Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save xtratoast/dea055ec0e1a31d91161b6d431e90146 to your computer and use it in GitHub Desktop.
Save xtratoast/dea055ec0e1a31d91161b6d431e90146 to your computer and use it in GitHub Desktop.
Disable unnecessary services that on Windows Server 2016 Desktop Experience (based on MS Security Blog recommendations)
# Disable extraneous services on Server 2016 Desktop Experience
# https://blogs.technet.microsoft.com/secguide/2017/05/29/guidance-on-disabling-system-services-on-windows-server-2016-with-desktop-experience/
Configuration DisablingServicesOnServer2016wDE
{
param(
[String]$ComputerName = "localhost",
[ValidateSet('ShouldBeDisabledOnly','ShouldBeDisabledAndDefaultOnly','OKToDisable','OKToDisablePrinter','OKToDisableDC')]
[String]$Level = 'OKToDisable'
)
Import-DscResource -ModuleName PSDesiredStateConfiguration
[String[]]$DisabledByDefault = @(
"tzautoupdate",
"Browser",
"AppVClient",
"NetTcpPortSharing",
"CscService",
"RemoteAccess",
"SCardSvr",
"UevAgentService",
"WSearch"
)
[String[]]$ShouldBeDisabled = @(
"XblAuthManager",
"XblGameSave"
)
[String[]]$OKToDisable = @(
"AxInstSV",
"bthserv",
"CDPUserSvc",
"PimIndexMaintenanceSvc"
"dmwappushservice",
"MapsBroker",
"lfsvc",
"SharedAccess",
"lltdsvc",
"wlidsvc",
"NgcSvc",
"NgcCtnrSvc",
"NcbService",
"PhoneSvc",
"PcaSvc",
"QWAVE",
"RmSvc",
"SensorDataService",
"SensrSvc",
"SensorService",
"ShellHWDetection",
"ScDeviceEnum",
"SSDPSRV",
"WiaRpc",
"OneSyncSvc",
"TabletInputService",
"upnphost",
"UserDataSvc",
"UnistoreSvc",
"WalletService",
"Audiosrv",
"AudioEndpointBuilder",
"FrameServer",
"stisvc",
"wisvc",
"icssvc",
"WpnService",
"WpnUserService"
)
[String[]]$OKToDisableNotDCorPrint = @('Spooler')
[String[]]$OKToDisableNotPrint = @('PrintNotify')
[String[]]$ServicesToDisable = @()
switch($Level)
{
'ShouldBeDisabledOnly' { $ServicesToDisable += $ShouldBeDisabled }
'ShouldBeDisabledAndDefaultOnly' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault }
'OKToDisablePrinter' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable }
'OKToDisableDC' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable + $OKToDisableNotDCorPrint }
'OKToDisable' { $ServicesToDisable += $ShouldBeDisabled + $DisabledByDefault + $OKToDisable + $OKToDisableNotDCorPrint + $OKToDisableNotPrint }
}
$InstalledServices = Get-Service
Node $ComputerName
{
foreach($Service in $ServicesToDisable)
{
if($InstalledServices.Name -contains $Service)
{
Service $( 'DisabledService_' + $Service )
{
Name = $Service
StartupType = "Disabled"
State = "Stopped"
}
}
}
}
}
DisablingServicesOnServer2016wDE
@arproenca
Copy link

arproenca commented Mar 13, 2018

Hi Jika78,

You must copy this script in module folder:

https://docs.microsoft.com/en-us/powershell/module/powershellget/install-module?view=powershell-6

"When no scope is defined, or when the value of the Scope parameter is AllUsers, the module is installed to %systemdrive%:\Program Files\WindowsPowerShell\Modules. When the value of Scope is CurrentUser, the module is installed to $home\Documents\WindowsPowerShell\Modules."

Create a folder and copy script .psm1, after that you can run.

@Celoxocis
Copy link

Celoxocis commented May 15, 2018

here is some feedback and info i came across.
testing this script in a home lab. using "OkToDisable" settings.
i had no issues on a DC but on my lab exchange 2016.

when applying the DSC mof that was build with "OktoDisable" the service "NetTcpPortSharing" was set to disable!

`ModuleVersion = "1.0";

ConfigurationName = "DisablingServicesOnServer2016wDE";

};
instance of MSFT_ServiceResource as $MSFT_ServiceResource6ref
{
ResourceID = "[Service]DisabledService_NetTcpPortSharing";
State = "Stopped";
SourceInfo = "*::89::17::Service";
Name = "NetTcpPortSharing";
StartupType = "Disabled";
ModuleName = "PSDesiredStateConfiguration";`

Exchange 2013/2016 needs NetTcpPortSharing to be available and running or it won't be able to connect to its endpoint and run the countless exchange services. you will encounter the following ID in your eventlog if you do:
Source: MSExchange ADAccess ID: 4027

@KDVTejaswi
Copy link

HI ,

I have used exact scrip to disable the services which i required but, I am getting an exception message as ""The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: A parameter cannot be found that matches parameter name 'ModuleName'.""

PLease help asap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment