SHARE
TWEET

W2k8Prep

sweenig Jan 15th, 2014 1,635 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. param([String]$downloadlocation="C:\installers")
  2. #set-executionpolicy remotesigned -force
  3. clear-host
  4. for ($i = 1; $i -lt 9; $i++) {Write-Host}
  5. #########################################################################
  6. # Stuart Weenig (stuart <at> weenig <dot> com)
  7. # "w2k8prep.ps1"
  8. # http://stuart.weenig.com/2013/02/w2k8prep.html
  9. #
  10. # v1.7 - 6/20/2013 - started implementing version numbers. This version
  11. # prompts for each function allowing the script to be reran without
  12. # executing each part again.
  13. #
  14. # v1.8 - 11/11/2013 - Added ability to disable IPv6 and configure SNMP
  15. # with default parameters (public community string and access from any
  16. # host.
  17. #
  18. # v1.9 - planned - need to implement logging and config file generation
  19. #
  20. # If you edit this script please keep my name as an author and
  21. # keep me apprised of the changes, see email address above.
  22. #
  23. # This content has not necessarily been checked, tested, or approved by
  24. # CA Technologies (or anyone else). Stuart Weenig SHALL NOT BE LIABLE TO
  25. # ANY READER OF THIS BLOG OR THIRD PARTY FOR DIRECT, CONSEQUENTIAL,
  26. # INCIDENTAL, INDIRECT AND/OR SPECIAL DAMAGES FOR ANY CLAIMS ARISING FROM
  27. # OR IN ANY WAY CONNECTED WITH YOUR DECISION TO ACCESS OR USE ANY SUCH
  28. # FILES, EVEN IF THE POSSIBILITY OF SUCH DAMAGES IS, OR SHOULD HAVE BEEN,
  29. # KNOWN. THESE FILE(S) ARE PROVIDED AS IS WITHOUT ANY warranty or
  30. # representation of any kind express or implied including without
  31. # limitation any implied warranty of merchantability/satisfactory
  32. # quality, fitness for a particular purpose or non-infringment. Your
  33. # usage of this file any such Files found at stuart.weenig.com is at your
  34. # own risk. You are solely responsible for testing such Files prior to
  35. # implementing them in either a test or production environment. I
  36. # encourage you to check for any documentation (if provided) by looking
  37. # in the blog posts or comments for additional information (if
  38. # available). It is recommended to deploy/implement in a test or QA
  39. # environment before implementing in a production environment. Such Files
  40. # are not covered by Stuart Weenig's Support Policy and Terms. Stuart
  41. # Weenig will not under any circumstances support them.
  42. #########################################################################
  43.  
  44. #Disable IE ESC
  45. $a = new-object -comobject wscript.shell
  46. $intAnswer = $a.popup("Do you want to disable Internet Explorer Enhanced Security Configuration?",0,"Disable IE ESC?",4)
  47. If ($intAnswer -eq 6) {
  48.         $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
  49.         $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
  50.         Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
  51.         Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
  52.         Stop-Process -Name Explorer
  53.         Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
  54. }
  55. #disable UAC
  56. $intAnswer = $a.popup("Do you want to disable User Account Control?",0,"Disable UAC?",4)
  57. If ($intAnswer -eq 6) {
  58.         Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
  59.         Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
  60. }
  61. #Disable DEP
  62. $intAnswer = $a.popup("Do you want to disable Data Execution Prevention?",0,"Disable DEP?",4)
  63. If ($intAnswer -eq 6) {
  64.         bcdedit /set nx OptIn
  65.         Write-Host "DEP has been enabled only for Windows services and features." -ForegroundColor Green
  66. }
  67. #Disable Firewall
  68. $intAnswer = $a.popup("Do you want to disable the Windows firewall?",0,"Disable firewall?",4)
  69. If ($intAnswer -eq 6) {
  70.         netsh advfirewall set allprofiles state off
  71.         Write-Host "Firewall has been disabled." -ForegroundColor Green
  72. }
  73. #Download flash installer
  74. $intAnswer = $a.popup("Do you want to download the Flash installer?",0,"Download Flash?",4)
  75. If ($intAnswer -eq 6) {
  76.         $check = test-path $downloadlocation -pathType container
  77.         if($check -eq $FALSE) {
  78.                 new-item $downloadlocation -type directory
  79.                 write-host "Download location doesn't exist, creating..." -ForegroundColor Green
  80.         }
  81.         $source = "http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_10_active_x.exe"
  82.         $destination = "$downloadlocation\install_flash_player_10_active_x.exe"
  83.         $wc = New-Object System.Net.WebClient
  84.         $wc.DownloadFile($source, $destination)
  85.         write-host "The Flash installer has been downloaded to $downloadlocation." -ForegroundColor Green
  86. }
  87. #Download java installer
  88. $intAnswer = $a.popup("Do you want to download the Java installer?",0,"Download Java?",4)
