I am preparing a script to automate and kick off Windows 10 upgrades. The structure of our IT department is such that the security tools, including Mcafee are seperaete and I do not have access to the console or settings to change. I've asked my security team these questions and they can't seem to help. Hoping I get some info here.
In order to do a Windows 10 upgrade several reboot are required, disabling preboot auth is a requirment of this customer so that th end-user doesn't have to baby-sit this process. I am running some pre-install checks in powershell to determine mcafee status that I have a couple questions about:
current DWORD value is 1, during testing when disabling preboot via EPO policy this value was set to 0. My support staff is telling me that this will NOT set to 0 when using temporaryautoboot.exe. Is this accurate? How would one verify via a script if preboot auth is disabled?
2) Policy application. I've requested that the security team set the global policy to allow temporaryautoboot.exe to work. They are telling me there is no scriptable way to query policy status from a client to validate new policy has been applied. Is this accurate? From the client how would one verify via script poilucy settings? The only option they gave me was through the GUI to create a client report.