forked from tueit_GmbH/boxstarter
		
	Removed temporary files
This commit is contained in:
		
										
											Binary file not shown.
										
									
								
							| @ -1,108 +0,0 @@ | ||||
| #Windows Server 2019 Std. Boxstarter Script: Grundpaket und Konfiguration (c) Tüit GmbH | ||||
| #TODO: Defaultprograms for Datatypes, Install all Updates (not only critical) | ||||
|  | ||||
| #----------------Setting Variables------------------------ | ||||
| #Set these Variables to newest Version | ||||
| $dZabbixAgentDownloadUrlMsi = "https://www.zabbix.com/downloads/4.4.1/zabbix_agent-4.4.1-win-amd64-openssl.msi" | ||||
| $dZabbixWindowsUpdatesVBSUrl = "https://git.tueit.de/tueit_GmbH/zabbix_client_configuration/raw/commit/cbb8ed1c397202e44fc39173e88efc8fff72e447/windowsserver2019/winupdates.vbs" | ||||
|  | ||||
| #Other Variables | ||||
| $dHostname = Read-Host 'Input desired Hostname (Default: Keep current hostname)' | ||||
| if($dHostname -eq ""){$dHostname = [Net.Dns]::GetHostName()} | ||||
| $dInstallZabbix = "" | ||||
| $dZabbixServer = "" | ||||
| $dZabbixPSK = "" | ||||
| $dZabbixHostname = "" | ||||
| $dInstallZabbix = Read-Host 'Install and configure Zabbix Agent (yes/no)? (Default: yes)' | ||||
| if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){` | ||||
| 	$dZabbixServer = Read-Host 'Input Zabbix Server or Proxy IP (Default: IP of DefaultGateway)' | ||||
| 	if($dZabbixServer -eq ""){$dZabbixServer = Get-NetRoute -DestinationPrefix "0.0.0.0/0" | Select-Object -ExpandProperty "NextHop"} | ||||
| 	$dZabbixPSK = Read-Host 'Input Zabbix PSK (Default: NotSet)' | ||||
| 	if($dZabbixPSK -eq ""){$dZabbixPSK = "NotSet"} | ||||
| 	$dZabbixHostname = Read-Host 'Input Zabbix Hostname as defined in Zabbix Server (Default: NotSet)' | ||||
| 	if($dZabbixHostname -eq ""){$dZabbixHostname = "NotSet"} | ||||
| } | ||||
|  | ||||
| #---------------Configure Chocolatey and Environment------------------------------- | ||||
| choco features enable -n=allowGlobalConfirmation | ||||
| choco feature enable -n=allowEmptyChecksums | ||||
| New-Item -ErrorAction Ignore -Path "C:\" -Name "temp" -ItemType "directory"` | ||||
|  | ||||
| #--------------Install Zabbix Agent (if wanted)------------------------------ | ||||
| if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ | ||||
| 	wget -O $dZabbixAgentDownloadUrlMsi "C:\temp\zabbix_agent_setup.msi" | ||||
| 	msiexec /l*v "C:\temp\zabbix_installation_log.txt" /i "C:\temp\zabbix_agent_setup.msi" /norestart /qn SERVER="$dZabbixServer" HOSTNAME="$dZabbixHostname" TLSCONNECT=psk TLSACCEPT=psk TLSPSKIDENTITY="$dHostname" TLSPSKVALUE="$dZabbixPSK" ENABLEREMOTECOMMANDS=1  | ||||
| } | ||||
|  | ||||
| #----------------Configure Windows------------------------ | ||||
| #Set Hostname | ||||
| Write-Host "Setting Hostname to $dHostname": | ||||
| Rename-Computer -NewName "$dHostname" -Force | ||||
| #Enable RemoteDesktop | ||||
| Enable-RemoteDesktop | ||||
| #Remove annoying Windows Stuff | ||||
| Disable-GameBarTips | ||||
| Disable-BingSearch | ||||
| #Set Taskbar to Lock and put it to the bottom and show all icons | ||||
| Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock | ||||
| Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn | ||||
| #Show Hidden Files, File Extensions, Systemfiles and Full-Path in Titlebar | ||||
| Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions -EnableShowFullPathInTitleBar | ||||
| #Allow SMB through the firewall | ||||
| Write-Host SMB firewall rule: | ||||
| netsh advfirewall firewall add rule name=SMB dir=in action=allow localport=445 protocol=tcp | ||||
