skolo/win/ansible/swarming-bot-settings.yml - buildbot - Git at Google

 ---
 # Disable Windows Update, Windows Defender, and disk indexing.
 - hosts: all
   tasks:
   - name: Disable Windows Update
     win_service:
       name: wuauserv
       start_mode: disabled
       state: stopped
   # Unlike Windows Server, Windows Defender can not be uninstalled on Windows 10. Windows also
   # tends to re-enable it if it's disabled. Instead we exclude the entire drive from scanning and
   # disable specific features. Docs here:
   # https://docs.microsoft.com/en-us/powershell/module/defender/Set-MpPreference?view=win10-ps
   - name: Disable Windows Defender
     win_shell: "Set-MpPreference -ExclusionPath C:\\ -DisableBehaviorMonitoring $True
       -DisableBlockAtFirstSeen $True -DisableIOAVProtection $True
       -DisableIntrusionPreventionSystem $True -DisableRealtimeMonitoring $True
       -MAPSReporting Disabled -PUAProtection Disabled"
   - name: Disable disk indexing
     win_service:
       name: WSearch
       start_mode: disabled
       state: stopped
	---
	# Disable Windows Update, Windows Defender, and disk indexing.
	- hosts: all
	tasks:
	- name: Disable Windows Update
	win_service:
	name: wuauserv
	start_mode: disabled
	state: stopped
	# Unlike Windows Server, Windows Defender can not be uninstalled on Windows 10. Windows also
	# tends to re-enable it if it's disabled. Instead we exclude the entire drive from scanning and
	# disable specific features. Docs here:
	# https://docs.microsoft.com/en-us/powershell/module/defender/Set-MpPreference?view=win10-ps
	- name: Disable Windows Defender
	win_shell: "Set-MpPreference -ExclusionPath C:\\ -DisableBehaviorMonitoring $True
	-DisableBlockAtFirstSeen $True -DisableIOAVProtection $True
	-DisableIntrusionPreventionSystem $True -DisableRealtimeMonitoring $True
	-MAPSReporting Disabled -PUAProtection Disabled"
	- name: Disable disk indexing
	win_service:
	name: WSearch
	start_mode: disabled
	state: stopped