75 lines
3.4 KiB
PowerShell
75 lines
3.4 KiB
PowerShell
# windows server cleanup
|
|
|
|
# test to see if this is a desktop version of windows
|
|
$windesktop = (gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])"
|
|
if ($windesktop)
|
|
{
|
|
write-output "This is a desktop version of windows"
|
|
}
|
|
|
|
write-output "Disable Hybernation"
|
|
powercfg -hibernate OFF
|
|
|
|
write-output "configure screen saver"
|
|
Set-ItemProperty -Path "registry::HKEY_USERS\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveActive -Value 0
|
|
|
|
write-output "change administrator user pass next login"
|
|
# this gets reset by sysprep/guest customization. need to set it again in the guest customization script.
|
|
net user localuser /logonpasswordchg:no
|
|
|
|
write-output "Enable administrator account"
|
|
net user administrator /active:yes
|
|
|
|
write-output "Disable firewall"
|
|
netsh advfirewall set allprofiles state off
|
|
|
|
write-output "supress network location Prompt"
|
|
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force
|
|
|
|
# remove troublesome 3rd party app store apps that cause sysprep to fail
|
|
if ($windesktop)
|
|
{
|
|
if ([Environment]::OSVersion.Version -ge (new-object 'Version' 10,0))
|
|
{
|
|
Get-AppxPackage -user localuser PackageFullName | Remove-AppxPackage -ErrorAction SilentlyContinue
|
|
}
|
|
}
|
|
|
|
## Optimize IPv6 settings
|
|
write-output "disable privacy IPv6 addresses"
|
|
netsh interface ipv6 set privacy state=disabled store=active
|
|
netsh interface ipv6 set privacy state=disabled store=persistent
|
|
|
|
write-output "enable EUI-64 addressing"
|
|
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
|
|
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
|
|
|
|
write-output "Enable Remote Desktop"
|
|
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null
|
|
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null
|
|
|
|
write-output "Clear windows autologon"
|
|
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultDomainName -EA 0
|
|
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -EA 0
|
|
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -EA 0
|
|
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserPassword -EA 0
|
|
|
|
# not the most secure option here..
|
|
write-output "Enable remote command policy"
|
|
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1 -Type DWord
|
|
|
|
# sysprep with wmf 5 fix
|
|
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\StreamProvider -Name LastFullPayloadTime -Value 0 -Type DWord
|
|
|
|
# set ntp to sync time before domain join
|
|
Write-Output "Setting System Time Zone to UTC `r"
|
|
tzutil.exe /s "UTC"
|
|
|
|
write-output "setup guest customization shim"
|
|
if(!(Test-Path -Path "C:\Windows\Setup\Scripts" )){
|
|
New-Item -ItemType directory -Path "C:\Windows\Setup\Scripts"
|
|
}
|
|
Set-Content -path C:\windows\setup\scripts\SetupComplete.cmd -value 'powershell -executionpolicy bypass -file C:\windows\setup\scripts\SetupComplete.ps1'
|
|
move-item c:\windows\temp\SetupComplete.ps1 c:\windows\setup\scripts\
|
|
|