From 270445d3caa1517365728ce23b6f645ff9275099 Mon Sep 17 00:00:00 2001 From: "marius.widmann" Date: Tue, 19 Nov 2019 15:48:12 +0100 Subject: [PATCH] Imports --- README.md | 0 tiNGrundpaketClient.txt | 58 +++++++++++++++++++++ tiNGrundpaketServer.txt | 108 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) mode change 100644 => 100755 README.md create mode 100755 tiNGrundpaketClient.txt create mode 100755 tiNGrundpaketServer.txt diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/tiNGrundpaketClient.txt b/tiNGrundpaketClient.txt new file mode 100755 index 0000000..c7b5134 --- /dev/null +++ b/tiNGrundpaketClient.txt @@ -0,0 +1,58 @@ +#Windows 10 Pro Client Boxstarter Script: Grundpaket und Konfiguration (c) Tüit GmbH +#TODO: Defaultprograms for Datatypes, Install all Updates (not only critical) + +#----------------Setting Variables------------------------ + +#Other Variables +$dHostname = Read-Host 'Input desired Hostname (Default: Keep current hostname)' +if($dHostname -eq ""){$dHostname = [Net.Dns]::GetHostName()} + +#---------------Configure Chocolatey and Environment------------------------------- +choco features enable -n=allowGlobalConfirmation +choco feature enable -n=allowEmptyChecksums +New-Item -ErrorAction Ignore -Path "C:\" -Name "temp" -ItemType "directory"` + +#----------------Configure Windows------------------------ +#Set Hostname +Write-Host "Setting Hostname to $dHostname": +Rename-Computer -NewName "$dHostname" -Force +#Enable RemoteDesktop +Enable-RemoteDesktop +#Remove annoying Windows Stuff +Disable-GameBarTips +#Set Taskbar to Lock and put it to the bottom and show all icons +Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock +Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn +#Show Hidden Files, File Extensions, Systemfiles and Full-Path in Titlebar +Set-WindowsExplorerOptions -EnableShowFullPathInTitleBar +#Disable IPv6 +Write-Host DisabledComponents registry key: +reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f +#Zeitserver einstellen +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v (Standard) /t REG_SZ /d 1 /f +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d 0.de.pool.ntp.org /f +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d 1.de.pool.ntp.org /f +net time /setsntp:"0.de.pool.ntp.org" + +#---------------Install important Windows Packages--------------- +#Install all critical OS Updates +Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS +choco install javaruntime -y --cacheLocation="c:\temp" + +#---------------Install Tueit Basic Software--------------------- +choco install vlc -y --cacheLocation="c:\temp" +choco install adobereader -y --cacheLocation="c:\temp" +choco install anydesk -y --cacheLocation="c:\temp" +choco install 7zip -y --cacheLocation="c:\temp" +choco install bleachbit -y --cacheLocation="c:\temp" +choco install firefox -y --cacheLocation="c:\temp" +choco install greenshot -y --cacheLocation="c:\temp" +choco install autoruns -y --cacheLocation="c:\temp" +choco install windirstat -y --cacheLocation="c:\temp" +choco install libreoffice -y --cacheLocation="c:\temp" +choco install cdrfte -y --cacheLocation="c:\temp" +choco install flashplayerplugin -y --cacheLocation="c:\temp" +choco install thunderbird -y --cacheLocation="c:\temp" +choco install pdf24 -y --cacheLocation="c:\temp" + + diff --git a/tiNGrundpaketServer.txt b/tiNGrundpaketServer.txt new file mode 100755 index 0000000..d2c1199 --- /dev/null +++ b/tiNGrundpaketServer.txt @@ -0,0 +1,108 @@ +#Windows Server 2019 Std. Boxstarter Script: Grundpaket und Konfiguration (c) Tüit GmbH +#TODO: Defaultprograms for Datatypes, Install all Updates (not only critical) + +#----------------Setting Variables------------------------ +#Set these Variables to newest Version +$dZabbixAgentDownloadUrlMsi = "https://www.zabbix.com/downloads/4.4.1/zabbix_agent-4.4.1-win-amd64-openssl.msi" +$dZabbixWindowsUpdatesVBSUrl = "https://cloud.tueit.de/s/G9qqjeAm9q8wamT/download" + +#Other Variables +$dHostname = Read-Host 'Input desired Hostname (Default: Keep current hostname)' +if($dHostname -eq ""){$dHostname = [Net.Dns]::GetHostName()} +$dInstallZabbix = "" +$dZabbixServer = "" +$dZabbixPSK = "" +$dZabbixHostname = "" +$dInstallZabbix = Read-Host 'Install and configure Zabbix Agent (yes/no)? (Default: yes)' +if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){` + $dZabbixServer = Read-Host 'Input Zabbix Server or Proxy IP (Default: IP of DefaultGateway)' + if($dZabbixServer -eq ""){$dZabbixServer = Get-NetRoute -DestinationPrefix "0.0.0.0/0" | Select-Object -ExpandProperty "NextHop"} + $dZabbixPSK = Read-Host 'Input Zabbix PSK (Default: NotSet)' + if($dZabbixPSK -eq ""){$dZabbixPSK = "NotSet"} + $dZabbixHostname = Read-Host 'Input Zabbix Hostname as defined in Zabbix Server (Default: NotSet)' + if($dZabbixHostname -eq ""){$dZabbixHostname = "NotSet"} +} + +#---------------Configure Chocolatey and Environment------------------------------- +choco features enable -n=allowGlobalConfirmation +choco feature enable -n=allowEmptyChecksums +New-Item -ErrorAction Ignore -Path "C:\" -Name "temp" -ItemType "directory"` + +#--------------Install Zabbix Agent (if wanted)------------------------------ +if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ + wget $dZabbixAgentDownloadUrlMsi -OutFile "C:\temp\zabbix_agent_setup.msi" + msiexec /l*v "C:\temp\zabbix_installation_log.txt" /i "C:\temp\zabbix_agent_setup.msi" /norestart /qn SERVER="$dZabbixServer" HOSTNAME="$dZabbixHostname" TLSCONNECT=psk TLSACCEPT=psk TLSPSKIDENTITY="$dHostname" TLSPSKVALUE="$dZabbixPSK" ENABLEREMOTECOMMANDS=1 +} + +#----------------Configure Windows------------------------ +#Set Hostname +Write-Host "Setting Hostname to $dHostname": +Rename-Computer -NewName "$dHostname" -Force +#Enable RemoteDesktop +Enable-RemoteDesktop +#Remove annoying Windows Stuff +Disable-GameBarTips +Disable-BingSearch +#Set Taskbar to Lock and put it to the bottom and show all icons +Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock +Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn +#Show Hidden Files, File Extensions, Systemfiles and Full-Path in Titlebar +Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions -EnableShowFullPathInTitleBar +#Allow SMB through the firewall +Write-Host SMB firewall rule: +netsh advfirewall firewall add rule name=SMB dir=in action=allow localport=445 protocol=tcp +# Disable SMB Version 1 - https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ +Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol +#Disable IPv6 +Write-Host DisabledComponents registry key: +reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f +#Zeitserver einstellen +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v (Standard) /t REG_SZ /d 1 /f +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d 0.de.pool.ntp.org /f +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d 1.de.pool.ntp.org /f +net time /setsntp:"0.de.pool.ntp.org" + + +#--------------Windows Update Behaviour------------------------- +#Set Active Hours, but disable them +Write-Host Set Active Hours for Windows Updates registry key: +reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursStart /t REG_DWORD /d 5 /f +reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursEnd /t REG_DWORD /d 23 /f +reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v SetActiveHours /t REG_DWORD /d 0 /f +#Configure Windows automatic Updates +Write-Host Disable automatic reboot after update installation at scheduled time registry key: +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AlwaysAutoRebootAtScheduledTime /t REG_DWORD /d 0 /f +Write-Host Set Scheduled Time for Update Install registry key: +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduleInstallTime /t REG_DWORD /d 23 /f +Write-Host Set automatically download and notify for installation of updates registry key: +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3 /f +Write-Host Set No Auto Reboot With Logged On Users registry key: +reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f + +#---------------Install important Windows Packages--------------- +#Install all critical OS Updates +Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS + +#---------------Install Tueit Basic Software--------------------- +choco install anydesk -y --cacheLocation="c:\temp" +choco install 7zip -y --cacheLocation="c:\temp" +choco install firefox -y --cacheLocation="c:\temp" +choco install hwinfo -y --cacheLocation="c:\temp" +choco install autoruns -y --cacheLocation="c:\temp" +choco install procexp -y --cacheLocation="c:\temp" +choco install windirstat -y --cacheLocation="c:\temp" +choco install doublecmd -y --cacheLocation="c:\temp" +choco install notepadplusplus.install -y --cacheLocation="c:\temp" + +#---------------Zabbix: Windows Update Trapper incl. Aufgabenplanung einrichten----------------- +#Wird erst jetzt ausgeführt da die Installation von Zabbix vorher abgeschlossen sein muss +if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ + Write-Host Create Windows Update windowsupdates.bat file for sending data to Zabbix Trapper: + Write-Output "cscript //NoLogo winupdates.vbs $dZabbixHostname | .\zabbix_sender.exe -z $dZabbixServer -i - -c zabbix_agentd.conf" | Out-File -FilePath "C:\Program Files\Zabbix Agent\winupdates.bat" -Append -Encoding ascii + Write-Host Copy VBS-Script for Windows Updates: + wget -O "C:\Program Files\Zabbix Agent\winupdates.vbs" $dZabbixWindowsUpdatesVBSUrl + Write-Host Create Task for Windows Updates polling to Zabbix: + schtasks /create /tn "Zabbix Winupdate Send" /sc MINUTE /mo 30 /tr "C:\Program Files\Zabbix Agent\winupdates.bat" /ru System +} + +