Created
June 23, 2019 23:03
-
-
Save sdovnic/ce1473dbc492a296609e97f12259e923 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Path = "C:\Users\Public" | |
| Start-Transcript -Path (Join-Path -Path $Path -ChildPath ("{0}-Startup.txt" -f $env:COMPUTERNAME)) -NoClobber -Append -Verbose | |
| $VerbosePreference = "continue" | |
| # Enable Network Discovery / Require UAC | |
| Get-NetFirewallRule -Group "@FirewallAPI.dll,-32752" -Enabled False -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} | ForEach-Object -Process { | |
| Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose | |
| } | |
| Get-NetFirewallRule -Group "@FirewallAPI.dll,-28502" -Enabled False -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} | ForEach-Object -Process { | |
| Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose | |
| } | |
| # Enable Remote Desktop / Require UAC | |
| Get-NetFirewallRule -Group "@FirewallAPI.dll,-28752" | Where-Object -FilterScript {$_.Enabled -eq $false} | ForEach-Object -Process { | |
| Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose | |
| } | |
| if ((Get-ItemPropertyValue -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections") -ne 0) { | |
| Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 -Verbose | |
| } | |
| # Enable DisableWindowsConsumerFeatures / Default: May not exist / Require UAC | |
| if ([System.Environment]::OSVersion.Version.Major -eq 10) { | |
| if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" | |
| } | |
| if (-not (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue)) { | |
| New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose | |
| } | |
| if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue) -eq 0) { | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose | |
| } | |
| } | |
| # Disable AllowCortana / Default: May not exist / Require UAC | |
| if ([System.Environment]::OSVersion.Version.Major -eq 10) { | |
| if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience")) { | |
| New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" | |
| } | |
| if (-not (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue)) { | |
| New-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose | |
| } | |
| if ((Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue) -ne 0) { | |
| Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose | |
| } | |
| } | |
| # Disable DiagTrack / Default: StartType Automatic Status Running / Require UAC | |
| if (Get-Service -Name DiagTrack | Where-Object -FilterScript { $_.StartType -eq "Automatic" -or $_.Status -eq "Running" }) { | |
| Stop-Service -Name DiagTrack -Verbose | |
| Set-Service -Name DiagTrack -StartupType Disabled -Verbose | |
| } | |
| $TaskName = "StartupTask" | |
| $TaskPath = "\" | |
| $User = "XXX\Administrator" | |
| $Password = "XXXX" | |
| $Path = "\\XXX\MACHINE\Scripts\Startup" | |
| if (-not (Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue)) { | |
| $Action = New-ScheduledTaskAction -Execute "powershell" -Argument ("-ExecutionPolicy ByPass -File `"{0}\StartupTask.ps1`"" -f $Path) | |
| $Trigger = New-ScheduledTaskTrigger -AtLogOn | |
| $Settings = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -Hidden | |
| Register-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Action $Action -Settings $Settings -Trigger $Trigger -User $User -Password $Password -Verbose | |
| } | |
| Stop-Transcript -Verbose |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment