Created
June 1, 2016 15:38
-
-
Save Hexalon/ab6148abe106231c628975653f294761 to your computer and use it in GitHub Desktop.
Automates configuration of Windows 10 machines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .NOTES | |
| =========================================================================== | |
| Created with: SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.99 | |
| Created on: 02/17/2016 15:07 | |
| Created by: Colin Squier <[email protected]> | |
| Filename: Configure-Win10.ps1 | |
| =========================================================================== | |
| .DESCRIPTION | |
| Automates configuration of Windows 10 machines. | |
| #> | |
| [CmdletBinding()] | |
| Param () | |
| <# | |
| .SYNOPSIS | |
| A brief description of the CopyFile function. | |
| .DESCRIPTION | |
| A detailed description of the CopyFile function. | |
| .PARAMETER FilesToCopy | |
| A description of the FilesToCopy parameter. | |
| .PARAMETER Destination | |
| A description of the Destination parameter. | |
| .PARAMETER SourcePath | |
| A description of the SourcePath parameter. | |
| .EXAMPLE | |
| PS C:\> CopyFile -FilesToCopy $value1 -Destination $value2 | |
| .NOTES | |
| Additional information about the function. | |
| #> | |
| function CopyFile($FilesToCopy, $Destination, $SourcePath) | |
| { | |
| foreach ($File in $FilesToCopy) | |
| { | |
| $Path = Join-Path -Path $SourcePath -ChildPath $File | |
| Write-Verbose "Copying $File to $Destination" | |
| Copy-Item -Path $Path -Destination $Destination -Force | |
| } | |
| } | |
| <# | |
| .SYNOPSIS | |
| Returns the path of the executing script's directory. | |
| .DESCRIPTION | |
| Sapien's implementation of the variable $HostInvocation | |
| causes a conflict the with the system's variable. | |
| .EXAMPLE | |
| PS C:\> Get-ScriptDirectory | |
| .NOTES | |
| Work around for handling Sapien's custom host environment. | |
| #> | |
| function Get-ScriptDirectory | |
| { | |
| if ($HostInvocation -ne $null) | |
| { | |
| Split-Path $HostInvocation.MyCommand.path | |
| } | |
| else | |
| { | |
| Split-Path $script:MyInvocation.MyCommand.Path | |
| } | |
| } | |
| <# | |
| .SYNOPSIS | |
| A brief description of the Get-VirtualPrinter function. | |
| .DESCRIPTION | |
| A detailed description of the Get-VirtualPrinter function. | |
| .PARAMETER PrinterName | |
| A description of the PrinterName parameter. | |
| .EXAMPLE | |
| PS C:\> Get-VirtualPrinter -PrinterName $value1 | |
| .NOTES | |
| Additional information about the function. | |
| #> | |
| function Get-VirtualPrinter($PrinterName) | |
| { | |
| (Get-Printer | Where-Object { $_.Name -eq $PrinterName }) | |
| } | |
| <# | |
| .SYNOPSIS | |
| A brief description of the Get-WinApp function. | |
| .DESCRIPTION | |
| A detailed description of the Get-WinApp function. | |
| .PARAMETER AppName | |
| A description of the AppName parameter. | |
| .EXAMPLE | |
| PS C:\> Get-WinApp -AppName $value1 | |
| .NOTES | |
| Additional information about the function. | |
| #> | |
| function Get-WinApp($AppName) | |
| { | |
| Get-AppxPackage -Name $AppName | |
| } | |
| <# | |
| .SYNOPSIS | |
| A brief description of the Remove-VirtualPrinter function. | |
| .DESCRIPTION | |
| A detailed description of the Remove-VirtualPrinter function. | |
| .PARAMETER PrinterName | |
| A description of the PrinterName parameter. | |
