sweenig

W2k8Prep

Jan 15th, 2014
1,819
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. param([String]$downloadlocation="C:\installers")
  2. #set-executionpolicy remotesigned -force
  3. clear-host
  4. for ($i = 1; $i -lt 9; $i++) {Write-Host}
  5. #########################################################################
  6. # Stuart Weenig (stuart <at> weenig <dot> com)
  7. # "w2k8prep.ps1"
  8. # http://stuart.weenig.com/2013/02/w2k8prep.html
  9. #
  10. # v1.7 - 6/20/2013 - started implementing version numbers. This version
  11. # prompts for each function allowing the script to be reran without
  12. # executing each part again.
  13. #
  14. # v1.8 - 11/11/2013 - Added ability to disable IPv6 and configure SNMP
  15. # with default parameters (public community string and access from any
  16. # host.
  17. #
  18. # v1.9 - planned - need to implement logging and config file generation
  19. #
  20. # If you edit this script please keep my name as an author and
  21. # keep me apprised of the changes, see email address above.
  22. #
  23. # This content has not necessarily been checked, tested, or approved by
  24. # CA Technologies (or anyone else). Stuart Weenig SHALL NOT BE LIABLE TO
  25. # ANY READER OF THIS BLOG OR THIRD PARTY FOR DIRECT, CONSEQUENTIAL,
  26. # INCIDENTAL, INDIRECT AND/OR SPECIAL DAMAGES FOR ANY CLAIMS ARISING FROM
  27. # OR IN ANY WAY CONNECTED WITH YOUR DECISION TO ACCESS OR USE ANY SUCH
  28. # FILES, EVEN IF THE POSSIBILITY OF SUCH DAMAGES IS, OR SHOULD HAVE BEEN,
  29. # KNOWN. THESE FILE(S) ARE PROVIDED AS IS WITHOUT ANY warranty or
  30. # representation of any kind express or implied including without
  31. # limitation any implied warranty of merchantability/satisfactory
  32. # quality, fitness for a particular purpose or non-infringment. Your
  33. # usage of this file any such Files found at stuart.weenig.com is at your
  34. # own risk. You are solely responsible for testing such Files prior to
  35. # implementing them in either a test or production environment. I
  36. # encourage you to check for any documentation (if provided) by looking
  37. # in the blog posts or comments for additional information (if
  38. # available). It is recommended to deploy/implement in a test or QA
  39. # environment before implementing in a production environment. Such Files
  40. # are not covered by Stuart Weenig's Support Policy and Terms. Stuart
  41. # Weenig will not under any circumstances support them.
  42. #########################################################################
  43.  
  44. #Disable IE ESC
  45. $a = new-object -comobject wscript.shell
  46. $intAnswer = $a.popup("Do you want to disable Internet Explorer Enhanced Security Configuration?",0,"Disable IE ESC?",4)
  47. If ($intAnswer -eq 6) {
  48.     $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
  49.     $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
  50.     Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
  51.     Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
  52.     Stop-Process -Name Explorer
  53.     Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
  54. }
  55. #disable UAC
  56. $intAnswer = $a.popup("Do you want to disable User Account Control?",0,"Disable UAC?",4)
  57. If ($intAnswer -eq 6) {
  58.     Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
  59.     Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
  60. }
  61. #Disable DEP
  62. $intAnswer = $a.popup("Do you want to disable Data Execution Prevention?",0,"Disable DEP?",4)
  63. If ($intAnswer -eq 6) {
  64.     bcdedit /set nx OptIn
  65.     Write-Host "DEP has been enabled only for Windows services and features." -ForegroundColor Green
  66. }
  67. #Disable Firewall
  68. $intAnswer = $a.popup("Do you want to disable the Windows firewall?",0,"Disable firewall?",4)
  69. If ($intAnswer -eq 6) {
  70.     netsh advfirewall set allprofiles state off
  71.     Write-Host "Firewall has been disabled." -ForegroundColor Green
  72. }
  73. #Download flash installer
  74. $intAnswer = $a.popup("Do you want to download the Flash installer?",0,"Download Flash?",4)
  75. If ($intAnswer -eq 6) {
  76.     $check = test-path $downloadlocation -pathType container
  77.     if($check -eq $FALSE) {
  78.         new-item $downloadlocation -type directory
  79.         write-host "Download location doesn't exist, creating..." -ForegroundColor Green
  80.     }
  81.     $source = "http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_10_active_x.exe"
  82.     $destination = "$downloadlocation\install_flash_player_10_active_x.exe"
  83.     $wc = New-Object System.Net.WebClient
  84.     $wc.DownloadFile($source, $destination)
  85.     write-host "The Flash installer has been downloaded to $downloadlocation." -ForegroundColor Green
  86. }
  87. #Download java installer
