Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- param([String]$downloadlocation="C:\installers")
- #set-executionpolicy remotesigned -force
- clear-host
- for ($i = 1; $i -lt 9; $i++) {Write-Host}
- #########################################################################
- # Stuart Weenig (stuart <at> weenig <dot> com)
- # "w2k8prep.ps1"
- # http://stuart.weenig.com/2013/02/w2k8prep.html
- #
- # v1.7 - 6/20/2013 - started implementing version numbers. This version
- # prompts for each function allowing the script to be reran without
- # executing each part again.
- #
- # v1.8 - 11/11/2013 - Added ability to disable IPv6 and configure SNMP
- # with default parameters (public community string and access from any
- # host.
- #
- # v1.9 - planned - need to implement logging and config file generation
- #
- # If you edit this script please keep my name as an author and
- # keep me apprised of the changes, see email address above.
- #
- # This content has not necessarily been checked, tested, or approved by
- # CA Technologies (or anyone else). Stuart Weenig SHALL NOT BE LIABLE TO
- # ANY READER OF THIS BLOG OR THIRD PARTY FOR DIRECT, CONSEQUENTIAL,
- # INCIDENTAL, INDIRECT AND/OR SPECIAL DAMAGES FOR ANY CLAIMS ARISING FROM
- # OR IN ANY WAY CONNECTED WITH YOUR DECISION TO ACCESS OR USE ANY SUCH
- # FILES, EVEN IF THE POSSIBILITY OF SUCH DAMAGES IS, OR SHOULD HAVE BEEN,
- # KNOWN. THESE FILE(S) ARE PROVIDED AS IS WITHOUT ANY warranty or
- # representation of any kind express or implied including without
- # limitation any implied warranty of merchantability/satisfactory
- # quality, fitness for a particular purpose or non-infringment. Your
- # usage of this file any such Files found at stuart.weenig.com is at your
- # own risk. You are solely responsible for testing such Files prior to
- # implementing them in either a test or production environment. I
- # encourage you to check for any documentation (if provided) by looking
- # in the blog posts or comments for additional information (if
- # available). It is recommended to deploy/implement in a test or QA
- # environment before implementing in a production environment. Such Files
- # are not covered by Stuart Weenig's Support Policy and Terms. Stuart
- # Weenig will not under any circumstances support them.
- #########################################################################
- #Disable IE ESC
- $a = new-object -comobject wscript.shell
- $intAnswer = $a.popup("Do you want to disable Internet Explorer Enhanced Security Configuration?",0,"Disable IE ESC?",4)
- If ($intAnswer -eq 6) {
- $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
- $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
- Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
- Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
- Stop-Process -Name Explorer
- Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
- }
- #disable UAC
- $intAnswer = $a.popup("Do you want to disable User Account Control?",0,"Disable UAC?",4)
- If ($intAnswer -eq 6) {
- Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
- Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green
- }
- #Disable DEP
- $intAnswer = $a.popup("Do you want to disable Data Execution Prevention?",0,"Disable DEP?",4)
- If ($intAnswer -eq 6) {
- bcdedit /set nx OptIn
- Write-Host "DEP has been enabled only for Windows services and features." -ForegroundColor Green
- }
- #Disable Firewall
- $intAnswer = $a.popup("Do you want to disable the Windows firewall?",0,"Disable firewall?",4)
- If ($intAnswer -eq 6) {
- netsh advfirewall set allprofiles state off
- Write-Host "Firewall has been disabled." -ForegroundColor Green
- }
- #Download flash installer
- $intAnswer = $a.popup("Do you want to download the Flash installer?",0,"Download Flash?",4)
- If ($intAnswer -eq 6) {
- $check = test-path $downloadlocation -pathType container
- if($check -eq $FALSE) {
- new-item $downloadlocation -type directory
- write-host "Download location doesn't exist, creating..." -ForegroundColor Green
- }
- $source = "http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_10_active_x.exe"
- $destination = "$downloadlocation\install_flash_player_10_active_x.exe"
- $wc = New-Object System.Net.WebClient
- $wc.DownloadFile($source, $destination)
