-
-
Save xtratoast/dea055ec0e1a31d91161b6d431e90146 to your computer and use it in GitHub Desktop.
| # Disable extraneous services on Server 2016 Desktop Experience | |
| # https://blogs.technet.microsoft.com/secguide/2017/05/29/guidance-on-disabling-system-services-on-windows-server-2016-with-desktop-experience/ | |
| Configuration DisablingServicesOnServer2016wDE | |
| { | |
| param( | |
| [String]$ComputerName = "localhost", | |
| [ValidateSet('ShouldBeDisabledOnly','ShouldBeDisabledAndDefaultOnly','OKToDisable','OKToDisablePrinter','OKToDisableDC')] | |
| [String]$Level = 'OKToDisable' | |
| ) | |
| Import-DscResource -ModuleName PSDesiredStateConfiguration | |
| [String[]]$DisabledByDefault = @( | |
| "tzautoupdate", | |
| "Browser", | |
| "AppVClient", | |
| "NetTcpPortSharing", | |
| "CscService", | |
| "RemoteAccess", | |
| "SCardSvr", | |
| "UevAgentService", | |
| "WSearch" | |
| ) | |
| [String[]]$ShouldBeDisabled = @( | |
| "XblAuthManager", | |
| "XblGameSave" | |
| ) | |
| [String[]]$OKToDisable = @( | |
| "AxInstSV", | |
| "bthserv", | |
| "CDPUserSvc", | |
| "PimIndexMaintenanceSvc" | |
| "dmwappushservice", | |
| "MapsBroker", | |
| "lfsvc", | |
| "SharedAccess", | |
| "lltdsvc", | |
| "wlidsvc", | |
| "NgcSvc", | |
| "NgcCtnrSvc", | |
| "NcbService", | |
| "PhoneSvc", | |
| "PcaSvc", | |
| "QWAVE", | |
| "RmSvc", | |
| "SensorDataService", | |
| "SensrSvc", | |
| "SensorService", | |
| "ShellHWDetection", | |
| "ScDeviceEnum", | |
| "SSDPSRV", | |
| "WiaRpc", | |
| "OneSyncSvc", | |
| "TabletInputService", | |
| "upnphost", | |
| "UserDataSvc", | |
| "UnistoreSvc", | |
| "WalletService", | |
| "Audiosrv", | |
| "AudioEndpointBuilder", | |
| "FrameServer", | |
| "stisvc", | |
| "wisvc", | |
| "icssvc", | |
| "WpnService", | |
| "WpnUserService" | |
| ) | |
| [String[]]$OKToDisableNotDCorPrint = @('Spooler') | |
| [String[]]$OKToDisableNotPrint = @('PrintNotify') | |
| [String[]]$ServicesToDisable = @() | |
| switch($Level) | |
| { | |
| 'ShouldBeDisabledOnly' { $ServicesToDisable += $ShouldBeDisabled } | |
| 'ShouldBeDisabledAndDefaultOnly' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault } | |
| 'OKToDisablePrinter' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable } | |
| 'OKToDisableDC' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable + $OKToDisableNotDCorPrint } | |
| 'OKToDisable' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable + $OKToDisableNotDCorPrint + $OKToDisableNotPrint } | |
| } | |
| $InstalledServices = Get-Service | |
| Node $ComputerName | |
| { | |
| foreach($Service in $ServicesToDisable) | |
| { | |
| if($InstalledServices.Name -contains $Service) | |
| { | |
| Service $( 'DisabledService_' + $Service ) | |
| { | |
| Name = $Service | |
| StartupType = "Disabled" | |
| State = "Stopped" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| DisablingServicesOnServer2016wDE |
Hi Jika78,
You must copy this script in module folder:
https://docs.microsoft.com/en-us/powershell/module/powershellget/install-module?view=powershell-6
"When no scope is defined, or when the value of the Scope parameter is AllUsers, the module is installed to %systemdrive%:\Program Files\WindowsPowerShell\Modules. When the value of Scope is CurrentUser, the module is installed to $home\Documents\WindowsPowerShell\Modules."
Create a folder and copy script .psm1, after that you can run.
here is some feedback and info i came across.
testing this script in a home lab. using "OkToDisable" settings.
i had no issues on a DC but on my lab exchange 2016.
when applying the DSC mof that was build with "OktoDisable" the service "NetTcpPortSharing" was set to disable!
`ModuleVersion = "1.0";
ConfigurationName = "DisablingServicesOnServer2016wDE";
};
instance of MSFT_ServiceResource as $MSFT_ServiceResource6ref
{
ResourceID = "[Service]DisabledService_NetTcpPortSharing";
State = "Stopped";
SourceInfo = "*::89::17::Service";
Name = "NetTcpPortSharing";
StartupType = "Disabled";
ModuleName = "PSDesiredStateConfiguration";`
Exchange 2013/2016 needs NetTcpPortSharing to be available and running or it won't be able to connect to its endpoint and run the countless exchange services. you will encounter the following ID in your eventlog if you do:
Source: MSExchange ADAccess ID: 4027
HI ,
I have used exact scrip to disable the services which i required but, I am getting an exception message as ""The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: A parameter cannot be found that matches parameter name 'ModuleName'.""
PLease help asap.
Excuse my ignorance on powershell, but are there any parametres I need to enter? Running the script without any does nothing.