ansible.infra.services/roles/crowdstrike/tasks/install-crowdstrike-windows.yml

---
- name: Windows-Add or update registry path Dnscache, with dword entry 'Type', and containing 0x00000020 as the hex value
  win_regedit:
    path: HKLM:\SYSTEM\CurrentControlSet\services\Dnscache
    name: Type
    data: 0x00000020
    type: dword

- name: Windows-Checking to see if Crowdstrike is already installed
  win_shell: |
    Get-Service -Name "CSFalconService"
  register: crowd_installed
  changed_when: false
  ignore_errors: true

- name: Windows-Check if services are installed and running
  win_service:
    name: "{{ item }}"
    state: started
  with_items:
    - nsi
    - BFE
    - Power
    - lmhosts
    - WinHttpAutoProxySvc
    - Dhcp
  when: crowd_installed is failed

- name: Windows-Disable IE enhanced security
  win_shell: 'Set-ItemProperty -Path "{{ Emplacement_Clef_Securite }}{{ item.Clef }}" -Name IsInstalled -Value 0'
  with_items:
    - { Clef: "{{ Clef_Securite_Admin }}" }
    - { Clef: "{{ Clef_Securite_Users }}" }
  vars:
    Emplacement_Clef_Securite: 'HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\'
    Clef_Securite_Admin: '{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}'
    Clef_Securite_Users: '{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}'
  when: crowd_installed is failed
  ignore_errors: yes #Keep ignore for non server OS

- name: Windows-Add Windows Defender exclusions
  win_shell: Add-MpPreference -{{ item.ExclusionType }} "{{ item.valeur }}"
  with_items: 
    - { ExclusionType: ExclusionPath, valeur: 'D:\' }
    - { ExclusionType: ExclusionPath, valeur: 'C:\ProgramData\' }
    - { ExclusionType: ExclusionPath, valeur: 'C:\Users\' }
    - { ExclusionType: ExclusionExtension, valeur: '.exe' }
  when: crowd_installed is failed

- name: Instal Crowdstrike agent
  win_package:
    product_id: '{D339C288-2EEA-49A3-B10F-979FC2715A2C}'
    path: http://{{ katelloURL }}/pulp/isos/NeXT/Library/custom/Misc/Misc-zip-packages/{{ Crowdstrike_version_win }}
    arguments: /install /quiet /norestart CID={{ Crowdstrike_cid }} VDI=1
    state: present
  when: crowd_installed is failed
  register: result
  retries: 1
  until: result is succeeded
  delay: 15

- name: Windows-Add or update registry with binary entry
  win_regedit:
    path: 'HKLM:\SYSTEM\CrowdStrike\{9b03c1d9-3138-44ed-9fae-d9f4c034b88d}\{16e0423f-7058-48c9-a204-725362b67639}'
    name: Default
    data: [0x03,0x00,0x00,0x00]
    type: binary
  when: crowd_installed is failed

- name: Windows-Check if CSFalconService is running
  win_service:
    name: CSFalconService
    state: started
  when: crowd_installed is failed

- name: Windows-Check Crowdstrike obtained ID else fail
  win_shell: '.\CSDeviceControlSupportTool.exe {{ Crowdstrike_cid }} -c showrules'
  args:
    chdir: 'C:\Program Files\CrowdStrike'
  register: crowd_result
  failed_when: "'Failed' in crowd_result.stdout"
  retries: 6
  until: crowd_result is succeeded
  delay: 30
  when: crowd_installed is failed

- name: 'Windows-Windows defender Exclusions cleanup'
  win_shell: "{{ item.Command }}"
  with_items: 
    - { Command: '( Get-MpPreference ).ExclusionPath | foreach { Remove-MpPreference -ExclusionPath $_.ToString()}' }
    - { Command: '( Get-MpPreference ).ExclusionProcess | foreach { Remove-MpPreference -ExclusionProcess $_.ToString()}' }
  when: crowd_installed is failed

- name: 'Windows-Enable IE enhanced security'
  win_shell: 'Set-ItemProperty -Path "{{ Emplacement_Clef_Securite }}{{ item.Clef }}" -Name IsInstalled -Value 1'
  with_items:
    - { Clef: "{{ Clef_Securite_Admin }}" }
    - { Clef: "{{ Clef_Securite_Users }}" }
  when: crowd_installed is failed
  ignore_errors: yes #Keep ignore for non server OS