295 lines
No EOL
11 KiB
PowerShell
295 lines
No EOL
11 KiB
PowerShell
####################################
|
|
# Base System Changes and UI Tweaks
|
|
####################################
|
|
|
|
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -force
|
|
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
|
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -confirm:$false
|
|
$PSRepository = get-PSRepository
|
|
if ($PSRepository.installationpolicy -ne 'Trusted') {
|
|
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
|
|
}
|
|
|
|
$32apps = Get-WmiObject -class win32_product
|
|
$32bit = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
|
|
$64bit = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
|
|
$apps = $32bit + $64bit
|
|
|
|
#Disable Windows 10 Fast startup
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0
|
|
#Set Power Plan to High Performance
|
|
powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
|
|
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
|
|
powercfg -change -standby-timeout-ac 0
|
|
powercfg -change -hibernate-timeout-ac 0
|
|
|
|
#Enable Unzip Function
|
|
Add-Type -AssemblyName System.IO.Compression.FileSystem
|
|
function unzip {
|
|
param( [string]$ziparchive, [string]$extractpath )
|
|
[System.IO.Compression.ZipFile]::ExtractToDirectory( $ziparchive, $extractpath )
|
|
}
|
|
|
|
#Create ProgramData\BTS Directories
|
|
New-Item -ItemType directory -Path C:\ProgramData\BTS -ErrorAction SilentlyContinue
|
|
New-Item -ItemType directory -Path C:\ProgramData\BTS\software -ErrorAction SilentlyContinue
|
|
New-Item -ItemType directory -Path C:\ProgramData\BTS\software\AnyDesk -ErrorAction SilentlyContinue
|
|
|
|
#Install BizTech Synergy RMM Agent
|
|
# author: https://github.com/bradhawkins85
|
|
$innosetup = 'tacticalagent-v2.8.0-windows-amd64.exe'
|
|
$api = '"https://api.biztechsynergy.xyz"'
|
|
$clientid = '3'
|
|
$siteid = '5'
|
|
$agenttype = '"workstation"'
|
|
$power = 0
|
|
$rdp = 1
|
|
$ping = 1
|
|
$auth = '"e8653cfe1d9750985926f13fdd79aca7bb79327c1fc5cca9fa06a533f762c7be"'
|
|
$downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe'
|
|
$apilink = $downloadlink.split('/')
|
|
|
|
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
|
|
|
$serviceName = 'tacticalrmm'
|
|
If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
|
|
write-host ('Tactical RMM Is Already Installed')
|
|
} Else {
|
|
$OutPath = $env:TMP
|
|
$output = $innosetup
|
|
|
|
$installArgs = @('-m install --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")
|
|
|
|
if ($power) {
|
|
$installArgs += "--power"
|
|
}
|
|
|
|
if ($rdp) {
|
|
$installArgs += "--rdp"
|
|
}
|
|
|
|
if ($ping) {
|
|
$installArgs += "--ping"
|
|
}
|
|
|
|
Try
|
|
{
|
|
$DefenderStatus = Get-MpComputerStatus | select AntivirusEnabled
|
|
if ($DefenderStatus -match "True") {
|
|
Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalAgent\*'
|
|
Add-MpPreference -ExclusionPath 'C:\ProgramData\Mesh Agent\*'
|
|
Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
|
|
}
|
|
}
|
|
Catch {
|
|
# pass
|
|
}
|
|
|
|
$X = 0
|
|
do {
|
|
Write-Output "Waiting for network"
|
|
Start-Sleep -s 5
|
|
$X += 1
|
|
} until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3)
|
|
|
|
if ($connectresult.TcpTestSucceeded -eq $true){
|
|
Try
|
|
{
|
|
Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
|
|
Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
|
|
write-host ('Extracting...')