  88. $intAnswer = $a.popup("Do you want to download the Java installer?",0,"Download Java?",4)
  89. If ($intAnswer -eq 6) {
  90.     $check = test-path $downloadlocation -pathType container
  91.     if($check -eq $FALSE) {
  92.         new-item $downloadlocation -type directory
  93.         write-host "Download location doesn't exist, creating..." -ForegroundColor Green
  94.     }
  95.     $source = "http://javadl.sun.com/webapps/download/AutoDL?BundleId=68736"
  96.     $destination = "$downloadlocation\jre-7u7-windows-x64.exe"
  97.     $wc = New-Object System.Net.WebClient
  98.     $wc.DownloadFile($source, $destination)
  99.     write-host "The Java installer has been downloaded to $downloadlocation." -ForegroundColor Green
  100. }
  101. #Install Missing Roles/Features
  102. $intAnswer = $a.popup("Do you want to install missing roles and features?",0,"Install Missing Roles?",4)
  103. If ($intAnswer -eq 6) {
  104.     write-host "Installing missing roles and features..." -ForegroundColor Green
  105.     import-module servermanager
  106.     add-windowsfeature web-server,web-asp-net,web-asp,web-metabase,application-server,as-ent-services,snmp-service -Restart
  107. }
  108. # Enable RDP Connections
  109. $intAnswer = $a.popup("Do you want to enable RDP connections?",0,"Enable RDP?",4)
  110. If ($intAnswer -eq 6) {
  111.     $RDP = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer localhost -Authentication 6 -ErrorAction Stop
  112.     $result = $RDP.SetAllowTsConnections(1,1)
  113.     if($result.ReturnValue -eq 0) {Write-Host "Enabled RDP Successfully" -ForegroundColor Green} else {Write-Host "Failed to enabled RDP" -ForegroundColor Green}
  114. }
  115.  
  116.  
  117.  
  118. # Disable IPv6
  119. $intAnswer = $a.popup("Do you want to disable IPv6?",0,"Disable IPv6?",4)
  120. If ($intAnswer -eq 6) {
  121.     New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"
  122.     Write-Host "IPv6 Disabled. The server must be rebooted for the changes to take effect." -ForegroundColor Green
  123. }
  124.  
  125. # Configure SNMP
  126. $intAnswer = $a.popup("Do you want to configure 'public' as the default SNMP community string and allow SNMP requests from any IP address?",0,"Configure Community String?",4)
  127. If ($intAnswer -eq 6) {
  128.     New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -Name "public" -Value "4" -PropertyType "DWord"
  129.     Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -Name 1
  130.     Write-Host "Community string configured." -ForegroundColor Green
  131. }
  132.  
  133.  
  134.  
  135. # uninstall .net 4.0 (if present)
  136. $intAnswer = $a.popup("Do you want to try to uninstall .Net 4.0?",0,"Uninstall .Net 4.0?",4)
  137. If ($intAnswer -eq 6) {
  138.     $netuninstaller = "$downloadlocation\uninstall.net4.0.bat"
  139.     new-item $netuninstaller -type file -force
  140.     $ospath = $env:systemroot
  141.     $checkextended = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe"
  142.     if ($checkextended) {
  143.         write-host ".Net 4.0 Extended Profile detected." -ForegroundColor Green
  144.         add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstall /x86 /x64 /ia64 /parameterfolder Extended /q /norestart"
  145.     }
  146.     $checkclient = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe"
  147.     if ($checkclient) {
  148.         write-host ".Net 4.0 Client Profile detected." -ForegroundColor Green
  149.         add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstall /x86 /x64 /parameterfolder Client /q"
  150.     }
  151.     if ($checkextended -or $checkclient) {
  152.     write-host "Uninstalling .Net 4.0. The server will reboot when finished." -ForegroundColor Green
  153.     & $downloadlocation\uninstall.net4.0.bat }
  154. }
  155. # install windows updates
  156. $intAnswer = $a.popup("Do you want to download and install Windows updates?",0,"Install Windows Updates?",4)
  157. If ($intAnswer -eq 6) {
  158.     #setup windows updates
  159.     $WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
  160.     $WUSettings.NotificationLevel=1
  161.     $WUSettings.save()
  162.     #***********************************************************************
  163.     # "Install-WindowsUpdates.ps1"
  164.     # http://irl33t.com/blog/2010/03/install-windowsupdates-ps1
  165.     # Re-posted by Aaron Wurthmann (aaron <at> wurthmann <dot> com)
  166.     #
  167.     # If you edit please keep my name as an author and
  168.     # keep me apprised of the changes, see email address above.
  169.     # This code may not be used for commercial purposes.
  170.     # You the executor,runner,user accept all liability.
  171.     # This code comes with ABSOLUTELY NO WARRANTY.
  172.     # You may redistribute copies of the code under the terms of the GPL v2.
  173.     # -----------------------------------------------------------------------
  174.     # 2010.03.01 ver 1.1
  175.     #
  176.     # Summary:
  177.     # Gets and installed Windows Updates
  178.     #
  179.     # Background:
  180.     # A friend of mine posted this code into a chat Window one day to aid me
  181.     # with a project I was working on. Converting my batch scripts to PowerShell
  182.     # He couldn't remember where he got the code from so as a result I can't give
  183.     # the original author the credit they deserve. I made some very minor edits
  184.     # in order to change the code/script to what I use it for. Mainly a module
  185.     # to my Windows Logon Script.
  186.     #************************************************************************
  187.     #clear-host
  188.     Write-host "Starting Update Process..." -foregroundcolor blue
  189.     Write-host ""
  190.     $UpdateSession = New-Object -com Microsoft.Update.Session
  191.     $UpdateSearcher = $UpdateSession.CreateupdateSearcher()
  192.     $SearchResult =  $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
  193.     $UpdateLowNumber = 0
  194.     $UpdateHighNumber = 1
  195.     $NumberofUpdates = $searchResult.Updates.Count
  196.     while ($UpdateHighNumber -le $NumberofUpdates) {
  197.     $UpdatesToDownload = New-Object -com Microsoft.Update.UpdateColl
  198.     $Update = $searchResult.Updates.Item($UpdateLowNumber)
  199.     if ($Update.EulaAccepted -eq 0) {$Update.AcceptEula()}
  200.     [void]$UpdatesToDownload.Add($Update)
  201.     $Downloader = $UpdateSession.CreateUpdateDownloader()
  202.     $Downloader.Updates = $UpdatesToDownload
  203.     [void]$Downloader.Download()
  204.     $UpdatesToInstall = New-Object -com Microsoft.Update.UpdateColl
  205.     [void]$UpdatesToInstall.Add($Update)
  206.     $Title = $update.Title
  207.     $KBArticleIDs = $update.KBArticleIDs
  208.     $SecurityBulletinIDs = $update.SecurityBulletinIDs
  209.     $MsrcSeverity = $update.MsrcSeverity
  210.     $LastDeploymentChangeTime = $update.LastDeploymentChangeTime
  211.     $MoreInfoUrls = $update.MoreInfoUrls
  212.     Write-host "Installing Update $UpdateHighNumber of $NumberofUpdates"
  213.     Write-host "Title: $Title"
  214.     if ($KBArticleIDs -ne "") {Write-host "KBID: $KBArticleIDs"}
  215.     if ($SecurityBulletinIDs -ne "") {write-host "Security Bulletin: $SecurityBulletinIDs"}
  216.     if ($MsrcSeverity -eq "Critical") {Write-host "Rating: $MsrcSeverity" -foregroundcolor red} else {Write-host "Rating: $MsrcSeverity"}
  217.     if ($LastDeploymentChangeTime -ne "") {Write-host "Dated: $LastDeploymentChangeTime"}
  218.     if ($MoreInfoUrls -ne "") {Write-host "$MoreInfoUrls"}
  219.     $Installer = $UpdateSession.CreateUpdateInstaller()
  220.     $Installer.Updates = $UpdatesToInstall
  221.     $InstallationResult = $Installer.Install()
  222.     Write-host "--------------------------------------------"
  223.     if ($InstallationResult.ResultCode -eq "2") {Write-host "  Installation Succeeded" -foregroundcolor green}  else {Write-host "  INSTALLATION FAILED, check event log for details" -foregroundcolor red}
  224.     if ($InstallationResult.RebootRequired -eq "False") {Write-host "  Reboot not required" -foregroundcolor green} else {Write-host "  REBOOT REQUIRED" -foregroundcolor red}
  225.     Write-host "--------------------------------------------"
  226.     Write-host ""
  227.     Write-host ""
  228.     $Title = ""
  229.     $KBArticleIDs =  ""
  230.     $SecurityBulletinIDs =  ""
  231.     $MsrcSeverity =  ""
  232.     $LastDeploymentChangeTime =  ""
  233.     $MoreInfoUrls =  ""
  234.     $UpdateLowNumber = $UpdateLowNumber + 1
  235.     $UpdateHighNumber = $UpdateHighNumber + 1
  236.     if ($ProgressValue -lt $NumberofUpdates) {$ProgressValue = $ProgressValue + 1}
  237.     }
  238.     $ComputerStatus = New-Object -com Microsoft.Update.SystemInfo
  239.     if ($ComputerStatus.RebootRequired -eq 1) {
  240.         $intAnswer = $a.popup("A reboot is needed.  Reboot now?",0,"Reboot?",4)
  241.         If ($intAnswer -eq 6) {Restart-Computer}
  242.     }
  243. }
RAW Paste Data