| # Disable SMB Version 1 - https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ | ||||
| Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol | ||||
| #Disable IPv6 | ||||
| Write-Host DisabledComponents registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f | ||||
| #Zeitserver einstellen | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v (Standard) /t REG_SZ /d 1 /f | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d 0.de.pool.ntp.org /f | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d 1.de.pool.ntp.org /f | ||||
| net time /setsntp:"0.de.pool.ntp.org" | ||||
|  | ||||
|  | ||||
| #--------------Windows Update Behaviour------------------------- | ||||
| #Set Active Hours, but disable them | ||||
| Write-Host Set Active Hours for Windows Updates registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursStart /t REG_DWORD /d 5 /f | ||||
| reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursEnd /t REG_DWORD /d 23 /f | ||||
| reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v SetActiveHours /t REG_DWORD /d 0 /f | ||||
| #Configure Windows automatic Updates | ||||
| Write-Host Disable automatic reboot after update installation at scheduled time registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AlwaysAutoRebootAtScheduledTime /t REG_DWORD /d 0 /f | ||||
| Write-Host Set Scheduled Time for Update Install registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduleInstallTime /t REG_DWORD /d 23 /f | ||||
| Write-Host Set automatically download and notify for installation of updates registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3 /f | ||||
| Write-Host Set No Auto Reboot With Logged On Users registry key: | ||||
| reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f | ||||
|  | ||||
| #---------------Install important Windows Packages--------------- | ||||
| #Install all critical OS Updates | ||||
| Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS | ||||
|  | ||||
| #---------------Install Tueit Basic Software--------------------- | ||||
| choco install anydesk -y --cacheLocation="c:\temp" | ||||
| choco install 7zip -y --cacheLocation="c:\temp" | ||||
| choco install firefox -y --cacheLocation="c:\temp" | ||||
| choco install hwinfo -y --cacheLocation="c:\temp" | ||||
| choco install autoruns -y --cacheLocation="c:\temp" | ||||
| choco install procexp -y --cacheLocation="c:\temp" | ||||
| choco install windirstat -y --cacheLocation="c:\temp" | ||||
| choco install doublecmd -y --cacheLocation="c:\temp" | ||||
| choco install notepadplusplus.install -y --cacheLocation="c:\temp" | ||||
|  | ||||
| #---------------Zabbix: Windows Update Trapper incl. Aufgabenplanung einrichten----------------- | ||||
| #Wird erst jetzt ausgeführt da die Installation von Zabbix vorher abgeschlossen sein muss | ||||
| if(($dInstallZabbix -eq "yes") -or ($dInstallZabbix -eq "")){ | ||||
| 	Write-Host Create Windows Update windowsupdates.bat file for sending data to Zabbix Trapper: | ||||
| 	Write-Output "cscript //NoLogo winupdates.vbs $dZabbixHostname | .\zabbix_sender.exe -z $dZabbixServer -i - -c zabbix_agentd.conf" | Out-File -FilePath "C:\Program Files\Zabbix Agent\winupdates.bat" -Append -Encoding ascii | ||||
| 	Write-Host Copy VBS-Script for Windows Updates: | ||||
| 	wget -O "C:\Program Files\Zabbix Agent\winupdates.vbs" $dZabbixWindowsUpdatesVBSUrl | ||||
| 	Write-Host Create Task for Windows Updates polling to Zabbix: | ||||
| 	schtasks /create /tn "Zabbix Winupdate Send" /sc MINUTE /mo 30 /tr "C:\Program Files\Zabbix Agent\winupdates.bat" /ru System | ||||
| } | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user