diff --git a/powershell/bts-onboarding.ps1 b/powershell/bts-onboarding.ps1 new file mode 100644 index 0000000..ac34546 --- /dev/null +++ b/powershell/bts-onboarding.ps1 @@ -0,0 +1,228 @@ +#################################### +# Base System Changes and UI Tweaks +#################################### + +Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -force +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -confirm:$false +$PSRepository = get-PSRepository +if ($PSRepository.installationpolicy -ne 'Trusted') { + Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted +} + +$32apps = Get-WmiObject -class win32_product +$32bit = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate +$64bit = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate +$apps = $32bit + $64bit + +#Disable Windows 10 Fast startup +Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 +#Set Power Plan to High Performance +powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c +powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3 +powercfg -change -standby-timeout-ac 0 +powercfg -change -hibernate-timeout-ac 0 + +#Enable Unzip Function +Add-Type -AssemblyName System.IO.Compression.FileSystem +function unzip { + param( [string]$ziparchive, [string]$extractpath ) + [System.IO.Compression.ZipFile]::ExtractToDirectory( $ziparchive, $extractpath ) +} + +#Create Support Directories +New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue +New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue +New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue + +#Install BizTech Synergy RMM Agent +write-host 'Installing BizTech Synergy RMM agent..' -ForegroundColor Yellow +if($apps.DisplayName -ne 'RMM Agent'){ + Invoke-RestMethod 'https://biztechsynergy.com.au/software/trmm-biztechsynergy-onboarding-workstation-amd64.exe' -Method 'GET' -OutFile "c:\support\software\trmm-biztechsynergy-onboarding-workstation-amd64.exe" + start-process -WorkingDirectory 'C:\support\software' -FilePath '.\trmm-biztechsynergy-onboarding-workstation-amd64.exe' + Start-sleep 60 + $syncro = get-process | where-object { $_.ProcessName -eq "trmm-biztechsynergy-agent" } + if ($null -ne $syncro) { + taskkill /pid $($Syncro.id) /f + } + $syncro = get-process | where-object { $_.ProcessName -eq "RMM.Installer" } + if ($null -ne $syncro) { + taskkill /pid $($Syncro.id) /f + } +} + +#Start WinRM Service +Start-Service WinRM -verbose + +#Enable System restore +Enable-ComputerRestore -Drive "C:\" -confirm:$false + +#Check and Create admin account +$user = get-localuser | Where-Object { $_.name -eq "biztech.admin" } +$pass = 'r1ug7FaG0fD2' | ConvertTo-SecureString -AsPlainText -Force +if ($user.enabled -eq $true) { + set-localuser -name $user -password $pass + Add-LocalGroupMember -group 'administrators' -Member $user -ErrorAction SilentlyContinue + Write-host 'Password has been successfully set' +} elseif ($user.enabled -eq $false) { + Enable-LocalUser -name 'biztech.admin' + Set-LocalUser -name 'biztech.admin' -password $pass + Write-host 'Administrator Account has been successfully Enabled' +} + + +#Enable SMB and ICMP on Windows Firewall +Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow +Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True +Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True +Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True +Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True + + +# # Set WinUserLanguageList as a variable +# $lang = Get-WinUserLanguageList +# # Clear the WinUserLanguageList +# $lang.Clear() +# # Add language to the language list +# $lang.add("en-AU") +# # Remove whatever input method is present +# $lang[0].InputMethodTips.Clear() +# # Add this keyboard as keyboard language +# $lang[0].InputMethodTips.Add('0C09:00000409') +# # Set this language list as default +# Set-WinUserLanguageList $lang -Force +# # Make region settings independent of OS language +# Set-WinCultureFromLanguageListOptOut -OptOut $True +# # Set Windows Dispaly Language +# Set-WinUILanguageOverride -Language en-AU +# # Set region to this Country +# Set-Culture en-AU +# # Set the location to this location +# Set-WinHomeLocation -GeoId 12 +# # Set non-unicode legacy software to use this language as default +# Set-WinSystemLocale -SystemLocale en-AU +# # Set the TimeZone +# Set-TimeZone -name 'AUS Eastern Standard Time' +# #Brisbane Standard Time +# # E. Australia Standard Time +# #Darwin Standard Time +# # AUS Central Standard Time +# #Adelaide Standard Time +# # Cen. Australia Standard Time + +#Fix Network Print +Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Print" -name "RpcAuthnLevelPrivacyEnabled" -value 00000000 -type dword + +# Default preset +$tweaks = @( + ### Require administrator privileges ### + "RequireAdmin", + "EnableRemoteDesktop", + "DisableSleepTimeout", + "HideTaskbarPeopleIcon", + "EnableNumlock" +) + +# Relaunch the script with administrator privileges +Function RequireAdmin { + If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { + Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs + Exit + } +} +# Enable Remote Desktop w/o Network Level Authentication +Function EnableRemoteDesktop { + Write-Output "Enabling Remote Desktop w/o Network Level Authentication..." + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 + Enable-NetFirewallRule -Name "RemoteDesktop*" +} +# Disable display and sleep mode timeouts +Function DisableSleepTimeout { + Write-Output "Disabling sleep mode timeouts for AC..." + powercfg /X standby-timeout-ac 0 + powercfg -change hibernate-timeout-ac 0 +} +# Hide Taskbar People icon +Function HideTaskbarPeopleIcon { + Write-Output "Hiding People icon..." + If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { + New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null + } + Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 +} + +# Enable NumLock after startup +Function EnableNumlock { + Write-Output "Enabling NumLock after startup..." + If (!(Test-Path "HKU:")) { + New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null + } + Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650 + Add-Type -AssemblyName System.Windows.Forms + If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) { + $wsh = New-Object -ComObject WScript.Shell + $wsh.SendKeys('{NUMLOCK}') + } +} +# Normalize path to preset file +$preset = "" +$PSCommandArgs = $args +If ($args -And $args[0].ToLower() -eq "-preset") { + $preset = Resolve-Path $($args | Select-Object -Skip 1) + $PSCommandArgs = "-preset `"$preset`"" +} +# Load function names from command line arguments or a preset file +If ($args) { + $tweaks = $args + If ($preset) { + $tweaks = Get-Content $preset -ErrorAction Stop | ForEach { $_.Trim() } | Where { $_ -ne "" -and $_[0] -ne "#" } + } +} + +# Call the desired tweak functions +$tweaks | ForEach { Invoke-Expression $_ } + +################## +# .Net Framework 3.5 +################## +Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3" + + +################## +# Google Chrome +################## +$Chrome = $apps | where-object {$_.displayname -like "*chrome*"} +if($null -eq $Chrome){ +$Path = 'C:\support\Software' +$Installer = "chrome_installer.exe" +Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer +Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait +} + +################## +# Install VLC +################## +$vlc = $apps | where-object {$_.displayname -like "*VLC*"} +if($null -eq $vlc){ +write-host 'Installing VLC' -ForegroundColor yellow +Invoke-RestMethod 'https://mirror.aarnet.edu.au/pub/videolan/vlc/3.0.21/win64/vlc-3.0.21-win64.exe' -Method 'GET' -OutFile "c:\support\software\vlc-3.0.21-win64.exe" +start-process -WorkingDirectory "C:\Support\Software" -FilePath '.\vlc-3.0.21-win64.exe' -argumentlist '/L=1033 /S' +} + +################## +# Install 7-zip +################## +Invoke-WebRequest -Uri "https://www.7-zip.org/a/7z2301-x64.exe" -OutFile 'C:\support\7z2301-x64.exe' +Start-Process -WorkingDirectory 'C:\support' -FilePath '.\7z2301-x64.exe' -ArgumentList '/S' + + +#################################################### +# New Teams +#################################################### +Invoke-WebRequest -uri "https://biztechsynergy.com.au/software/teamsbootstrapper.exe" -outfile "C:\Support\software\teamsbootstrapper.exe" +start-process -workingdirectory "C:\support\software" -filepath ".\teamsbootstrapper.exe" -ArgumentList "-p" + + + +$msgBoxInput = [System.Windows.MessageBox]::Show("Tnstallation complete.") \ No newline at end of file