ladewig
commented
3 years ago I ran into that issue with Defender policies as well and added that to our local version. Have been meaning to submit that and some other changes.
Open edickey6 opened 3 years ago
ladewig
commented
3 years ago I ran into that issue with Defender policies as well and added that to our local version. Have been meaning to submit that and some other changes.
When the script remediates the GPO cache (by deleting "$($env:WinDir)\System32\GroupPolicy\Machine\registry.pol") it currently causes an issue where any Defender Anti Malware policies are reset to Windows defaults instead of the ones in CM. I recommend just adding an Endpoint AM policy reevaluate cycle {00000000-0000-0000-0000-000000000222} after the Scan by Update Source cycle in that you already have it doing when it does that remediation, this would just let it reset those policies quickly so it doesn't cause things like the pop ups my users complained about from our exclusion paths and processes not being set properly which led me to figure this out.
Side note 1: the Scan by Update Source cycle does run a gpupdate by itself at least in the last several versions of the CM client, you don't need to run your own gpupdate, that just makes the system run two gpupdates instead of one. Side note 2: Invoke-CimMethod was introduced in PowerShell 3.0 and I have used it without issue since at least 4.0, possibly 3.5, so you shouldn't need to limit that to 6+