├── README.md ├── Deploy-BgInfo-WS2012-R2.ps1 ├── Deploy-BgInfo-WS2016-WS2019-WS2022-WS2025.ps1 └── Template_Customization_Windows_Server_2016_2019.ps1 /README.md: -------------------------------------------------------------------------------- 1 | # Hyper-V-VM-Template 2 | 3 | This repository contains PowerShell scripts designed to automate and simplify the process of creating Hyper-V VM templates. 4 | 5 | The goal is to save time, reduce errors, and ensure consistency by eliminating the need for repetitive configuration changes and performance tweaks. 6 | 7 | Since I perform extensive research and testing, I often work with a variety of virtual machines (VMs) that are built and rebuilt frequently. As a result, I primarily deploy them from a pre-configured template (base or golden image). 8 | 9 | Currently, this repository includes the following PowerShell scripts: 10 | 11 | - **Deploy-BgInfo-WS2012-R2.ps1** 12 | 13 | More information about this script used to deploy BgInfo on a Windows Server 2012 R2 can be found on my blog: https://wmatthyssen.com/2019/09/11/powershell-bginfo-automation-script-for-windows-server-2012-r2/ 14 | 15 | - **Deploy-BgInfo-WS2016-WS2019-WS2022-WS2025.ps1** 16 | 17 | More information about this script used to deploy BgInfo on a Windows Server 2016, 2019, 2022, or 2025 can be found on my blog: https://wmatthyssen.com/2025/04/07/powershell-script-bginfo-deployment-script-for-windows-server-2025/ 18 | 19 | - **Template_Customization_Windows_Server_2016_2019.ps1** 20 | 21 | More information about this script used to build a management groups tree structure can be found on my blog: https://wmatthyssen.com/2022/04/04/azure-powershell-script-create-a-management-group-tree-hierarchy/ 22 | 23 | -------------------------------------------------------------------------------- /Deploy-BgInfo-WS2012-R2.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | 4 | A script used to download, install and configure the latest BgInfo version on a Windows Server 2012 R2. 5 | 6 | .DESCRIPTION 7 | 8 | A script used to download, install and configure the latest BgInfo version (v4.28) on a Windows Server 2012 R2. 9 | The BgInfo folder will be created on the C: drive if the folder does not already exist. 10 | Then the latest BgInfo.zip file will be downloaded and extracted in the BgInfo folder. 11 | The LogonBgi.zip file which holds the preferred settings will also be downloaded and extracted to the BgInfo folder. 12 | After extraction both .zip files will be deleted. 13 | A registry key (regkey) to AutoStart the BgInfo tool in combination with the logon.bgi config file will be created. 14 | At the end of the script BgInfo will be started for the first time and the PowerShell window will be closed. 15 | 16 | .NOTES 17 | 18 | File Name: Deploy-BgInfo-WS2012-R2.ps1 19 | Created: 17/09/2018 20 | Last modified: 16/01/2022 21 | Author: Wim Matthyssen 22 | PowerShell: 4.0 or above 23 | Requires: -RunAsAdministrator 24 | OS: Windows Server 2012 R2 25 | Version: 2.0 26 | Action: Change variables were needed to fit your needs 27 | Disclaimer: This script is provided "As Is" with no warranties. 28 | 29 | .EXAMPLE 30 | 31 | .\Deploy-BgInfo-WS2012-R2.ps1 32 | 33 | .LINK 34 | 35 | https://wmatthyssen.com/2019/09/11/powershell-bginfo-automation-script-for-windows-server-2012-r2/ 36 | #> 37 | 38 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 39 | 40 | ## Variables 41 | 42 | $bgInfoFolder = "C:\BgInfo" 43 | $bgInfoFolderContent = $bgInfoFolder + "\*" 44 | $itemType = "Directory" 45 | $bgInfoUrl = "https://download.sysinternals.com/files/BGInfo.zip" 46 | $bgInfoZip = "C:\BgInfo\BgInfo.zip" 47 | $bgInfoEula = "C:\BgInfo\Eula.txt" 48 | $logonBgiUrl = "https://tinyurl.com/yxlxbgun" 49 | $logonBgiZip = "C:\BgInfo\LogonBgi.zip" 50 | $bgInfoRegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 51 | $bgInfoRegkey = "BgInfo" 52 | $bgInfoRegType = "String" 53 | $bgInfoRegkeyValue = "C:\BgInfo\Bginfo.exe C:\BgInfo\logon.bgi /timer:0 /nolicprompt" 54 | $regKeyExists = (Get-Item $bgInfoRegPath -EA Ignore).Property -contains $bgInfoRegkey 55 | 56 | $foregroundColor1 = "Red" 57 | $foregroundColor2 = "Yellow" 58 | $writeEmptyLine = "`n" 59 | 60 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 61 | 62 | ## Start script execution 63 | 64 | Write-Host ($writeEmptyLine + "# BgInfo deployment script started")` 65 | -foregroundcolor $foregroundColor1 $writeEmptyLine 66 | 67 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 68 | 69 | ## Create BgInfo folder on C: if it not exists, else delete it's content 70 | 71 | If (!(Test-Path -Path $bgInfoFolder)) 72 | { 73 | New-Item -ItemType $itemType -Force -Path $bgInfoFolder 74 | Write-Host ($writeEmptyLine + "# BgInfo folder created")` 75 | -foregroundcolor $foregroundColor2 $writeEmptyLine 76 | } 77 | Else 78 | { 79 | Write-Host ($writeEmptyLine + "# BgInfo folder already exists")` 80 | -foregroundcolor $foregroundColor2 $writeEmptyLine 81 | Remove-Item $bgInfoFolderContent -Force -Recurse -ErrorAction SilentlyContinue 82 | Write-Host ($writeEmptyLine + "# Content existing BgInfo folder deleted")` 83 | -foregroundcolor $foregroundColor2 $writeEmptyLine 84 | } 85 | 86 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 87 | 88 | ## Download, save and extract latest BgInfo software to C:\BgInfo 89 | 90 | Import-Module BitsTransfer 91 | Start-BitsTransfer -Source $bgInfoUrl -Destination $bgInfoZip 92 | [System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null 93 | [System.IO.Compression.ZipFile]::ExtractToDirectory($bgInfoZip, $bgInfoFolder) 94 | Remove-Item $bgInfoZip 95 | Remove-Item $bgInfoEula 96 | 97 | Write-Host ($writeEmptyLine + "# bginfo.exe available")` 98 | -foregroundcolor $foregroundColor2 $writeEmptyLine 99 | 100 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 101 | 102 | ## Download, save and extract logon.bgi file to C:\BgInfo 103 | 104 | Invoke-WebRequest -Uri $logonBgiUrl -OutFile $logonBgiZip 105 | [System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null 106 | [System.IO.Compression.ZipFile]::ExtractToDirectory($logonBgiZip, $bgInfoFolder) 107 | Remove-Item $logonBgiZip 108 | 109 | Write-Host ($writeEmptyLine + "# logon.bgi available")` 110 | -foregroundcolor $foregroundColor2 $writeEmptyLine 111 | 112 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 113 | 114 | ## Create BgInfo Registry Key to AutoStart 115 | 116 | If ($regKeyExists -eq $True) 117 | { 118 | Write-Host ($writeEmptyLine + "# BgInfo regkey exists, script wil go on")` 119 | -foregroundcolor $foregroundColor1 $writeEmptyLine 120 | } 121 | Else 122 | { 123 | New-ItemProperty -Path $bgInfoRegPath -Name $bgInfoRegkey -PropertyType $bgInfoRegType -Value $bgInfoRegkeyValue 124 | 125 | Write-Host ($writeEmptyLine + "# BgInfo regkey added")` 126 | -foregroundcolor $foregroundColor2 $writeEmptyLine 127 | } 128 | 129 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 130 | 131 | ## Run BgInfo 132 | 133 | C:\BgInfo\Bginfo.exe C:\BgInfo\logon.bgi /timer:0 /nolicprompt 134 | 135 | Write-Host ($writeEmptyLine + "# BgInfo has ran for the first time")` 136 | -foregroundcolor $foregroundColor2 $writeEmptyLine 137 | 138 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 139 | 140 | ## Exit PowerShell window 3 seconds after completion 141 | 142 | Write-Host ($writeEmptyLine + "# Script completed, the PowerShell window will close in 3 seconds")` 143 | -foregroundcolor $foregroundColor1 $writeEmptyLine 144 | Start-Sleep 3 145 | stop-process -Id $PID 146 | 147 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 148 | -------------------------------------------------------------------------------- /Deploy-BgInfo-WS2016-WS2019-WS2022-WS2025.