As I spend time working in many different Configuration Manager environments, I find myself regularly needing to create Antimalware Policies. Most of the settings in the antimalware policies can be configured quickly, however the setting that always takes me the most time is the Exclusion Settings. There needs to be different policies with different exclusion settings for different types of devices. Each of these separate policies have 3 different areas for adding file paths, file types, and processes. And for some reason, unknown to me, the dialog window for adding exclusions has a 260 character limit. This means that even if all the exclusion settings are in a list, you can’t just copy the whole list in at once. All this adds up to make this process time consuming and inconsistent. ...

I was recently deploying an application that required Windows Firewall rules to be created for an executable that ran from each user’s AppData folder. The way I accomplished this was to use a combination of PowerShell scripts and the Windows Task Scheduler. I created two PowerShell scripts for this solution. Create_Scheduled_Task.ps1 and Create_Firewall_Rules.ps1. The Create_Scheduled_Task.ps1 script copies the Create_Firewall_Rules.ps1 script to a subfolder in C:\Users\Public and creates a scheduled task to run that script each time a user logs onto the computer. You will need to set the $appName, $scriptName, and $folderPath variables. ...

I encountered a scenario where I needed to add or remove domain users from the local administrators group on an individual computer basis. The Run Script feature in Configuration Manager worked great for this. I used an Add script and a Remove script. Both scripts have a $Member parameter that takes the name of a domain user or group and adds it to or removes it from the local administrator group on selected computers. ...