This detection rule focuses on identifying potentially malicious modifications to Group Policy Objects (GPOs) through PowerShell script execution. By monitoring script blocks that involve specific registry keys and GPO-related variables, the rule aims to detect unauthorized changes that could enable threat actors to manipulate system behaviors, escalate privileges, or evade defenses. The critical registry paths monitored include those related to Windows System policies. Consequently, the rule can inform security teams about possible exploits and assist in maintaining the integrity of organizational policies.