  89. If ($intAnswer -eq 6) {
  90.         $check = test-path $downloadlocation -pathType container
  91.         if($check -eq $FALSE) {
  92.                 new-item $downloadlocation -type directory
  93.                 write-host "Download location doesn't exist, creating..." -ForegroundColor Green
  94.         }
  95.         $source = "http://javadl.sun.com/webapps/download/AutoDL?BundleId=68736"
  96.         $destination = "$downloadlocation\jre-7u7-windows-x64.exe"
  97.         $wc = New-Object System.Net.WebClient
  98.         $wc.DownloadFile($source, $destination)
  99.         write-host "The Java installer has been downloaded to $downloadlocation." -ForegroundColor Green
  100. }
  101. #Install Missing Roles/Features
  102. $intAnswer = $a.popup("Do you want to install missing roles and features?",0,"Install Missing Roles?",4)
  103. If ($intAnswer -eq 6) {
  104.         write-host "Installing missing roles and features..." -ForegroundColor Green
  105.         import-module servermanager
  106.         add-windowsfeature web-server,web-asp-net,web-asp,web-metabase,application-server,as-ent-services,snmp-service -Restart
  107. }
  108. # Enable RDP Connections
  109. $intAnswer = $a.popup("Do you want to enable RDP connections?",0,"Enable RDP?",4)
  110. If ($intAnswer -eq 6) {
  111.         $RDP = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer localhost -Authentication 6 -ErrorAction Stop
  112.         $result = $RDP.SetAllowTsConnections(1,1)
  113.         if($result.ReturnValue -eq 0) {Write-Host "Enabled RDP Successfully" -ForegroundColor Green} else {Write-Host "Failed to enabled RDP" -ForegroundColor Green}
  114. }
  115.  
  116.  
  117.  
  118. # Disable IPv6
  119. $intAnswer = $a.popup("Do you want to disable IPv6?",0,"Disable IPv6?",4)
  120. If ($intAnswer -eq 6) {
  121.         New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"
  122.         Write-Host "IPv6 Disabled. The server must be rebooted for the changes to take effect." -ForegroundColor Green
  123. }
  124.  
  125. # Configure SNMP
  126. $intAnswer = $a.popup("Do you want to configure 'public' as the default SNMP community string and allow SNMP requests from any IP address?",0,"Configure Community String?",4)
  127. If ($intAnswer -eq 6) {
  128.         New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -Name "public" -Value "4" -PropertyType "DWord"
  129.         Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -Name 1
  130.         Write-Host "Community string configured." -ForegroundColor Green
  131. }
  132.  
  133.  
  134.  
  135. # uninstall .net 4.0 (if present)
  136. $intAnswer = $a.popup("Do you want to try to uninstall .Net 4.0?",0,"Uninstall .Net 4.0?",4)
  137. If ($intAnswer -eq 6) {
  138.         $netuninstaller = "$downloadlocation\uninstall.net4.0.bat"
  139.         new-item $netuninstaller -type file -force
  140.         $ospath = $env:systemroot
  141.         $checkextended = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe"
  142.         if ($checkextended) {
  143.                 write-host ".Net 4.0 Extended Profile detected." -ForegroundColor Green
  144.                 add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstall /x86 /x64 /ia64 /parameterfolder Extended /q /norestart"
  145.         }
  146.         $checkclient = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe"
  147.         if ($checkclient) {
  148.                 write-host ".Net 4.0 Client Profile detected." -ForegroundColor Green
  149.                 add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstall /x86 /x64 /parameterfolder Client /q"
  150.         }
  151.         if ($checkextended -or $checkclient) {
  152.         write-host "Uninstalling .Net 4.0. The server will reboot when finished." -ForegroundColor Green
  153.         & $downloadlocation\uninstall.net4.0.bat }
  154. }
  155. # install windows updates
  156. $intAnswer = $a.popup("Do you want to download and install Windows updates?",0,"Install Windows Updates?",4)
  157. If ($intAnswer -eq 6) {
  158.         #setup windows updates
  159.         $WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
  160.         $WUSettings.NotificationLevel=1
  161.         $WUSettings.save()
  162.         #***********************************************************************
  163.         # "Install-WindowsUpdates.ps1"
  164.         # http://irl33t.com/blog/2010/03/install-windowsupdates-ps1
  165.         # Re-posted by Aaron Wurthmann (aaron <at> wurthmann <dot> com)
  166.         #
  167.         # If you edit please keep my name as an author and
  168.         # keep me apprised of the changes, see email address above.
  169.         # This code may not be used for commercial purposes.
  170.         # You the executor,runner,user accept all liability.
  171.         # This code comes with ABSOLUTELY NO WARRANTY.
  172.         # You may redistribute copies of the code under the terms of the GPL v2.
