forked from tueit_GmbH/boxstarter
		
	Added VIM to GrundpaketServer
This commit is contained in:
		
							
								
								
									
										
											BIN
										
									
								
								.tiNGrundpaketServer.txt.un~
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								.tiNGrundpaketServer.txt.un~
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| @ -92,7 +92,7 @@ choco install autoruns -y --cacheLocation="c:\temp" | |||||||
| choco install procexp -y --cacheLocation="c:\temp" | choco install procexp -y --cacheLocation="c:\temp" | ||||||
| choco install windirstat -y --cacheLocation="c:\temp" | choco install windirstat -y --cacheLocation="c:\temp" | ||||||
| choco install doublecmd -y --cacheLocation="c:\temp" | choco install doublecmd -y --cacheLocation="c:\temp" | ||||||
| choco install notepadplusplus.install -y --cacheLocation="c:\temp" | choco install vim -y --cacheLocation="c:\temp" --params "'/NoDesktopShortcuts'" | ||||||
|  |  | ||||||
| #---------------Zabbix: Windows Update Trapper incl. Aufgabenplanung einrichten----------------- | #---------------Zabbix: Windows Update Trapper incl. Aufgabenplanung einrichten----------------- | ||||||
| #Wird erst jetzt ausgeführt da die Installation von Zabbix vorher abgeschlossen sein muss | #Wird erst jetzt ausgeführt da die Installation von Zabbix vorher abgeschlossen sein muss | ||||||
|  | |||||||
							
								
								
									
										108
									
								
								tiNGrundpaketServer.txt~
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										108
									
