API tools faq
paste
Guest User

Untitled

a guest
Apr 15th, 2018
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.83 KB | None | 0 0
raw download clone embed print report
  1. #Save as config.ps1 and then run in PowerShell
  2. #To enforce settings use commad 'Start-DscConfiguration -Path .\BaseImage -Verbose -Wait -Force'
  3.  
  4. #Allow to save passwords in plaintext
  5. $ConfigurationData = @{
  6. AllNodes = @(
  7. @{
  8. NodeName="localhost"
  9. PSDscAllowPlainTextPassword = $true
  10. }
  11. )
  12. }
  13.  
  14. Configuration BaseImage {
  15. Node localhost {
  16.  
  17. #Disable services
  18.  
  19. #Disable BitLocker Drive Encryption Service
  20. Service BDESVC {
  21. Name = "BDESVC"
  22. StartupType = "Disabled"
  23. State = "Stopped"
  24. }
  25.  
  26. #Disable BranchCache
  27. Service PeerDistSvc {
  28. Name = "PeerDistSvc"
  29. StartupType = "Disabled"
  30. State = "Stopped"
  31. }
  32.  
  33. #Disable Disable Diagnostic Service Host
  34. Service WdiServiceHost {
  35. Name = "WdiServiceHost"
  36. StartupType = "Disabled"
  37. State = "Stopped"
  38. }
  39.  
  40. #Disable Diagnostic System Host
  41. Service WdiSystemHost {
  42. Name = "WdiSystemHost"
  43. StartupType = "Disabled"
  44. State = "Stopped"
  45. }
  46.  
  47. #Disable Problem Reports and Solutions Control Panel Support
  48. Service wercplsupport {
  49. Name = "wercplsupport"
  50. StartupType = "Disabled"
  51. State = "Stopped"
  52. }
  53.  
  54. #Disable Windows Media Center Sharing Service
  55. Service WMPNetworkSvc {
  56. Name = "WMPNetworkSvc"
  57. StartupType = "Disabled"
  58. State = "Stopped"
  59. }
  60.  
  61. #Disable Interactive Services Detection
  62. Service UI0Detect {
  63. Name = "UI0Detect"
  64. StartupType = "Disabled"
  65. State = "Stopped"
  66. }
  67.  
  68. #Disable Function Discovery Resource Publication
  69. Service FDResPub {
  70. Name = "FDResPub"
  71. StartupType = "Disabled"
  72. State = "Stopped"
  73. }
  74.  
  75. #Disable Secure Socket Tunneling Protocol Service
  76. Service SstpSvc {
  77. Name = "SstpSvc"
  78. StartupType = "Disabled"
  79. State = "Stopped"
  80. }
  81.  
  82. #Disable Security Center
  83. Service wscsvc {
  84. Name = "wscsvc"
  85. StartupType = "Disabled"
  86. State = "Stopped"
  87. }
  88.  
  89. #Disable SSDP Discovery
  90. Service SSDPSRV {
  91. Name = "SSDPSRV"
  92. StartupType = "Disabled"
  93. State = "Stopped"
  94. }
  95.  
  96. #Disable Superfetch
  97. Service SysMain {
  98. Name = "SysMain"
  99. StartupType = "Disabled"
  100. State = "Stopped"
  101. }
  102.  
  103. #Disable Block Level Backup Engine Service
  104. Service wbengine {
  105. Name = "wbengine"
  106. StartupType = "Disabled"
  107. State = "Stopped"
  108. }
  109.  
  110. #Disable Diagnostic Policy Service
  111. Service DPS {
  112. Name = "DPS"
  113. StartupType = "Disabled"
  114. State = "Stopped"
  115. }
  116.  
  117. #Disable Disk Defragmenter
  118. Service Defragsvc {
  119. Name = "Defragsvc"
  120. StartupType = "Disabled"
  121. State = "Stopped"
  122. }
  123.  
  124. #Disable HomeGroup Listener
  125. Service HomeGroupListener {
  126. Name = "HomeGroupListener"
  127. StartupType = "Disabled"
  128. State = "Stopped"
  129. }
  130.  
  131. #Disable HomeGroup Provider
  132. Service HomeGroupProvider {
  133. Name = "HomeGroupProvider"
  134. StartupType = "Disabled"
  135. State = "Stopped"
  136. }
  137.  
  138. #Disable IP Helper
  139. Service iphlpsvc {
  140. Name = "iphlpsvc"
  141. StartupType = "Disabled"
  142. State = "Stopped"
  143. }
  144.  
  145. #Disable Microsoft iSCSI Initiator Service
  146. Service MSiSCSI {
  147. Name = "MSiSCSI"
  148. StartupType = "Disabled"
  149. State = "Stopped"
  150. }
  151.  