| .EXAMPLE | |
| PS C:\> Remove-VirtualPrinter -PrinterName $value1 | |
| .NOTES | |
| Additional information about the function. | |
| #> | |
| function Remove-VirtualPrinter($PrinterName) | |
| { | |
| (Get-Printer | Where-Object { $_.Name -eq $PrinterName }) | Remove-Printer | |
| } | |
| <# | |
| .SYNOPSIS | |
| A brief description of the Remove-WinApp function. | |
| .DESCRIPTION | |
| A detailed description of the Remove-WinApp function. | |
| .PARAMETER AppName | |
| A description of the AppName parameter. | |
| .EXAMPLE | |
| PS C:\> Remove-WinApp -AppName $value1 | |
| .NOTES | |
| Additional information about the function. | |
| #> | |
| function Remove-WinApp($AppName) | |
| { | |
| Remove-AppxPackage -Package $AppName | |
| } | |
| function Test-RegistryValue | |
| { | |
| param ( | |
| [Alias("PSPath")] | |
| [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] | |
| [String]$RegKey | |
| , | |
| [Parameter(Position = 1, Mandatory = $true)] | |
| [String]$Name | |
| , | |
| [Switch]$PassThru | |
| ) | |
| process | |
| { | |
| if (Test-Path $RegKey) | |
| { | |
| $Key = Get-Item -LiteralPath $RegKey | |
| if ($Key.GetValue($Name, $null) -ne $null) | |
| { | |
| if ($PassThru) | |
| { | |
| Get-ItemProperty -Path $RegKey -Name $Name | |
| } | |
| else | |
| { | |
| $true | |
| } | |
| } | |
| else | |
| { | |
| $false | |
| } | |
| } | |
| else | |
| { | |
| $false | |
| } | |
| } | |
| } | |
| if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` | |
| [Security.Principal.WindowsBuiltInRole] "Administrator")) | |
| { | |
| $Arguments = "& '" + $MyInvocation.MyCommand.Definition + "'" | |
| Start-Process powershell -Verb RunAs -ArgumentList $Arguments | |
| Break | |
| } | |
| #$RequiredOSVersion = "10.0.10240" #RTM version of Windows 10 | |
| $RequiredOSVersion = "10.0.10586" #Version 1511 of Windows 10 | |
| $Option = New-CimSessionOption -Protocol Dcom | |
| $Session = New-CimSession -SessionOption $Option -ComputerName $env:COMPUTERNAME | |
| $OS = (Get-CimInstance -ClassName Win32_OperatingSystem -CimSession $Session) | |
| $OSName = $OS.Caption | |
| $OSVersion = $OS.Version | |
| $OSProductType = $OS.ProductType | |
| $OSArch = $OS.OSArchitecture | |
| Write-Verbose -Message "Edition: $OSName, version: $OSVersion, architecture: $OSArch, product type: $OSProductType" | |
| $scriptDirectory = Get-ScriptDirectory | |
| $Source = (Split-Path -Path $scriptDirectory -Parent) | |
| if (([version]$OSVersion -ge $RequiredOSVersion) -and ($OSProductType -eq 1)) | |
| { | |
| #Activate Windows | |
| $ActivateFile = "Activate-Windows.ps1" | |
| $ActivateFullPath = Join-Path -Path $scriptDirectory -ChildPath $ActivateFile | |
| Invoke-Expression "& '$ActivateFullPath'" | |
| #Change file system label | |
| $Win10Label = (Get-Volume | Where-Object { $_.FileSystemLabel -eq "Windows 7"}) | |
| if ($Win10Label -eq "Windows 7") | |
| { | |
| Write-Verbose "Changing file system label to Windows 10 from Windows 7" | |
| Set-Volume -FileSystemLabel "Windows 7" -NewFileSystemLabel "Windows 10" | |
| } | |
| #Copy lockscreen image | |
| $FilesToCopy = "W10 blue 2736x1824 stacked logo.jpg" | |
| $Destination = "$env:SystemRoot\Web\Wallpaper\Windows" | |
| #Copy background images | |
| $FilesToCopy = "img100.jpg","img101.png","img102.jpg","img103.png","img104.jpg","img105.jpg","W10_black_1920x1200 stacked.jpg","lockscreen.jpg" | |