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | 4 | A script used to download, install, and configure the latest version of BgInfo on Windows Server 2016, 2019, 2022, or 2025. 5 | 6 | .DESCRIPTION 7 | 8 | A script used to download, install, and configure the latest version of BgInfo on Windows Server 2016, 2019, 2022, or 2025. 9 | This script will do all of the following: 10 | 11 | Check if PowerShell is running as Administrator, otherwise exit the script. 12 | Create a BgInfo folder on the C: drive if it doesn't already exist; otherwise, delete its contents. 13 | Download, save and extract latest BGInfo software to C:\BgInfo. 14 | Download, save and extract logon.bgi file to C:\BgInfo. 15 | Create BgInfo registry key for AutoStart. 16 | Run BgInfo. 17 | 18 | .NOTES 19 | 20 | File Name: Deploy-BgInfo-WS2016-WS2019-WS2022-WS2025.ps1 21 | Created: 08/09/2019 22 | Last Modified: 03/04/2025 23 | Author: Wim Matthyssen 24 | PowerShell: Version 5.1 or later 25 | Requires: -RunAsAdministrator 26 | OS Support: Windows Server 2016, 2019, 2022, and 2025 27 | Version: 3.2 28 | Note: Update variables as needed to fit your environment 29 | Disclaimer: This script is provided "As Is" without any warranties. 30 | 31 | .EXAMPLE 32 | 33 | .\Deploy-BgInfo-WS2016-WS2019-WS2022-WS2025.ps1 34 | 35 | .LINK 36 | 37 | https://wmatthyssen.com/2025/04/07/powershell-script-bginfo-deployment-script-for-windows-server-2025/ 38 | #> 39 | 40 | ## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 41 | 42 | ## Variables 43 | 44 | $bgInfoFolder = "C:\BgInfo" 45 | $bgInfoFolderContent = "$bgInfoFolder\*" 46 | #$itemType = "Directory" 47 | $bgInfoUrl = "https://download.sysinternals.com/files/BGInfo.zip" 48 | $bgInfoZip = "C:\BgInfo\BGInfo.zip" 49 | $bgInfoEula = "C:\BgInfo\Eula.txt" 50 | $logonBgiUrl = "https://tinyurl.com/yxlxbgun" 51 | $logonBgiZip = "$bgInfoFolder\LogonBgi.zip" 52 | $bgInfoRegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 53 | $bgInfoRegKey = "BgInfo" 54 | #$bgInfoRegType = "String" 55 | $bgInfoRegKeyValue = "C:\BgInfo\Bginfo64.exe C:\BgInfo\logon.bgi /timer:0 /nolicprompt" 56 | #$regKeyExists = (Get-Item $bgInfoRegPath -EA Ignore).Property -contains $bgInfoRegkey 57 | 58 | $global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"} 59 | $foregroundColor1 = "Green" 60 | $foregroundColor2 = "Yellow" 61 | $foregroundColor3 = "Red" 62 | $writeEmptyLine = "`n" 63 | $writeSeperatorSpaces = " - " 64 | 65 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 66 | 67 | ## Check if PowerShell is running as Administrator, otherwise exit the script 68 | 69 | $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) 70 | 71 | if (-not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 72 | Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperatorSpaces + $currentTime)` 73 | -foregroundcolor $foregroundColor3 $writeEmptyLine 74 | exit 75 | } 76 | 77 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 78 | 79 | ## Write script started 80 | 81 | Write-Host ($writeEmptyLine + "# Script started. Without errors, it can take up to 2 minutes to complete" + $writeSeperatorSpaces + $currentTime)` 82 | -foregroundcolor $foregroundColor1 $writeEmptyLine 83 | 84 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 85 | 86 | ## Create a BgInfo folder on the C: drive if it doesn't already exist; otherwise, delete its contents 87 | 88 | try { 89 | if (!(Test-Path -Path $bgInfoFolder)) { 90 | New-Item -ItemType Directory -Force -Path $bgInfoFolder | Out-Null 91 | Write-Host ($writeEmptyLine + "# BgInfo folder created at $bgInfoFolder" + $writeSeperatorSpaces + $currentTime)` 92 | -foregroundcolor $foregroundColor2 $writeEmptyLine 93 | } else { 94 | Remove-Item -Path $bgInfoFolderContent -Force -Recurse -ErrorAction SilentlyContinue 95 | Write-Host ($writeEmptyLine + "# Existing BgInfo folder content deleted" + $writeSeperatorSpaces + $currentTime)` 96 | -foregroundcolor $foregroundColor2 $writeEmptyLine 97 | } 98 | } catch { 99 | Write-Host ($writeEmptyLine + "# Failed to create or clean BgInfo folder: $_" + "ERROR" + $writeSeperatorSpaces + $currentTime)` 100 | -foregroundcolor $foregroundColor3 $writeEmptyLine 101 | exit 102 | } 103 | 104 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 105 | 106 | ## Download, save and extract latest BGInfo software to C:\BgInfo 107 | 108 | try { 109 | # Import the BitsTransfer module to enable file transfer using Background Intelligent Transfer Service (BITS) 110 | Import-Module BitsTransfer -ErrorAction Stop 111 | # Download the BgInfo ZIP file from the specified URL and save it to the specified destination 112 | Start-BitsTransfer -Source $bgInfoUrl -Destination $bgInfoZip 113 | # Extract the contents of the downloaded ZIP file to the BgInfo folder 114 | Expand-Archive -LiteralPath $bgInfoZip -DestinationPath $bgInfoFolder -Force 115 | # Remove the ZIP file and the EULA file after extraction to clean up 116 | Remove-Item $bgInfoZip, $bgInfoEula -Force 117 | Write-Host ($writeEmptyLine + "# BgInfo downloaded and extracted successfully" + $writeSeperatorSpaces + $currentTime)` 118 | -foregroundcolor $foregroundColor2 $writeEmptyLine 119 | } catch { 120 | Write-Host ($writeEmptyLine + "# Failed to download or extract BgInfo: $_" + "ERROR" + $writeSeperatorSpaces + $currentTime)` 121 | -foregroundcolor $foregroundColor3 $writeEmptyLine 122 | exit 123 | } 124 | 125 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 126 | 127 | ## Download, save and extract logon.bgi file to C:\BgInfo 128 | 129 | try { 130 | # Ensure TLS 1.2 is used for compatibility with modern HTTPS endpoints (required for Windows Server 2016) 131 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 132 | # Download the logon.bgi file 133 | Invoke-WebRequest -Uri $logonBgiUrl -OutFile $logonBgiZip -ErrorAction Stop 134 | # Extract the ZIP file 135 | Expand-Archive -LiteralPath $logonBgiZip -DestinationPath $bgInfoFolder -Force 136 | # Clean up the ZIP file 137 | Remove-Item $logonBgiZip -Force 138 | Write-Host ($writeEmptyLine + "# logon.bgi available" + $writeSeperatorSpaces + $currentTime)` 139 | -foregroundcolor $foregroundColor2 $writeEmptyLine 140 | } catch { 141 | Write-Host ($writeEmptyLine + "# Failed to download or extract logon.bgi: $_" + "ERROR" + $writeSeperatorSpaces + $currentTime)` 142 | -foregroundcolor $foregroundColor3 $writeEmptyLine 143 | exit 144 | } 145 | 146 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 147 | 148 | ## Create BgInfo registry key for AutoStart 149 | 150 | try { 151 | if (Get-ItemProperty -Path $bgInfoRegPath -Name $bgInfoRegKey -ErrorAction SilentlyContinue) { 152 | Write-Host ($writeEmptyLine + "# BgInfo registry key already exists" + $writeSeperatorSpaces + $currentTime)` 153 | -foregroundcolor $foregroundColor2 $writeEmptyLine 154 | } else { 155 | New-ItemProperty -Path $bgInfoRegPath -Name $bgInfoRegKey -PropertyType String -Value $bgInfoRegKeyValue -Force | Out-Null 156 | Write-Host ($writeEmptyLine + "# BgInfo registry key created" + $writeSeperatorSpaces + $currentTime)` 157 | -foregroundcolor $foregroundColor2 $writeEmptyLine 158 | } 159 | } catch { 160 | Write-Host ($writeEmptyLine + "# Failed to create BgInfo registry key: $_" + "ERROR" + $writeSeperatorSpaces + $currentTime)` 161 | -foregroundcolor $foregroundColor3 $writeEmptyLine 162 | exit 163 | } 164 | 165 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 166 | 167 | ## Run BgInfo 168 | 169 | try { 170 | Start-Process -FilePath "C:\BgInfo\Bginfo64.exe" -ArgumentList "C:\BgInfo\logon.bgi /timer:0 /nolicprompt" -NoNewWindow -Wait 171 | Write-Host ($writeEmptyLine + "# BgInfo executed successfully" + $writeSeperatorSpaces + $currentTime)` 172 | -foregroundcolor $foregroundColor2 $writeEmptyLine 173 | } catch { 174 | Write-Host ($writeEmptyLine + "# Failed to execute BgInfo: $_" + "ERROR" + $writeSeperatorSpaces + $currentTime)` 175 | -foregroundcolor $foregroundColor3 $writeEmptyLine 176 | exit 177 | } 178 | 179 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 180 | 181 | ## Write script completed 182 | 183 | Write-Host ($writeEmptyLine + "# Script completed" + $writeSeperatorSpaces + $currentTime)` 184 | -foregroundcolor $foregroundColor1 $writeEmptyLine 185 | 186 | ## --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 187 | 188 | -------------------------------------------------------------------------------- /Template_Customization_Windows_Server_2016_2019.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | 4 | A script used to customize a template for Windows Server 2016 or 2019. 5 | 6 | .Description 7 | 8 | A script used to customize a Windows Server 2016 or 2019 virtual machine (VM) template (base image). 9 | When all customizations are set, you will be asked to reboot the server to apply all changes. 10 | 11 | .Notes 12 | 13 | File Name: Template_Customization_Windows_Server_2016_2019.ps1 14 | Created: 09/09/2019 15 | Last modified: 10/05/2020 16 | Author: Wim Matthyssen 17 | PowerShell: 5.1 or above 18 | Requires: -RunAsAdministrator 19 | OS: Windows Server 2016 and Windows Server 2019 20 | Version: 2.0 21 | Action: Change variables were needed to fit your needs 22 | Disclaimer: This script is provided "As Is" with no warranties. 23 | 24 | .Example 25 | 26 | .\Template_Customization_Windows_Server_2016_2019.ps1 27 | 28 | .LINK 29 | 30 | https://tinyurl.com/y3wmsh7o 31 | #> 32 | 33 | ## Variables 34 | 35 | $serverName = "vm-tmpl-w2k19" 36 | $driveLabel = "OS" 37 | $tempFolder = "C:\Temp" 38 | $timezone = "Romance Standard Time" 39 | $powerManagement = "High performance" 40 | $cdromDriveletter = "z:" 41 | $adminIEsecurityregpath = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" 42 | $adminIEsecuritykey = "IsInstalled" 43 | $windowsBuildNumber = (Get-WmiObject Win32_OperatingSystem).BuildNumber 44 | $interActiveLogonregpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" 45 | $interActiveLogonkey = "DontDisplayLastUsername" 46 | $regkeyPathUAC = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" 47 | $regkeyRDPPrinterMapping = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" 48 | $regkeyServerManager = "HKLM:\SOFTWARE\Microsoft\ServerManager" 49 | $regkeyWindowsDiagnosticLevel = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" 50 | $oldLocalAdministratorName = "Administrator" 51 | $newLocalAdministratorName = "y_local-stnadmin" 52 | $password = "Sup3rS3cr3tP@ssword" | ConvertTo-SecureString -AsPlainText -Force 53 | $windowsServer2016 = "14393" 54 | $windowsServer2019 = "17763" 55 | $writeEmptyLine = "`n" 56 | $writeSeperator = " - " 57 | $time = Get-Date -UFormat "%A %m/%d/%Y %R" 58 | $foregroundColor1 = "Yellow" 59 | $foregroundColor2 = "Red" 60 | 61 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 62 | 63 | ## Write Download started 64 | 65 | Write-Host ($writeEmptyLine + "# Template custimization started" + $writeSeperator + $time)` 66 | -foregroundcolor $foregroundColor2 $writeEmptyLine 67 | 68 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 69 | 70 | ## Enable Remote Desktop and add Windows Firewall exception 71 | 72 | Import-Module NetSecurity 73 | (Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null 74 | (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null 75 | Get-NetFirewallRule -DisplayName "Remote Desktop*" | Set-NetFirewallRule -enabled true 76 | Write-Host ($writeEmptyLine + "# Remote Deskopt enabled" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 77 | 78 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 79 | 80 | ## Enable secure RDP authentication Network Level Authentication (NLA) 81 | 82 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 83 | Write-Host ($writeEmptyLine + "# RDP NLA enabled" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 