  173.         # -----------------------------------------------------------------------
  174.         # 2010.03.01 ver 1.1
  175.         #
  176.         # Summary:
  177.         # Gets and installed Windows Updates
  178.         #
  179.         # Background:
  180.         # A friend of mine posted this code into a chat Window one day to aid me
  181.         # with a project I was working on. Converting my batch scripts to PowerShell
  182.         # He couldn't remember where he got the code from so as a result I can't give
  183.         # the original author the credit they deserve. I made some very minor edits
  184.         # in order to change the code/script to what I use it for. Mainly a module
  185.         # to my Windows Logon Script.
  186.         #************************************************************************
  187.         #clear-host
  188.         Write-host "Starting Update Process..." -foregroundcolor blue
  189.         Write-host ""
  190.         $UpdateSession = New-Object -com Microsoft.Update.Session
  191.         $UpdateSearcher = $UpdateSession.CreateupdateSearcher()
  192.         $SearchResult =  $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
  193.         $UpdateLowNumber = 0
  194.         $UpdateHighNumber = 1
  195.         $NumberofUpdates = $searchResult.Updates.Count
  196.         while ($UpdateHighNumber -le $NumberofUpdates) {
  197.         $UpdatesToDownload = New-Object -com Microsoft.Update.UpdateColl
  198.         $Update = $searchResult.Updates.Item($UpdateLowNumber)
  199.         if ($Update.EulaAccepted -eq 0) {$Update.AcceptEula()}
  200.         [void]$UpdatesToDownload.Add($Update)
  201.         $Downloader = $UpdateSession.CreateUpdateDownloader()
  202.         $Downloader.Updates = $UpdatesToDownload
  203.         [void]$Downloader.Download()
  204.         $UpdatesToInstall = New-Object -com Microsoft.Update.UpdateColl
  205.         [void]$UpdatesToInstall.Add($Update)
  206.         $Title = $update.Title
  207.         $KBArticleIDs = $update.KBArticleIDs
  208.         $SecurityBulletinIDs = $update.SecurityBulletinIDs
  209.         $MsrcSeverity = $update.MsrcSeverity
  210.         $LastDeploymentChangeTime = $update.LastDeploymentChangeTime
  211.         $MoreInfoUrls = $update.MoreInfoUrls
  212.         Write-host "Installing Update $UpdateHighNumber of $NumberofUpdates"
  213.         Write-host "Title: $Title"
  214.         if ($KBArticleIDs -ne "") {Write-host "KBID: $KBArticleIDs"}
  215.         if ($SecurityBulletinIDs -ne "") {write-host "Security Bulletin: $SecurityBulletinIDs"}
  216.         if ($MsrcSeverity -eq "Critical") {Write-host "Rating: $MsrcSeverity" -foregroundcolor red} else {Write-host "Rating: $MsrcSeverity"}
  217.         if ($LastDeploymentChangeTime -ne "") {Write-host "Dated: $LastDeploymentChangeTime"}
  218.         if ($MoreInfoUrls -ne "") {Write-host "$MoreInfoUrls"}
  219.         $Installer = $UpdateSession.CreateUpdateInstaller()
  220.         $Installer.Updates = $UpdatesToInstall
  221.         $InstallationResult = $Installer.Install()
  222.         Write-host "--------------------------------------------"
  223.         if ($InstallationResult.ResultCode -eq "2") {Write-host "  Installation Succeeded" -foregroundcolor green}  else {Write-host "  INSTALLATION FAILED, check event log for details" -foregroundcolor red}
  224.         if ($InstallationResult.RebootRequired -eq "False") {Write-host "  Reboot not required" -foregroundcolor green} else {Write-host "  REBOOT REQUIRED" -foregroundcolor red}
  225.         Write-host "--------------------------------------------"
  226.         Write-host ""
  227.         Write-host ""
  228.         $Title = ""
  229.         $KBArticleIDs =  ""
  230.         $SecurityBulletinIDs =  ""
  231.         $MsrcSeverity =  ""
  232.         $LastDeploymentChangeTime =  ""
  233.         $MoreInfoUrls =  ""
  234.         $UpdateLowNumber = $UpdateLowNumber + 1
  235.         $UpdateHighNumber = $UpdateHighNumber + 1
  236.         if ($ProgressValue -lt $NumberofUpdates) {$ProgressValue = $ProgressValue + 1}
  237.         }
  238.         $ComputerStatus = New-Object -com Microsoft.Update.SystemInfo
  239.         if ($ComputerStatus.RebootRequired -eq 1) {
  240.                 $intAnswer = $a.popup("A reboot is needed.  Reboot now?",0,"Reboot?",4)
  241.                 If ($intAnswer -eq 6) {Restart-Computer}
  242.         }
  243. }
RAW Paste Data
Top