $_ | Out-String
Write-Output "Exception: $string_err"
Pause
exit 1
}
Write-Host -ForegroundColor Green "Installation successful, please restart your computer for changes to take effect ! :)"