84 | 85 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 86 | 87 | ## Allow ICMP (ping) through Windows Firewall IPv4 and IPv6 88 | 89 | New-NetFirewallRule -Name Allow_Ping_ICMPv4 -DisplayName "Allow Ping ICMPv4" -Description "Packet Internet Groper ICMPv4" -Protocol ICMPv4 -IcmpType 8 -Enabled True -Profile Any -Action Allow 90 | New-NetFirewallRule -Name Allow_Ping_ICMPv6 -DisplayName "Allow Ping ICMPv6" -Description "Packet Internet Groper ICMPv6" -Protocol ICMPv6 -IcmpType 8 -Enabled True -Profile Any -Action Allow 91 | Write-Host ($writeEmptyLine + "# Allowed ping trough firewall" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 92 | 93 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 94 | 95 | ## Disable guest account 96 | 97 | net user guest /active:no 98 | Disable-LocalUser -Name "guest" 99 | Write-Host ($writeEmptyLine + "# Guest account disabled" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 100 | 101 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 102 | 103 | ## Disable RDP printer mapping 104 | 105 | Set-ItemProperty -Path $regkeyRDPPrinterMapping -Name fDisableCpm -Value 1 106 | Write-Host ($writeEmptyLine + "# RDP printer mapping disabled" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 107 | 108 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 109 | 110 | ## Disable WAC pop-up in Server Manager on Windows Server 2019 111 | 112 | ## 113 | 114 | If ($windowsBuildNumber -eq $windowsServer2019) 115 | { 116 | New-ItemProperty -Path $regkeyServerManager -Name 'DoNotPopWACConsoleAtSMLaunch' -PropertyType 'DWord' -Value '1' -Force | Out-Null 117 | Write-Host ($writeEmptyLine + "# WAC pop-up disabled in Server Manager" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 118 | } 119 | 120 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 121 | 122 | ## Remove description of the Local Administrator Account 123 | 124 | Set-LocalUser -Name $oldLocalAdministratorName -Description "" 125 | Write-Host ($writeEmptyLine + "# Description removed from Local Administrator Account" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 126 | 127 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 128 | 129 | ## Set Local Administrator password 130 | 131 | $userAccount = Get-LocalUser -Name $oldLocalAdministratorName 132 | $userAccount | Set-LocalUser -Password $password 133 | Write-Host ($writeEmptyLine + "# Local Administrator password set" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 134 | 135 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 136 | 137 | ## Rename Local Administrator Account 138 | 139 | Rename-LocalUser -Name $oldLocalAdministratorName -NewName $newLocalAdministratorName 140 | Write-Host ($writeEmptyLine + "# Local Administrator renamed" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 141 | 142 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 143 | 144 | ## Set volume label of C: to OS 145 | 146 | $drive = Get-WmiObject win32_volume -Filter "DriveLetter = 'C:'" 147 | $drive.Label = $driveLabel 148 | $drive.put() 149 | Write-Host ($writeEmptyLine + "# Volumelabel of C: set to $driveLabel" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 150 | 151 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 152 | 153 | ## Change CD-ROM drive letter 154 | 155 | (Get-WmiObject Win32_cdromdrive).drive | ForEach-Object{$a = mountvol $_ /l;mountvol $_ /d;$a = $a.Trim();mountvol $cdromDriveletter $a} 156 | Write-Host ($writeEmptyLine + "# CD-ROM driveletter set to $$cdromDriveletter" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 157 | 158 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 159 | 160 | ## Create the C:\Temp folder if not exists 161 | 162 | If(!