								
								tiNGrundpaketServer.txt~
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,108 @@ | |||||||
|  | #Windows Server 2019 Std. Boxstarter Script: Grundpaket und Konfiguration (c) Tüit GmbH | ||||||
|  | #TODO: Defaultprograms for Datatypes, Install all Updates (not only critical) | ||||||
|  |  | ||||||
|  | #----------------Setting Variables------------------------ | ||||||
|  | #Set these Variables to newest Version | ||||||
|  | $dZabbixAgentDownloadUrlMsi = "https://www.zabbix.com/downloads/4.4.1/zabbix_agent-4.4.1-win-amd64-openssl.msi" | ||||||
|  | $dZabbixWindowsUpdatesVBSUrl = "https://git.tueit.de/tueit_GmbH/zabbix_client_configuration/raw/commit/cbb8ed1c397202e44fc39173e88efc8fff72e447/windowsserver2019/winupdates.vbs" | ||||||
|  |  | ||||||
|  | #Other Variables | ||||||
|  | $dHostname = Read-Host 'Input desired Hostname (Default: Keep current hostname)' | ||||||
|  | if($dHostname -eq ""){$dHostname = [Net.Dns]::GetHostName()} | ||||||
|  | $dInstallZabbix = "" | ||||||
|  | $dZabbixServer = "" | ||||||
|  | $dZabbixPSK = "" | ||||||
|  | $dZabbixHostname = "" | ||||||
|  | $dInstallZabbix = Read-Host 'Install and configure Zabbix Agent (yes/no)? (Default: yes)' | ||||||
|  | if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){` | ||||||
|  | 	$dZabbixServer = Read-Host 'Input Zabbix Server or Proxy IP (Default: IP of DefaultGateway)' | ||||||
|  | 	if($dZabbixServer -eq ""){$dZabbixServer = Get-NetRoute -DestinationPrefix "0.0.0.0/0" | Select-Object -ExpandProperty "NextHop"} | ||||||
|  | 	$dZabbixPSK = Read-Host 'Input Zabbix PSK (Default: NotSet)' | ||||||
|  | 	if($dZabbixPSK -eq ""){$dZabbixPSK = "NotSet"} | ||||||
|  | 	$dZabbixHostname = Read-Host 'Input Zabbix Hostname as defined in Zabbix Server (Default: NotSet)' | ||||||
|  | 	if($dZabbixHostname -eq ""){$dZabbixHostname = "NotSet"} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | #---------------Configure Chocolatey and Environment------------------------------- | ||||||
|  | choco features enable -n=allowGlobalConfirmation | ||||||
|  | choco feature enable -n=allowEmptyChecksums | ||||||
|  | New-Item -ErrorAction Ignore -Path "C:\" -Name "temp" -ItemType "directory"` | ||||||
|  |  | ||||||
|  | #--------------Install Zabbix Agent (if wanted)------------------------------ | ||||||
|  | if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ | ||||||
|  | 	wget -O $dZabbixAgentDownloadUrlMsi "C:\temp\zabbix_agent_setup.msi" | ||||||
|  | 	msiexec /l*v "C:\temp\zabbix_installation_log.txt" /i "C:\temp\zabbix_agent_setup.msi" /norestart /qn SERVER="$dZabbixServer" HOSTNAME="$dZabbixHostname" TLSCONNECT=psk TLSACCEPT=psk TLSPSKIDENTITY="$dHostname" TLSPSKVALUE="$dZabbixPSK" ENABLEREMOTECOMMANDS=1  | ||||||
|  | } | ||||||
|  |  | ||||||
|  | #----------------Configure Windows------------------------ | ||||||
|  | #Set Hostname | ||||||
|  | Write-Host "Setting Hostname to $dHostname": | ||||||
|  | Rename-Computer -NewName "$dHostname" -Force | ||||||
|  | #Enable RemoteDesktop | ||||||
|  | Enable-RemoteDesktop | ||||||
|  | #Remove annoying Windows Stuff | ||||||
|  | Disable-GameBarTips | ||||||
|  | Disable-BingSearch | ||||||
|  | #Set Taskbar to Lock and put it to the bottom and show all icons | ||||||
|  | Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock | ||||||
|  | Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn | ||||||
|  | #Show Hidden Files, File Extensions, Systemfiles and Full-Path in Titlebar | ||||||
|  | Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions -EnableShowFullPathInTitleBar | ||||||
|  | #Allow SMB through the firewall | ||||||
|  | Write-Host SMB firewall rule: | ||||||
|  | netsh advfirewall firewall add rule name=SMB dir=in action=allow localport=445 protocol=tcp | ||||||
|  | # Disable SMB Version 1 - https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ | ||||||
|  | Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol | ||||||
|  | #Disable IPv6 | ||||||
|  | Write-Host DisabledComponents registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f | ||||||
|  | #Zeitserver einstellen | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v (Standard) /t REG_SZ /d 1 /f | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d 0.de.pool.ntp.org /f | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d 1.de.pool.ntp.org /f | ||||||
|  | net time /setsntp:"0.de.pool.ntp.org" | ||||||
|  |  | ||||||
|  |  | ||||||
|  | #--------------Windows Update Behaviour------------------------- | ||||||
|  | #Set Active Hours, but disable them | ||||||
|  | Write-Host Set Active Hours for Windows Updates registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursStart /t REG_DWORD /d 5 /f | ||||||
|  | reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursEnd /t REG_DWORD /d 23 /f | ||||||
|  | reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v SetActiveHours /t REG_DWORD /d 0 /f | ||||||
|  | #Configure Windows automatic Updates | ||||||
|  | Write-Host Disable automatic reboot after update installation at scheduled time registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AlwaysAutoRebootAtScheduledTime /t REG_DWORD /d 0 /f | ||||||
|  | Write-Host Set Scheduled Time for Update Install registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduleInstallTime /t REG_DWORD /d 23 /f | ||||||
|  | Write-Host Set automatically download and notify for installation of updates registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3 /f | ||||||
|  | Write-Host Set No Auto Reboot With Logged On Users registry key: | ||||||
|  | reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f | ||||||
|  |  | ||||||
|  | #---------------Install important Windows Packages--------------- | ||||||
|  | #Install all critical OS Updates | ||||||
|  | Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS | ||||||
|  |  | ||||||
|  | #---------------Install Tueit Basic Software--------------------- | ||||||
|  | choco install anydesk -y --cacheLocation="c:\temp" | ||||||
|  | choco install 7zip -y --cacheLocation="c:\temp" | ||||||
|  | choco install firefox -y --cacheLocation="c:\temp" | ||||||
|  | choco install hwinfo -y --cacheLocation="c:\temp" | ||||||
|  | choco install autoruns -y --cacheLocation="c:\temp" | ||||||
|  | choco install procexp -y --cacheLocation="c:\temp" | ||||||
|  | choco install windirstat -y --cacheLocation="c:\temp" | ||||||
|  | choco install doublecmd -y --cacheLocation="c:\temp" | ||||||
|  | choco install notepadplusplus.install -y --cacheLocation="c:\temp" | ||||||
|  |  | ||||||
|  | #---------------Zabbix: Windows Update Trapper incl. Aufgabenplanung einrichten----------------- | ||||||
|  | #Wird erst jetzt ausgeführt da die Installation von Zabbix vorher abgeschlossen sein muss | ||||||
|  | if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ | ||||||
|  | 	Write-Host Create Windows Update windowsupdates.bat file for sending data to Zabbix Trapper: | ||||||
|  | 	Write-Output "cscript //NoLogo winupdates.vbs $dZabbixHostname | .\zabbix_sender.exe -z $dZabbixServer -i - -c zabbix_agentd.conf" | Out-File -FilePath "C:\Program Files\Zabbix Agent\winupdates.bat" -Append -Encoding ascii | ||||||
|  | 	Write-Host Copy VBS-Script for Windows Updates: | ||||||
|  | 	wget -O "C:\Program Files\Zabbix Agent\winupdates.vbs" $dZabbixWindowsUpdatesVBSUrl | ||||||
|  | 	Write-Host Create Task for Windows Updates polling to Zabbix: | ||||||
|  | 	schtasks /create /tn "Zabbix Winupdate Send" /sc MINUTE /mo 30 /tr "C:\Program Files\Zabbix Agent\winupdates.bat" /ru System | ||||||
|  | } | ||||||
|  |  | ||||||
|  |  | ||||||
		Reference in New Issue
	
	Block a user