  152. #Disable Themes
  153. Service Themes {
  154. Name = "Themes"
  155. StartupType = "Disabled"
  156. State = "Stopped"
  157. }
  158.  
  159. #Disable UPnP Device Host
  160. Service upnphost {
  161. Name = "upnphost"
  162. StartupType = "Disabled"
  163. State = "Stopped"
  164. }
  165.  
  166. #Disable Windows Error Reporting Service
  167. Service WerSvc {
  168. Name = "WerSvc"
  169. StartupType = "Disabled"
  170. State = "Stopped"
  171. }
  172.  
  173. $servicelist = @("Wlansvc", #Disable WLAN AutoConfig
  174. "WwanSvc") #Disable WWAN AutoConfig
  175.  
  176. foreach($service in $servicelist) {
  177.  
  178. Service $service {
  179. Name = $service
  180. StartupType = "Disabled"
  181. State = "Stopped"
  182. }
  183.  
  184. }
  185.  
  186. #Disable telemetry information collection scheduled task
  187. Script ProgramDataUpdater {
  188. SetScript = {
  189. Get-ScheduledTask -TaskName "ProgramDataUpdater" | Disable-ScheduledTask
  190. }
  191.  
  192. TestScript = {
  193. (Get-ScheduledTask -TaskName "ProgramDataUpdater").State -eq "Disabled"
  194. }
  195.  
  196. GetScript = {
  197. @{ Result = (Get-ScheduledTask -TaskName "ProgramDataUpdater")}
  198. }
  199. }
  200.  
  201. #Disable USB CEIP collection scheduled task
  202. Script UsbCeip {
  203. SetScript = {
  204. Get-ScheduledTask -TaskName "UsbCeip" | Disable-ScheduledTask
  205. }
  206.  
  207. TestScript = {
  208. (Get-ScheduledTask -TaskName "UsbCeip").State -eq "Disabled"
  209. }
  210.  
  211. GetScript = {
  212. @{ Result = (Get-ScheduledTask -TaskName "UsbCeip")}
  213. }
  214. }
  215.  
  216. #Disable Disk Defragmentation scheduled task
  217. Script ScheduledDefrag {
  218. SetScript = {
  219. Get-ScheduledTask -TaskName "ScheduledDefrag" | Disable-ScheduledTask
  220. }
  221.  
  222. TestScript = {
  223. (Get-ScheduledTask -TaskName "ScheduledDefrag").State -eq "Disabled"
  224. }
  225.  
  226. GetScript = {
  227. @{ Result = (Get-ScheduledTask -TaskName "ScheduledDefrag")}
  228. }
  229. }
  230.  
  231. #Disable Windows System Assessment Tool scheduled task
  232. Script WinSAT {
  233. SetScript = {
  234. Get-ScheduledTask -TaskName "WinSAT" | Disable-ScheduledTask
  235. }
  236.  
  237. TestScript = {
  238. (Get-ScheduledTask -TaskName "WinSAT").State -eq "Disabled"
  239. }
  240.  
  241. GetScript = {
  242. @{ Result = (Get-ScheduledTask -TaskName "WinSAT")}
  243. }
  244. }
  245.  
  246. #Disable Windows Idle Registry Backup scheduled task
  247. Script RegIdleBackup {
  248. SetScript = {
  249. Get-ScheduledTask -TaskName "RegIdleBackup" | Disable-ScheduledTask
  250. }
  251.  
  252. TestScript = {
  253. (Get-ScheduledTask -TaskName "RegIdleBackup").State -eq "Disabled"
  254. }
  255.  
  256. GetScript = {
  257. @{ Result = (Get-ScheduledTask -TaskName "RegIdleBackup")}
  258. }
  259. }
  260.  
  261. #Configure User account
  262. $Username = "User"
  263. $UserPassword = "P@ssw0rd" | ConvertTo-SecureString -asPlainText -Force
  264.  
  265. [PSCredential] $UserCreds = New-Object System.Management.Automation.PSCredential ($Username, $UserPassword)
  266.  
  267. User "User" {
  268. UserName = "User"
  269. Disabled = 0
  270. Ensure = "Present"
  271. Password = $UserCreds
  272. PasswordNeverExpires = 1
  273. }
  274.  
  275. #Enable Remote Desktop Connection
  276. Registry fDenyTSConnections {
  277. Ensure = "Present"
  278. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server"
  279. ValueName = "fDenyTSConnections"
  280. ValueData = "0"
  281. ValueType = "Dword"
  282. }
  283.  
  284. Registry UserAuthentication {
  285. Ensure = "Present"
  286. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
  287. ValueName = "UserAuthentication"
  288. ValueData = "1"
  289. ValueType = "Dword"
  290. }
  291.  