| $Destination = "$env:SystemRoot\Web\Screen" | |
| Write-Verbose -Message "Taking ownership of $Destination" | |
| $ACL = Get-ACL $Destination | |
| $Group = New-Object System.Security.Principal.NTAccount("Builtin", "Administrators") | |
| $ACL.SetOwner($Group) | |
| Set-Acl -Path $Destination -AclObject $ACL | |
| Write-Verbose -Message "Changing permissions on $Destination folder" | |
| $Permission = $Group, "FullControl", "Allow" | |
| $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $Permission | |
| $ACL.SetAccessRule($AccessRule) | |
| Set-Acl -Path $Destination -AclObject $ACL | |
| Write-Verbose -Message "Enabling permission inheritance on $Destination folder" | |
| $New = $Group, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" | |
| $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule $New | |
| $ACL.SetAccessRule($AccessRule) | |
| Set-Acl -Path $Destination -AclObject $ACL | |
| $Files = (Get-ChildItem $Destination) | |
| foreach ($File in $Files) | |
| { | |
| $Permission = $Group, "FullControl", "Allow" | |
| $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $Permission | |
| $ACL.SetAccessRule($AccessRule) | |
| $ACLFile = (Join-Path -Path $Destination -ChildPath $File) | |
| Write-Verbose -Message "Changing permissions on $ACLFile" | |
| Set-Acl -Path $ACLFile -AclObject $ACL | |
| } | |
| CopyFile -FilesToCopy $FilesToCopy -Destination $Destination -SourcePath $Source | |
| #Copy account pictures | |
| $FilesToCopy = "guest.png", "user.png" | |
| $Destination = "$env:ProgramData\Microsoft\User Account Pictures" | |
| CopyFile -FilesToCopy $FilesToCopy -Destination $Destination -SourcePath $Source | |
| #Copy shortcuts | |
| $FilesToCopy = "ELDRD01.rdp", "ELDRD02.rdp", "ELDRD03.rdp", "ELDRDGATE001.rdp", ` | |
| "ELDRDGateway.rdp", "ELDTSGateway.rdp", "MNARD01.rdp", "PLDRD001.rdp", "PLDRD01.rdp", ` | |
| "PLDRD02.rdp" | |
| $Destination = "C:\" | |
| CopyFile -FilesToCopy $FilesToCopy -Destination $Destination -SourcePath $Source | |
| #Copy file associations file | |
| $FilesToCopy = "AppAssoc.xml" | |
| $Destination = "$env:ProgramData\Microsoft\Windows" | |
| CopyFile -FilesToCopy $FilesToCopy -Destination $Destination -SourcePath $Source | |
| #Remove builtin apps | |
| $AppsToRemove = 'Microsoft.3DBuilder', 'Drawboard.DrawboardPDF', 'Flipboard.Flipboard', 'Microsoft.FreshPaint', ` | |
| 'Microsoft.GetStarted', 'Microsoft.MicrosoftOfficeHub', 'Microsoft.Office.OneNote', 'microsoft.windowscommunicationsapps', ` | |
| 'Microsoft.Messaging', 'Microsoft.SkypeApp', 'Microsoft.BingSports', 'Microsoft.Office.Sway', '*Twitter', 'Microsoft.XboxApp', ` | |
| 'Microsoft.ZuneMusic' | |
| foreach ($App in $AppsToRemove) | |
| { | |
| $AppName = Get-WinApp -AppName $App | |
| if (!($AppName -eq $null)) | |
| { | |
| Write-Verbose "Removing $App" | |
| Remove-WinApp -AppName $AppName | |
| } | |
| } | |
| #Set default lockscreen image | |
| $DefaultLockScreenImageRegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" | |
| $DefaultLockScreenImageProp = "LockScreenImage" | |
| $DefaultLockScreenImage = (Test-RegistryValue -RegKey $DefaultLockScreenImageRegKey -Name $DefaultLockScreenImageProp) | |
| $LockScreenImage = "$env:SystemRoot\Web\Screen\lockscreen.jpg" | |
| if ($DefaultLockScreenImage) | |
| { | |
| Write-Verbose -Message "Setting $DefaultLockScreenImageRegKey\$DefaultLockScreenImageProp" | |
| Set-ItemProperty -Path $DefaultLockScreenImageRegKey -Name $DefaultLockScreenImageProp -Value $LockScreenImage | |
| } | |
| else | |
| { | |
| Write-Verbose -Message "Creating $DefaultLockScreenImageRegKey\$DefaultLockScreenImageProp" | |
| New-ItemProperty -Path $DefaultLockScreenImageRegKey -Name $DefaultLockScreenImageProp -PropertyType String -Value $LockScreenImage | Out-Null | |
| } | |
| #Remove Domain Admins from Administrators local group | |
| $Domain = $env:USERDOMAIN | |
| $Computer = $env:COMPUTERNAME | |
| $User = 'Domain Admins' | |
| $Computer = [ADSI]("WinNT://" + $Computer + ",computer") | |
| $Group = $Computer.psbase.Children.Find("Administrators") | |
| try | |
| { | |
| Write-Verbose "Removing `"$User`" from the administrators group" | |
| $Group.Remove("WinNT://" + $Domain + "/" + $User) | |
| } | |
| catch | |
| { | |
| Write-Verbose "Unable to remove `"$User`" from the local administrators group,`n`"$User`" may have already been removed." | |
| } | |
| $HighCPU = Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\TimeBroker -Name Start | |
| If ($HighCPU.Start -eq 3) | |
| { | |
| Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\TimeBroker -Name Start -Value 4 | |
| } | |
| $HighCPU = Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DoSvc -Name Start | |
| If ($HighCPU.Start -eq 2) | |
| { | |
| Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DoSvc -Name Start -Value 4 | |
| } | |
| $TimeBroker = Get-Service -ServiceName TimeBroker | |
| if ($TimeBroker.Status -eq 'Running') | |
| { | |
| $TimeBroker | Stop-Service | |
| } | |
| $DoSvc = Get-Service -ServiceName DoSvc | |
| if ($DoSvc.Status -eq 'Running') | |
| { | |
| $DoSvc | Stop-Service | |
| } | |
| $PerUserFile = "Win10PerUserCustomizations.ps1" | |
| $PerUserFullPath = Join-Path -Path $scriptDirectory -ChildPath $PerUserFile | |
| Invoke-Expression "& '$PerUserFullPath'" | |
| #Remove virtual printers | |
| $PrintersToRemove = "Microsoft Print to PDF", "Microsoft XPS Document Writer", "Send to OneNote 2013" | |
| foreach ($Printer in $PrintersToRemove) | |
| { | |
| $PrinterToFind = (Get-VirtualPrinter -PrinterName $Printer) | |
| if (!($PrinterToFind -eq $null)) | |
| { | |
| Write-Verbose "Removing $Printer" | |
| Remove-VirtualPrinter -PrinterName $Printer | |
| } | |
| } | |
| #Disable PrintToPDFService | |
| $PrintToPDF = (Get-WindowsOptionalFeature -FeatureName Printing-PrintToPDFServices-Features -Online) | |
| if ($PrintToPDF.State -eq "Enabled") | |
| { | |
| Write-Verbose -Message "Disabling Microsoft Print To PDF Service" | |
| Disable-WindowsOptionalFeature -Online -FeatureName Printing-PrintToPDFServices-Features | Out-Null | |
| } | |
| else | |
| { | |
| Write-Verbose "Microsoft Print To PDF Service already disabled, skipping." | |
| } | |
| #Enable Bitlocker | |
| $BitLockerFile = "Enable-BitLocker.ps1" | |
| $BitLockerFullPath = Join-Path -Path $scriptDirectory -ChildPath $BitLockerFile | |
| Invoke-Expression "& '$BitLockerFullPath'" | |
| } | |
| else | |
| { | |
| Write-Error -Message "The operating system does not meet system requirements." -Category InvalidOperation | |
| } | |
| Remove-CimSession -CimSession $Session |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment