def rule(event):
    if any(
        [
            all(
                [
                    any(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisableCMD"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\StartMenuLogOff"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableChangePassword"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableLockWorkstation"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableTaskmgr"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NoDispBackgroundPage"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NoDispCPL"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\DisableNotificationCenter"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Policies\\Microsoft\\Windows\\System\\DisableCMD"
                            ),
                        ]
                    ),
                    event.deep_get("Details", default="") == "DWORD (0x00000001)",
                ]
            ),
            all(
                [
                    any(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\shutdownwithoutlogon"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PushNotifications\\ToastEnabled"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SYSTEM\\CurrentControlSet\\Control\\Storage\\Write Protection"
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies\\WriteProtect"
                            ),
                        ]
                    ),
                    event.deep_get("Details", default="") == "DWORD (0x00000000)",
                ]
            ),
        ]
    ):
        return True
    return False
