Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Save as config.ps1 and then run in PowerShell
- #To enforce settings use commad 'Start-DscConfiguration -Path .\BaseImage -Verbose -Wait -Force'
- #Allow to save passwords in plaintext
- $ConfigurationData = @{
- AllNodes = @(
- @{
- NodeName="localhost"
- PSDscAllowPlainTextPassword = $true
- }
- )
- }
- Configuration BaseImage {
- Node localhost {
- #Disable services
- #Disable BitLocker Drive Encryption Service
- Service BDESVC {
- Name = "BDESVC"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable BranchCache
- Service PeerDistSvc {
- Name = "PeerDistSvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Disable Diagnostic Service Host
- Service WdiServiceHost {
- Name = "WdiServiceHost"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Diagnostic System Host
- Service WdiSystemHost {
- Name = "WdiSystemHost"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Problem Reports and Solutions Control Panel Support
- Service wercplsupport {
- Name = "wercplsupport"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Windows Media Center Sharing Service
- Service WMPNetworkSvc {
- Name = "WMPNetworkSvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Interactive Services Detection
- Service UI0Detect {
- Name = "UI0Detect"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Function Discovery Resource Publication
- Service FDResPub {
- Name = "FDResPub"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Secure Socket Tunneling Protocol Service
- Service SstpSvc {
- Name = "SstpSvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Security Center
- Service wscsvc {
- Name = "wscsvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable SSDP Discovery
- Service SSDPSRV {
- Name = "SSDPSRV"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Superfetch
- Service SysMain {
- Name = "SysMain"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Block Level Backup Engine Service
- Service wbengine {
- Name = "wbengine"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Diagnostic Policy Service
- Service DPS {
- Name = "DPS"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Disk Defragmenter
- Service Defragsvc {
- Name = "Defragsvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable HomeGroup Listener
- Service HomeGroupListener {
- Name = "HomeGroupListener"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable HomeGroup Provider
- Service HomeGroupProvider {
- Name = "HomeGroupProvider"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable IP Helper
- Service iphlpsvc {
- Name = "iphlpsvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Microsoft iSCSI Initiator Service
- Service MSiSCSI {
- Name = "MSiSCSI"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Themes
- Service Themes {
- Name = "Themes"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable UPnP Device Host
- Service upnphost {
- Name = "upnphost"
- StartupType = "Disabled"
- State = "Stopped"
- }
- #Disable Windows Error Reporting Service
- Service WerSvc {
- Name = "WerSvc"
- StartupType = "Disabled"
- State = "Stopped"
- }
- $servicelist = @("Wlansvc", #Disable WLAN AutoConfig
- "WwanSvc") #Disable WWAN AutoConfig
- foreach($service in $servicelist) {
- Service $service {
- Name = $service
- StartupType = "Disabled"
- State = "Stopped"
- }
- }
- #Disable telemetry information collection scheduled task
- Script ProgramDataUpdater {
- SetScript = {
- Get-ScheduledTask -TaskName "ProgramDataUpdater" | Disable-ScheduledTask
- }
- TestScript = {
- (Get-ScheduledTask -TaskName "ProgramDataUpdater").State -eq "Disabled"
- }
- GetScript = {
- @{ Result = (Get-ScheduledTask -TaskName "ProgramDataUpdater")}
- }
- }
- #Disable USB CEIP collection scheduled task
- Script UsbCeip {
- SetScript = {
- Get-ScheduledTask -TaskName "UsbCeip" | Disable-ScheduledTask
- }
- TestScript = {
- (Get-ScheduledTask -TaskName "UsbCeip").State -eq "Disabled"
- }
- GetScript = {
- @{ Result = (Get-ScheduledTask -TaskName "UsbCeip")}
- }
- }
- #Disable Disk Defragmentation scheduled task
- Script ScheduledDefrag {
- SetScript = {
- Get-ScheduledTask -TaskName "ScheduledDefrag" | Disable-ScheduledTask
- }
- TestScript = {
- (Get-ScheduledTask -TaskName "ScheduledDefrag").State -eq "Disabled"
- }
- GetScript = {
- @{ Result = (Get-ScheduledTask -TaskName "ScheduledDefrag")}
- }
- }
- #Disable Windows System Assessment Tool scheduled task
- Script WinSAT {
- SetScript = {
- Get-ScheduledTask -TaskName "WinSAT" | Disable-ScheduledTask
- }
- TestScript = {
- (Get-ScheduledTask -TaskName "WinSAT").State -eq "Disabled"
- }
- GetScript = {
- @{ Result = (Get-ScheduledTask -TaskName "WinSAT")}
- }
- }
- #Disable Windows Idle Registry Backup scheduled task
- Script RegIdleBackup {
- SetScript = {
- Get-ScheduledTask -TaskName "RegIdleBackup" | Disable-ScheduledTask
- }
- TestScript = {
- (Get-ScheduledTask -TaskName "RegIdleBackup").State -eq "Disabled"
- }
- GetScript = {
- @{ Result = (Get-ScheduledTask -TaskName "RegIdleBackup")}
- }
- }
- #Configure User account
- $Username = "User"
- $UserPassword = "P@ssw0rd" | ConvertTo-SecureString -asPlainText -Force
- [PSCredential] $UserCreds = New-Object System.Management.Automation.PSCredential ($Username, $UserPassword)
- User "User" {
- UserName = "User"
- Disabled = 0
- Ensure = "Present"
- Password = $UserCreds
- PasswordNeverExpires = 1
- }
- #Enable Remote Desktop Connection
- Registry fDenyTSConnections {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server"
- ValueName = "fDenyTSConnections"
- ValueData = "0"
- ValueType = "Dword"
- }
- Registry UserAuthentication {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
- ValueName = "UserAuthentication"
- ValueData = "1"
- ValueType = "Dword"
- }
- Registry SecurityLayer {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
- ValueName = "SecurityLayer"
- ValueData = "1"
- ValueType = "Dword"
- }
- #Disable Action Center icon
- Registry HideSCAHealth {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer"
- ValueName = "HideSCAHealth"
- ValueData = "1"
- ValueType = "Dword"
- }
- #Disable User Account Control
- Registry EnableLUA {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system"
- ValueName = "EnableLUA"
- ValueData = "0"
- ValueType = "Dword"
- }
- #Increase disk timeout to 120 seconds
- Registry TimeOutValue {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk"
- ValueName = "TimeOutValue"
- ValueData = "120"
- ValueType = "Dword"
- }
- #Disable Crush Dump
- Registry CrashDumpEnabled {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl"
- ValueName = "CrashDumpEnabled"
- ValueData = "0"
- ValueType = "Dword"
- }
- #Enable Automatically Reboot
- Registry AutoReboot {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl"
- ValueName = "AutoReboot"
- ValueData = "1"
- ValueType = "Dword"
- }
- #Disable system restore
- Registry DisableSR {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"
- ValueName = "DisableSR"
- ValueData = "1"
- ValueType = "Dword"
- }
- #Disable Prefetch
- Registry EnablePrefetcher {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters"
- ValueName = "EnablePrefetcher"
- ValueData = "0"
- ValueType = "Dword"
- }
- #Disable Hibernation
- Registry HibernateEnabled {
- Ensure = "Present"
- Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power"
- ValueName = "HibernateEnabled"
- ValueData = "0"
- ValueType = "Dword"
- }
- #Set active power scheme to High Performance
- Script HighPerf {
- SetScript = {
- $Pattern = "(.{8}-.{4}-.{4}-.{4}-.{12})"
- $a = (powercfg.exe -list | where { $_.contains("High performance") }) -match $Pattern
- $HighPerfPlanId = $Matches[1]
- powercfg.exe -setactive $HighPerfPlanId
- }
- TestScript = {
- $Pattern = "(.{8}-.{4}-.{4}-.{4}-.{12})"
- $a = (powercfg.exe -getactivescheme) -match $Pattern
- $CurrentPlanId = $Matches[1]
- $CurrentPlanId -eq $HighPerfPlanId
- }
- GetScript = {
- @{ Result = (powercfg.exe -getactivescheme) }
- }
- }
- #Create C:\InstallDir folder
- File InstallDir {
- Ensure = "Present"
- Type = "Directory"
- DestinationPath = "C:\InstallDir"
- }
- #Copy Horizon Agent installation file from the fileserver to the C:\InstallDir folder
- File HorizonAgentInstaller {
- Ensure = "Present"
- Type = "File"
- SourcePath = "\\fileserver.company.local\Software\Horizon\VMware-viewagent-x86_64-7.3.0-6581087.exe"
- DestinationPath = "C:\InstallDir\"
- DependsOn = "[File]InstallDir"
- }
- #Install Horizon View Agent 7.3.0 from the C:\temp
- #Use Get-Package PowerShell command to determine package Name and ProductID from the system with installed packages
- Package HorizonAgent {
- Ensure = "Present"
- Name = "VMware Horizon Agent"
- Path = "C:\Temp\VMware-viewagent-x86_64-7.3.0-6581087.exe"
- ProductID = "4F8DE7B4-394C-4CC0-831E-521D91A2DA5F"
- Arguments = '/s /v"/qn REBOOT=ReallySuppress VDM_VC_MANAGED_AGENT=1 ADDLOCAL=Core,SVIAgent,ThinPrint,USB,RTAV"'
- DependsOn = "[File]HorizonAgentInstaller"
- }
- }
- }
- BaseImage -ConfigurationData $ConfigurationData
Add Comment
Please, Sign In to add comment