#Start WinRM Service Start-Service WinRM -verbose #Enable System restore Enable-ComputerRestore -Drive "C:\" -confirm:$false ` #Enable SMB and ICMP on Windows Firewall Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True ` New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue #Enable Unzip Function - updated below #Add-Type -AssemblyName System.IO.Compression.FileSystem -ErrorAction -SilentlyContinue #function unzip { # param( [string]$ziparchive, [string]$extractpath ) # [System.IO.Compression.ZipFile]::ExtractToDirectory ( $ziparchive, $extractpath) #} # Define the paths for the zip file and extraction directory $sourceZip = "c:\support\software\O365_BP_x64.zip" $destinationDir = "c:\support\software\" # Ensure the destination directory exists if (-Not (Test-Path $destinationDir)) { New-Item -ItemType Directory -Path $destinationDir } # Extract the zip file using Expand-Archive, which handles existing files better than unzip try { Expand-Archive -Path $sourceZip -DestinationPath $destinationDir Write-Output "Extraction completed successfully." } catch { Write-Error "An error occurred during extraction: $_" exit 1 } # Continue with DISM operations if needed, ensuring to handle errors appropriately try { # Example DISM command (uncomment and modify as necessary) # DISM /Online /Cleanup-Image /RestoreHealth /Source:c:\support\software\O365_BP_x64.iso /LimitAccess } catch { Write-Error "DISM operation failed: $_" exit 1 } #Disable Windows 10 Fast startup Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 #Set Power Plan to High Performance powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3 powercfg -change -standby-timeout-ac 0 powercfg -change -hibernate-timeout-ac 0 # Disable display and sleep mode timeouts Function DisableSleepTimeout { Write-Output "Disabling sleep mode timeouts for AC..." powercfg /X standby-timeout-ac 0 powercfg -change hibernate-timeout-ac 0 } # Hide Taskbar People icon Function HideTaskbarPeopleIcon { Write-Output "Hiding People icon..." If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) { New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null } Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0 } # Enable NumLock after startup Function EnableNumlock { Write-Output "Enabling NumLock after startup..." If (!(Test-Path "HKU:")) { New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null } Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650 Add-Type -AssemblyName System.Windows.Forms If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) { $wsh = New-Object -ComObject WScript.Shell $wsh.SendKeys('{NUMLOCK}') } } ################## # .Net Framework 3.5 ################## #oldversionEnable-WindowsOptionalFeature -Online -FeatureName "NetFx3" dism /online /cleanup-image /scanhealth dism /online /cleanup-image /restorehealth #################################################### # Install Office 2016 - Office 365 Business Premium #################################################### $office = $apps | where-object {$_.displayname -like "*Office 16 Click-to-Run*"} if($null -eq $office){ Invoke-RestMethod 'https://biztechsynergy.com.au/software/O365_BP_x64.zip' -Method 'GET' -OutFile "c:\support\software\O365_BP_x64.zip" unzip "c:\support\software\O365_BP_x64.zip" "c:\support\software\office" C:\support\software\office\setup.exe /configure 'C:\support\software\office\configuration.xml' } ##################### # Install RMM Agent # ##################### # author: https://github.com/bradhawkins85 $innosetup = 'tacticalagent-v2.8.0-windows-amd64.exe' $api = '"https://api.biztechsynergy.xyz"' $clientid = '5' $siteid = '8' $agenttype = '"workstation"' $power = 1 $rdp = 1 $ping = 1 $auth = '"38afc3fe72d5d8e20db10cb1ea9171bebf054bec23c3f11eee1e0f7e01b60ed2"' $downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe' $apilink = $downloadlink.split('/') [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $serviceName = 'tacticalrmm' If (Get-Service $serviceName -ErrorAction SilentlyContinue) { write-host ('Tactical RMM Is Already Installed') } Else { $OutPath = $env:TMP $output = $innosetup $installArgs = @('-m install --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth") if ($power) { $installArgs += "--power" } if ($rdp) { $installArgs += "--rdp" } if ($ping) { $installArgs += "--ping" } Try { $DefenderStatus = Get-MpComputerStatus | select AntivirusEnabled if ($DefenderStatus -match "True") { Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*' Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*' Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*' } } Catch { # pass } $X = 0 do { Write-Output "Waiting for network" Start-Sleep -s 5 $X += 1 } until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3) if ($connectresult.TcpTestSucceeded -eq $true){ Try { Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait write-host ('Extracting...') Start-Sleep -s 5 Start-Process -FilePath "C:\Program Files\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait exit 0 } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Write-Error -Message "$ErrorMessage $FailedItem" exit 1 } Finally { Remove-Item -Path $OutPath\$output } } else { Write-Output "Unable to connect to server" } } #END