Update powershell/light-workstation-onboarding.ps1

2025-04-16 00:07:40 +10:00 · 2025-04-16 00:07:40 +10:00 · 93122e6939
commit 93122e6939
parent 71553e78ec
1 changed files with 204 additions and 0 deletions
--- a/powershell/light-workstation-onboarding.ps1
+++ b/powershell/light-workstation-onboarding.ps1
@ -0,0 +1,204 @@
 #Start WinRM Service
 Start-Service WinRM -verbose
 #Enable System restore 
 Enable-ComputerRestore -Drive "C:\" -confirm:$false
 `
 #Enable SMB and ICMP on Windows Firewall
 Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
 Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
 Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
 Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
 Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True
 `
 New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue
 New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue
 New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue
 #Enable Unzip Function - updated below
 #Add-Type -AssemblyName System.IO.Compression.FileSystem -ErrorAction -SilentlyContinue
 #function unzip {
 #	param( [string]$ziparchive, [string]$extractpath )
 #	[System.IO.Compression.ZipFile]::ExtractToDirectory ( $ziparchive, $extractpath)
 #}
 # Define the paths for the zip file and extraction directory
 $sourceZip = "c:\support\software\O365_BP_x64.zip"
 $destinationDir = "c:\support\software\"
 # Ensure the destination directory exists
 if (-Not (Test-Path $destinationDir)) {
    New-Item -ItemType Directory -Path $destinationDir
 }
 # Extract the zip file using Expand-Archive, which handles existing files better than unzip
 try {
    Expand-Archive -Path $sourceZip -DestinationPath $destinationDir
    Write-Output "Extraction completed successfully."
 } catch {
    Write-Error "An error occurred during extraction: $_"
    exit 1
 }
 # Continue with DISM operations if needed, ensuring to handle errors appropriately
 try {
    # Example DISM command (uncomment and modify as necessary)
    # DISM /Online /Cleanup-Image /RestoreHealth /Source:c:\support\software\O365_BP_x64.iso /LimitAccess
 } catch {
    Write-Error "DISM operation failed: $_"
    exit 1
 }
 #Disable Windows 10 Fast startup
 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 
 #Set Power Plan to High Performance
 powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
 powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
 powercfg -change -standby-timeout-ac 0
 powercfg -change -hibernate-timeout-ac 0
 # Disable display and sleep mode timeouts
 Function DisableSleepTimeout {
 	Write-Output "Disabling sleep mode timeouts for AC..."
 	powercfg /X standby-timeout-ac 0
 	powercfg -change hibernate-timeout-ac 0
 }
 # Hide Taskbar People icon
 Function HideTaskbarPeopleIcon {
 	Write-Output "Hiding People icon..."
 	If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
 		New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
 	}
 	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
 }
 # Enable NumLock after startup
 Function EnableNumlock {
 	Write-Output "Enabling NumLock after startup..."
 	If (!(Test-Path "HKU:")) {
 		New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
 	}
 	Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
 	Add-Type -AssemblyName System.Windows.Forms
 	If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
 		$wsh = New-Object -ComObject WScript.Shell
 		$wsh.SendKeys('{NUMLOCK}')
 	}
 }
 ##################
 # .Net Framework 3.5
 ##################
 #oldversionEnable-WindowsOptionalFeature -Online -FeatureName "NetFx3"
 dism /online /cleanup-image /scanhealth
 dism /online /cleanup-image /restorehealth
 ####################################################
 # Install Office 2016 - Office 365 Business Premium
 ####################################################
 $office = $apps | where-object {$_.displayname -like "*Office 16 Click-to-Run*"}
 if($null -eq $office){
 	Invoke-RestMethod 'https://biztechsynergy.com.au/software/O365_BP_x64.zip' -Method 'GET' -OutFile "c:\support\software\O365_BP_x64.zip"
 	unzip "c:\support\software\O365_BP_x64.zip" "c:\support\software\office"
 	C:\support\software\office\setup.exe /configure 'C:\support\software\office\configuration.xml'
 }
 #####################
 # Install RMM Agent #
 #####################
 # author: https://github.com/bradhawkins85
 $innosetup = 'tacticalagent-v2.8.0-windows-amd64.exe'
 $api = '"https://api.biztechsynergy.xyz"'
 $clientid = '5'
 $siteid = '8'
 $agenttype = '"workstation"'
 $power = 1
 $rdp = 1
 $ping = 1
 $auth = '"38afc3fe72d5d8e20db10cb1ea9171bebf054bec23c3f11eee1e0f7e01b60ed2"'
 $downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe'
 $apilink = $downloadlink.split('/')
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $serviceName = 'tacticalrmm'
 If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
    write-host ('Tactical RMM Is Already Installed')
 } Else {
    $OutPath = $env:TMP
    $output = $innosetup
    $installArgs = @('-m install --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")
    if ($power) {
        $installArgs += "--power"
    }
    if ($rdp) {
        $installArgs += "--rdp"
    }
    if ($ping) {
        $installArgs += "--ping"
    }
    Try
    {
        $DefenderStatus = Get-MpComputerStatus | select  AntivirusEnabled
        if ($DefenderStatus -match "True") {
            Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*'
            Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
            Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
        }
    }
    Catch {
        # pass
    }
    $X = 0
    do {
      Write-Output "Waiting for network"
      Start-Sleep -s 5
      $X += 1      
    } until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3)
    if ($connectresult.TcpTestSucceeded -eq $true){
        Try
        {  
            Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
            Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
            write-host ('Extracting...')
            Start-Sleep -s 5
            Start-Process -FilePath "C:\Program Files\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
            exit 0
        }
        Catch
        {
            $ErrorMessage = $_.Exception.Message
            $FailedItem = $_.Exception.ItemName
            Write-Error -Message "$ErrorMessage $FailedItem"
            exit 1
        }
        Finally
        {
            Remove-Item -Path $OutPath\$output
        }
    } else {
        Write-Output "Unable to connect to server"
    }
 }
 #END