1
0
This repository has been archived on 2025-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
boxstarter_11_Setup/tiNGrundpaketServer.txt
2019-11-26 17:06:15 +01:00

80 lines
4.3 KiB
Plaintext

#Windows Server 2019 Std. Boxstarter Script: Grundpaket und Konfiguration (c) Tüit GmbH
#TODO: Defaultprograms for Datatypes, Install all Updates (not only critical), Zabbix Installation Referenzieren
#----------------Setting Variables------------------------
#Other Variables
$dHostname = Read-Host 'Input desired Hostname (Default: Keep current hostname)'
if($dHostname -eq ""){$dHostname = [Net.Dns]::GetHostName()}
#---------------Configure Chocolatey and Environment-------------------------------
choco features enable -n=allowGlobalConfirmation
choco feature enable -n=allowEmptyChecksums
New-Item -ErrorAction Ignore -Path "C:\" -Name "temp" -ItemType "directory"`
#----------------Configure Windows------------------------
#Set Hostname
Write-Host "Setting Hostname to $dHostname":
Rename-Computer -NewName "$dHostname" -Force
#Enable RemoteDesktop
Enable-RemoteDesktop
#Remove annoying Windows Stuff
Disable-GameBarTips
Disable-BingSearch
#Set Taskbar to Lock and put it to the bottom and show all icons
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -Lock
Set-TaskbarOptions -Size Small -Dock Bottom -Combine Full -AlwaysShowIconsOn
#Show Hidden Files, File Extensions, Systemfiles and Full-Path in Titlebar
Set-WindowsExplorerOptions -EnableShowHiddenFilesFoldersDrives -EnableShowProtectedOSFiles -EnableShowFileExtensions -EnableShowFullPathInTitleBar
#Allow SMB through the firewall
Write-Host SMB firewall rule:
netsh advfirewall firewall add rule name=SMB dir=in action=allow localport=445 protocol=tcp
# Disable SMB Version 1 - https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
#Disable IPv6
Write-Host DisabledComponents registry key:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f
#Zeitserver einstellen
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v (Standard) /t REG_SZ /d 1 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d 0.de.pool.ntp.org /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d 1.de.pool.ntp.org /f
net time /setsntp:"0.de.pool.ntp.org"
#--------------Windows Update Behaviour-------------------------
#Set Active Hours, but disable them
Write-Host Set Active Hours for Windows Updates registry key:
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursStart /t REG_DWORD /d 5 /f
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v ActiveHoursEnd /t REG_DWORD /d 23 /f
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate /v SetActiveHours /t REG_DWORD /d 0 /f
#Configure Windows automatic Updates
Write-Host Disable automatic reboot after update installation at scheduled time registry key:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AlwaysAutoRebootAtScheduledTime /t REG_DWORD /d 0 /f
Write-Host Set Scheduled Time for Update Install registry key:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduleInstallTime /t REG_DWORD /d 23 /f
Write-Host Set automatically download and notify for installation of updates registry key:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3 /f
Write-Host Set No Auto Reboot With Logged On Users registry key:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
#---------------Install important Windows Packages---------------
#Install all critical OS Updates
Install-WindowsUpdate -AcceptEula -GetUpdatesFromMS
#---------------Install Tueit Basic Software---------------------
choco install anydesk -y --cacheLocation="c:\temp"
choco install 7zip -y --cacheLocation="c:\temp"
choco install firefox -y --cacheLocation="c:\temp"
choco install hwinfo -y --cacheLocation="c:\temp"
choco install autoruns -y --cacheLocation="c:\temp"
choco install procexp -y --cacheLocation="c:\temp"
choco install windirstat -y --cacheLocation="c:\temp"
choco install doublecmd -y --cacheLocation="c:\temp"
choco install vim -y --cacheLocation="c:\temp" --params "'/NoDesktopShortcuts'"