(test-path $tempFolder)) 163 | { 164 | New-Item -ItemType Directory -Force -Path $tempFolder 165 | } 166 | Write-Host ($writeEmptyLine + "# $tempFolder created" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 167 | 168 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 169 | 170 | ## Set Windows Diagnostic level (Telemetry) to Security 171 | 172 | New-ItemProperty -Path $regkeyWindowsDiagnosticLevel -Name 'AllowTelemetry' -PropertyType 'DWord' -Value '0' -Force | Out-Null 173 | Write-Host ($writeEmptyLine + "# Windows Diagnostic level (Telemetry) set to Security" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 174 | 175 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 176 | 177 | ## Set Time Zone 178 | 179 | Set-TimeZone -Name $timezone 180 | Write-Host ($writeEmptyLine + "# Timezone set to $timezone" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 181 | 182 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 183 | 184 | ## Set Power Management to High Performance if it is not currently the active plan 185 | 186 | Try { 187 | $highPerf = powercfg -l | ForEach-Object{if($_.contains($powerManagement)) {$_.split()[3]}} 188 | $currPlan = $(powercfg -getactivescheme).split()[3] 189 | if ($currPlan -ne $highPerf) {powercfg -setactive $highPerf} 190 | } Catch { 191 | Write-Warning -Message "Unable to set power plan to $powerManagement" -foregroundcolor $foregroundColor2 192 | } 193 | Write-Host ($writeEmptyLine + "# Power Management set to $powerManagement" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 194 | 195 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 196 | 197 | ## Disable IE security for Administrators 198 | 199 | Set-ItemProperty -Path $adminIEsecurityregpath -Name $adminIEsecuritykey -Value 0 200 | Stop-Process -Name Explorer 201 | Write-Host ($writeEmptyLine + "# Done Disabling IE Enhanced Security Configuration for the Administrator" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 202 | 203 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 204 | 205 | ## Set the Interactive Login to "Do not display the last user name" 206 | 207 | Set-ItemProperty -Path $interActiveLogonregpath -Name $interActiveLogonkey -Value 1 208 | Write-Host ($writeEmptyLine + "# Interactive Login set to - Do not display last user name" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 209 | 210 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 211 | 212 | ## Enable User Account Control (UAC) 213 | 214 | Set-ItemProperty -Path $regkeyPathUAC -Name "EnableLUA" -Value 1 215 | Write-Host ($writeEmptyLine + "# User Access Control (UAC) enalbed" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 216 | 217 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 218 | 219 | ## Set Windows Server 2016 or 2019 Automatic Virtual Machine Activation (AVMA) key 220 | 221 | If ($windowsBuildNumber -eq $windowsServer2016) 222 | { 223 | slmgr /ipk C3RCX-M6NRP-6CXC9-TW2F2-4RHYD 224 | Write-Host ($writeEmptyLine + "# Windows Server 2016 Standard AVMA key set" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 225 | } 226 | Else 227 | { 228 | slmgr /ipk TNK62-RXVTB-4P47B-2D623-4GF74 229 | Write-Host ($writeEmptyLine + "# Windows Server 2019 Standard AVMA key set" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 230 | } 231 | 232 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 233 | 234 | ## Rename server 235 | 236 | Rename-Computer –NewName $serverName 237 | Write-Host ($writeEmptyLine + "# Server renamed to $serverName" + $writeSeperator + $time) -foregroundcolor $foregroundColor1 $writeEmptyLine 238 | 239 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 240 | 241 | ## Restart server to apply all changes 242 | 243 | Write-Host ($writeEmptyLine + "# This server will restart to apply all changes" + $writeSeperator + $time) -foregroundcolor $foregroundColor2 $writeEmptyLine 244 | Restart-Computer -ComputerName localhost 245 | 246 | ##------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 247 | 248 | --------------------------------------------------------------------------------