|
|
Start-Sleep -s 5
|
|
Start-Process -FilePath "C:\ProgramData\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
|
|
exit 0
|
|
}
|
|
Catch
|
|
{
|
|
$ErrorMessage = $_.Exception.Message
|
|
$FailedItem = $_.Exception.ItemName
|
|
Write-Error -Message "$ErrorMessage $FailedItem"
|
|
exit 1
|
|
}
|
|
Finally
|
|
{
|
|
Remove-Item -Path $OutPath\$output
|
|
}
|
|
} else {
|
|
Write-Output "Unable to connect to server"
|
|
}
|
|
}
|
|
|
|
#Start WinRM Service
|
|
Start-Service WinRM -verbose
|
|
|
|
#Enable System restore
|
|
Enable-ComputerRestore -Drive "C:\" -confirm:$false
|
|
|
|
#Check and Create admin account
|
|
$user = get-localuser | Where-Object { $_.name -eq "biztech.admin" }
|
|
$pass = 'r1ug7FaG0fD2' | ConvertTo-SecureString -AsPlainText -Force
|
|
if ($user.enabled -eq $true) {
|
|
set-localuser -name $user -password $pass
|
|
Add-LocalGroupMember -group 'administrators' -Member $user -ErrorAction SilentlyContinue
|
|
Write-host 'Password has been successfully set'
|
|
} elseif ($user.enabled -eq $false) {
|
|
Enable-LocalUser -name 'biztech.admin'
|
|
Set-LocalUser -name 'biztech.admin' -password $pass
|
|
Write-host 'Administrator Account has been successfully Enabled'
|
|
}
|
|
|
|
|
|
#Enable SMB and ICMP on Windows Firewall
|
|
Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
|
|
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True
|
|
|
|
|
|
# # Set WinUserLanguageList as a variable
|
|
# $lang = Get-WinUserLanguageList
|
|
# # Clear the WinUserLanguageList
|
|
# $lang.Clear()
|
|
# # Add language to the language list
|
|
# $lang.add("en-AU")
|
|
# # Remove whatever input method is present
|
|
# $lang[0].InputMethodTips.Clear()
|
|
# # Add this keyboard as keyboard language
|
|
# $lang[0].InputMethodTips.Add('0C09:00000409')
|
|
# # Set this language list as default
|
|
# Set-WinUserLanguageList $lang -Force
|
|
# # Make region settings independent of OS language
|
|
# Set-WinCultureFromLanguageListOptOut -OptOut $True
|
|
# # Set Windows Dispaly Language
|
|
# Set-WinUILanguageOverride -Language en-AU
|
|
# # Set region to this Country
|
|
# Set-Culture en-AU
|
|
# # Set the location to this location
|
|
# Set-WinHomeLocation -GeoId 12
|
|
# # Set non-unicode legacy software to use this language as default
|
|
# Set-WinSystemLocale -SystemLocale en-AU
|
|
# # Set the TimeZone
|
|
# Set-TimeZone -name 'AUS Eastern Standard Time'
|
|
# #Brisbane Standard Time
|
|
# # E. Australia Standard Time
|
|
# #Darwin Standard Time
|
|
# # AUS Central Standard Time
|
|
# #Adelaide Standard Time
|
|
# # Cen. Australia Standard Time
|
|
|
|
#Fix Network Print
|
|
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Print" -name "RpcAuthnLevelPrivacyEnabled" -value 00000000 -type dword
|
|
|
|
# Default preset
|
|
$tweaks = @(
|
|
### Require administrator privileges ###
|
|
"RequireAdmin",
|
|
"EnableRemoteDesktop",
|
|
"DisableSleepTimeout",
|
|
"HideTaskbarPeopleIcon",
|
|
"EnableNumlock"
|
|
)
|
|
|
|
# Relaunch the script with administrator privileges
|
|
Function RequireAdmin {
|
|
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
|
|
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs
|
|
Exit
|
|
}
|
|
}
|
|
# Enable Remote Desktop w/o Network Level Authentication
|
|
Function EnableRemoteDesktop {
|
|
Write-Output "Enabling Remote Desktop w/o Network Level Authentication..."
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
|
|
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
|
|
Enable-NetFirewallRule -Name "RemoteDesktop*"
|
|
}
|
|
# Disable display and sleep mode timeouts
|
|
Function DisableSleepTimeout {
|
|
Write-Output "Disabling sleep mode timeouts for AC..."
|
|
powercfg /X standby-timeout-ac 0
|
|
powercfg -change hibernate-timeout-ac 0
|
|
}
|
|
# Hide Taskbar People icon
|
|
Function HideTaskbarPeopleIcon {
|
|
Write-Output "Hiding People icon..."
|
|
If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
|
|
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
|
|
}
|
|
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
|
|
}
|
|
|
|
# Enable NumLock after startup
|
|
Function EnableNumlock {
|
|
Write-Output "Enabling NumLock after startup..."
|
|
If (!(Test-Path "HKU:")) {
|
|
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
|
|
}
|
|
Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
|
|
Add-Type -AssemblyName System.Windows.Forms
|
|
If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
|
|
$wsh = New-Object -ComObject WScript.Shell
|
|
$wsh.SendKeys('{NUMLOCK}')
|
|
}
|
|
}
|
|
# Normalize path to preset file
|
|
$preset = ""
|
|
$PSCommandArgs = $args
|
|
If ($args -And $args[0].ToLower() -eq "-preset") {
|
|
$preset = Resolve-Path $($args | Select-Object -Skip 1)
|
|
$PSCommandArgs = "-preset `"$preset`""
|
|
}
|
|
# Load function names from command line arguments or a preset file
|
|
If ($args) {
|
|
$tweaks = $args
|
|
If ($preset) {
|
|
$tweaks = Get-Content $preset -ErrorAction Stop | ForEach { $_.Trim() } | Where { $_ -ne "" -and $_[0] -ne "#" }
|
|
}
|
|
}
|
|
|
|
# Call the desired tweak functions
|
|
$tweaks | ForEach { Invoke-Expression $_ }
|
|
|
|
##################
|
|
# .Net Framework 3.5
|
|
##################
|
|
Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3"
|
|
|
|
|
|
##################
|
|
# Google Chrome
|
|
##################
|
|
$Chrome = $apps | where-object {$_.displayname -like "*chrome*"}
|
|
if($null -eq $Chrome){
|
|
$Path = 'C:\ProgramData\BTS\software'
|
|
$Installer = "chrome_installer.exe"
|
|
Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer
|
|
Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait
|
|
}
|
|
|
|
##################
|
|
# Install VLC
|
|
##################
|
|
$vlc = $apps | where-object {$_.displayname -like "*VLC*"}
|
|
if($null -eq $vlc){
|
|
write-host 'Installing VLC' -ForegroundColor yellow
|
|
Invoke-RestMethod 'https://mirror.aarnet.edu.au/pub/videolan/vlc/3.0.21/win64/vlc-3.0.21-win64.exe' -Method 'GET' -OutFile "c:\ProgramData\BTS\software\vlc-3.0.21-win64.exe"
|
|
start-process -WorkingDirectory "C:\ProgramData\BTS\Software" -FilePath '.\vlc-3.0.21-win64.exe' -argumentlist '/L=1033 /S'
|
|
}
|
|
|
|
##################
|
|
# Install 7-zip
|
|
##################
|
|
Invoke-WebRequest -Uri "https://www.7-zip.org/a/7z2301-x64.exe" -OutFile 'C:\ProgramData\BTS\7z2301-x64.exe'
|
|
Start-Process -WorkingDirectory 'C:\ProgramData\BTS' -FilePath '.\7z2301-x64.exe' -ArgumentList '/S'
|
|
|
|
|
|
####################################################
|
|
# New Teams
|
|
####################################################
|
|
Invoke-WebRequest -uri "https://biztechsynergy.com.au/software/teamsbootstrapper.exe" -outfile "C:\ProgramData\BTS\software\teamsbootstrapper.exe"
|
|
start-process -workingdirectory "C:\ProgramData\BTS\software" -filepath ".\teamsbootstrapper.exe" -ArgumentList "-p"
|
|
|
|
|
|
|
|
$msgBoxInput = [System.Windows.MessageBox]::Show("Tnstallation complete.") |