  292. Registry SecurityLayer {
  293. Ensure = "Present"
  294. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
  295. ValueName = "SecurityLayer"
  296. ValueData = "1"
  297. ValueType = "Dword"
  298. }
  299.  
  300. #Disable Action Center icon
  301. Registry HideSCAHealth {
  302. Ensure = "Present"
  303. Key = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer"
  304. ValueName = "HideSCAHealth"
  305. ValueData = "1"
  306. ValueType = "Dword"
  307. }
  308.  
  309. #Disable User Account Control
  310. Registry EnableLUA {
  311. Ensure = "Present"
  312. Key = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system"
  313. ValueName = "EnableLUA"
  314. ValueData = "0"
  315. ValueType = "Dword"
  316. }
  317.  
  318. #Increase disk timeout to 120 seconds
  319. Registry TimeOutValue {
  320. Ensure = "Present"
  321. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk"
  322. ValueName = "TimeOutValue"
  323. ValueData = "120"
  324. ValueType = "Dword"
  325. }
  326.  
  327. #Disable Crush Dump
  328. Registry CrashDumpEnabled {
  329. Ensure = "Present"
  330. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl"
  331. ValueName = "CrashDumpEnabled"
  332. ValueData = "0"
  333. ValueType = "Dword"
  334. }
  335.  
  336. #Enable Automatically Reboot
  337. Registry AutoReboot {
  338. Ensure = "Present"
  339. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl"
  340. ValueName = "AutoReboot"
  341. ValueData = "1"
  342. ValueType = "Dword"
  343. }
  344.  
  345. #Disable system restore
  346. Registry DisableSR {
  347. Ensure = "Present"
  348. Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"
  349. ValueName = "DisableSR"
  350. ValueData = "1"
  351. ValueType = "Dword"
  352. }
  353.  
  354. #Disable Prefetch
  355. Registry EnablePrefetcher {
  356. Ensure = "Present"
  357. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters"
  358. ValueName = "EnablePrefetcher"
  359. ValueData = "0"
  360. ValueType = "Dword"
  361. }
  362.  
  363. #Disable Hibernation
  364. Registry HibernateEnabled {
  365. Ensure = "Present"
  366. Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power"
  367. ValueName = "HibernateEnabled"
  368. ValueData = "0"
  369. ValueType = "Dword"
  370. }
  371.  
  372. #Set active power scheme to High Performance
  373. Script HighPerf {
  374. SetScript = {
  375. $Pattern = "(.{8}-.{4}-.{4}-.{4}-.{12})"
  376. $a = (powercfg.exe -list | where { $_.contains("High performance") }) -match $Pattern
  377. $HighPerfPlanId = $Matches[1]
  378. powercfg.exe -setactive $HighPerfPlanId
  379. }
  380.  
  381. TestScript = {
  382. $Pattern = "(.{8}-.{4}-.{4}-.{4}-.{12})"
  383. $a = (powercfg.exe -getactivescheme) -match $Pattern
  384. $CurrentPlanId = $Matches[1]
  385. $CurrentPlanId -eq $HighPerfPlanId
  386. }
  387.  
  388. GetScript = {
  389. @{ Result = (powercfg.exe -getactivescheme) }
  390. }
  391. }
  392.  
  393. #Create C:\InstallDir folder
  394. File InstallDir {
  395. Ensure = "Present"
  396. Type = "Directory"
  397. DestinationPath = "C:\InstallDir"
  398. }
  399.  
  400. #Copy Horizon Agent installation file from the fileserver to the C:\InstallDir folder
  401. File HorizonAgentInstaller {
  402. Ensure = "Present"
  403. Type = "File"
  404. SourcePath = "\\fileserver.company.local\Software\Horizon\VMware-viewagent-x86_64-7.3.0-6581087.exe"
  405. DestinationPath = "C:\InstallDir\"
  406. DependsOn = "[File]InstallDir"
  407. }
  408.  
  409. #Install Horizon View Agent 7.3.0 from the C:\temp
  410. #Use Get-Package PowerShell command to determine package Name and ProductID from the system with installed packages
  411. Package HorizonAgent {
  412. Ensure = "Present"
  413. Name = "VMware Horizon Agent"
  414. Path = "C:\Temp\VMware-viewagent-x86_64-7.3.0-6581087.exe"
  415. ProductID = "4F8DE7B4-394C-4CC0-831E-521D91A2DA5F"
  416. Arguments = '/s /v"/qn REBOOT=ReallySuppress VDM_VC_MANAGED_AGENT=1 ADDLOCAL=Core,SVIAgent,ThinPrint,USB,RTAV"'
  417. DependsOn = "[File]HorizonAgentInstaller"
  418. }
  419.  
  420. }
  421. }
  422.  
  423. BaseImage -ConfigurationData $ConfigurationData
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!