I wanted another reason to write some more powershell though so I wrote the following to automate some of the simple tasks that we do when setting up new servers. It doesn't save us much time but it ensures that our Servers are all setup with the same set of "standard" options.
#Set Variables
#License Key
$Productkey = "xxxxx-xxxxx-xxxxx-xxxxx-xxxxx"
#IE ESC Keys
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
# Disable Windows Firewall
set-service -name "SharedAccess" -ComputerName - Status stopped -startuptype disabled
# Enable RDC
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null
#Enter License Key and Activate
Function Register-Computer
{ [CmdletBinding(SupportsShouldProcess=$True)]
param ([parameter()][ValidateScript({ $_ -match "^\S{5}-\S{5}-\S{5}-\S{5}-\S{5}$"})][String]$Productkey ,
[String] $Server="." )
$objService = get-wmiObject -query "select * from SoftwareLicensingService" -computername $server
if ($ProductKey) { If ($psCmdlet.shouldProcess($Server , $lStr_RegistrationSetKey)) {
$objService.InstallProductKey($ProductKey) | out-null
$objService.RefreshLicenseStatus() | out-null }
} get-wmiObject -query "SELECT * FROM SoftwareLicensingProduct WHERE PartialProductKey <> null
AND ApplicationId='55c92734-d682-4d71-983e-d6ec3f16059f'
AND LicenseIsAddon=False" -Computername $server |
foreach-object { If ($psCmdlet.shouldProcess($_.name , "Activate product" ))
{ $_.Activate() | out-null
$objService.RefreshLicenseStatus() | out-null
$_.get()
If ($_.LicenseStatus -eq 1) {write-verbose "Product activated successfully."}
Else {write-error ("Activation failed, and the license state is '{0}'" `
-f $licenseStatus[[int]$_.LicenseStatus] ) }
If (-not $_.LicenseIsAddon) { return }
}
else { write-Host ($lStr_RegistrationState -f $lStr_licenseStatus[[int]$_.LicenseStatus]) }
}
}
#Disable IE ESC
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
Stop-Process -Name Explorer
# Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
#Disable UAC
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 0
# Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green
#Install Windows Server Backup (BareMetal)
Import-Module ServerManager
Add-WindowsFeature Backup-Features -Include
Add-PSSnapin Windows.ServerBackup
No comments:
Post a Comment