- write-host "The Flash installer has been downloaded to $downloadlocation." -ForegroundColor Green
- }
- #Download java installer
- $intAnswer = $a.popup("Do you want to download the Java installer?",0,"Download Java?",4)
- If ($intAnswer -eq 6) {
- $check = test-path $downloadlocation -pathType container
- if($check -eq $FALSE) {
- new-item $downloadlocation -type directory
- write-host "Download location doesn't exist, creating..." -ForegroundColor Green
- }
- $source = "http://javadl.sun.com/webapps/download/AutoDL?BundleId=68736"
- $destination = "$downloadlocation\jre-7u7-windows-x64.exe"
- $wc = New-Object System.Net.WebClient
- $wc.DownloadFile($source, $destination)
- write-host "The Java installer has been downloaded to $downloadlocation." -ForegroundColor Green
- }
- #Install Missing Roles/Features
- $intAnswer = $a.popup("Do you want to install missing roles and features?",0,"Install Missing Roles?",4)
- If ($intAnswer -eq 6) {
- write-host "Installing missing roles and features..." -ForegroundColor Green
- import-module servermanager
- add-windowsfeature web-server,web-asp-net,web-asp,web-metabase,application-server,as-ent-services,snmp-service -Restart
- }
- # Enable RDP Connections
- $intAnswer = $a.popup("Do you want to enable RDP connections?",0,"Enable RDP?",4)
- If ($intAnswer -eq 6) {
- $RDP = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer localhost -Authentication 6 -ErrorAction Stop
- $result = $RDP.SetAllowTsConnections(1,1)
- if($result.ReturnValue -eq 0) {Write-Host "Enabled RDP Successfully" -ForegroundColor Green} else {Write-Host "Failed to enabled RDP" -ForegroundColor Green}
- }
- # Disable IPv6
- $intAnswer = $a.popup("Do you want to disable IPv6?",0,"Disable IPv6?",4)
- If ($intAnswer -eq 6) {
- New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0xffffffff -PropertyType "DWord"
- Write-Host "IPv6 Disabled. The server must be rebooted for the changes to take effect." -ForegroundColor Green
- }
- # Configure SNMP
- $intAnswer = $a.popup("Do you want to configure 'public' as the default SNMP community string and allow SNMP requests from any IP address?",0,"Configure Community String?",4)
- If ($intAnswer -eq 6) {
- New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -Name "public" -Value "4" -PropertyType "DWord"
- Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -Name 1
- Write-Host "Community string configured." -ForegroundColor Green
- }
- # uninstall .net 4.0 (if present)
- $intAnswer = $a.popup("Do you want to try to uninstall .Net 4.0?",0,"Uninstall .Net 4.0?",4)
- If ($intAnswer -eq 6) {
- $netuninstaller = "$downloadlocation\uninstall.net4.0.bat"
- new-item $netuninstaller -type file -force
- $ospath = $env:systemroot
- $checkextended = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe"
- if ($checkextended) {
- write-host ".Net 4.0 Extended Profile detected." -ForegroundColor Green
- add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstall /x86 /x64 /ia64 /parameterfolder Extended /q /norestart"
- }
- $checkclient = test-path "$ospath\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe"
- if ($checkclient) {
- write-host ".Net 4.0 Client Profile detected." -ForegroundColor Green
- add-content $netuninstaller "`n%windir%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstall /x86 /x64 /parameterfolder Client /q"
- }
- if ($checkextended -or $checkclient) {
- write-host "Uninstalling .Net 4.0. The server will reboot when finished." -ForegroundColor Green
- & $downloadlocation\uninstall.net4.0.bat }
- }
- # install windows updates
- $intAnswer = $a.popup("Do you want to download and install Windows updates?",0,"Install Windows Updates?",4)
- If ($intAnswer -eq 6) {
- #setup windows updates
- $WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
- $WUSettings.NotificationLevel=1
- $WUSettings.save()
- #***********************************************************************
- # "Install-WindowsUpdates.ps1"
- # http://irl33t.com/blog/2010/03/install-windowsupdates-ps1
- # Re-posted by Aaron Wurthmann (aaron <at> wurthmann <dot> com)
- #
- # If you edit please keep my name as an author and
- # keep me apprised of the changes, see email address above.
- # This code may not be used for commercial purposes.
- # You the executor,runner,user accept all liability.
- # This code comes with ABSOLUTELY NO WARRANTY.
- # You may redistribute copies of the code under the terms of the GPL v2.
- # -----------------------------------------------------------------------
- # 2010.03.01 ver 1.1
- #
- # Summary:
- # Gets and installed Windows Updates
- #
- # Background:
- # A friend of mine posted this code into a chat Window one day to aid me
- # with a project I was working on. Converting my batch scripts to PowerShell
- # He couldn't remember where he got the code from so as a result I can't give
- # the original author the credit they deserve. I made some very minor edits
- # in order to change the code/script to what I use it for. Mainly a module
- # to my Windows Logon Script.
- #************************************************************************
- #clear-host
- Write-host "Starting Update Process..." -foregroundcolor blue
- Write-host ""
- $UpdateSession = New-Object -com Microsoft.Update.Session
- $UpdateSearcher = $UpdateSession.CreateupdateSearcher()
- $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
- $UpdateLowNumber = 0
- $UpdateHighNumber = 1
- $NumberofUpdates = $searchResult.Updates.Count
- while ($UpdateHighNumber -le $NumberofUpdates) {
- $UpdatesToDownload = New-Object -com Microsoft.Update.UpdateColl
- $Update = $searchResult.Updates.Item($UpdateLowNumber)
- if ($Update.EulaAccepted -eq 0) {$Update.AcceptEula()}
- [void]$UpdatesToDownload.Add($Update)
- $Downloader = $UpdateSession.CreateUpdateDownloader()
- $Downloader.Updates = $UpdatesToDownload
- [void]$Downloader.Download()
- $UpdatesToInstall = New-Object -com Microsoft.Update.UpdateColl
- [void]$UpdatesToInstall.Add($Update)
- $Title = $update.Title
- $KBArticleIDs = $update.KBArticleIDs
- $SecurityBulletinIDs = $update.SecurityBulletinIDs
- $MsrcSeverity = $update.MsrcSeverity
- $LastDeploymentChangeTime = $update.LastDeploymentChangeTime
- $MoreInfoUrls = $update.MoreInfoUrls
- Write-host "Installing Update $UpdateHighNumber of $NumberofUpdates"
- Write-host "Title: $Title"
- if ($KBArticleIDs -ne "") {Write-host "KBID: $KBArticleIDs"}
- if ($SecurityBulletinIDs -ne "") {write-host "Security Bulletin: $SecurityBulletinIDs"}
- if ($MsrcSeverity -eq "Critical") {Write-host "Rating: $MsrcSeverity" -foregroundcolor red} else {Write-host "Rating: $MsrcSeverity"}
- if ($LastDeploymentChangeTime -ne "") {Write-host "Dated: $LastDeploymentChangeTime"}
- if ($MoreInfoUrls -ne "") {Write-host "$MoreInfoUrls"}
- $Installer = $UpdateSession.CreateUpdateInstaller()
- $Installer.Updates = $UpdatesToInstall
- $InstallationResult = $Installer.Install()
- Write-host "--------------------------------------------"
- if ($InstallationResult.ResultCode -eq "2") {Write-host " Installation Succeeded" -foregroundcolor green} else {Write-host " INSTALLATION FAILED, check event log for details" -foregroundcolor red}
- if ($InstallationResult.RebootRequired -eq "False") {Write-host " Reboot not required" -foregroundcolor green} else {Write-host " REBOOT REQUIRED" -foregroundcolor red}
- Write-host "--------------------------------------------"
- Write-host ""
- Write-host ""
- $Title = ""
- $KBArticleIDs = ""
- $SecurityBulletinIDs = ""
- $MsrcSeverity = ""
- $LastDeploymentChangeTime = ""
- $MoreInfoUrls = ""
- $UpdateLowNumber = $UpdateLowNumber + 1
- $UpdateHighNumber = $UpdateHighNumber + 1
- if ($ProgressValue -lt $NumberofUpdates) {$ProgressValue = $ProgressValue + 1}
- }
- $ComputerStatus = New-Object -com Microsoft.Update.SystemInfo
- if ($ComputerStatus.RebootRequired -eq 1) {
- $intAnswer = $a.popup("A reboot is needed. Reboot now?",0,"Reboot?",4)
- If ($intAnswer -eq 6) {Restart-Computer}
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement