Jan/setup-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug fix

Browse Source
This commit is contained in:
simeononsecurity
2021-08-23 21:21:28 -05:00
parent bc0277f134
commit 2801d96954
1 changed files with 105 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
windows10.ps1
View File

@ -33,10 +33,10 @@ Start-Job -Name "Installing Optional Windows Features" -ScriptBlock {
}
#https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1
Install-PackageProvider -Name "NuGet -Force
Install-PackageProvider -Name "NuGet" -Force
#https://github.com/PowerShell/PowerShellGetv2/issues/303
Set-PSRepository -Name "PSGallery -InstallationPolicy Trusted
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
Install-PackageProvider -Name "PowerShellGet" -Force -Scope CurrentUser
#https://github.com/PowerShell/PowerShellGetv2/issues/295
@ -61,7 +61,7 @@ Start-Job -Name "Installing Software" -Scriptblock {
$chocopackages = @("googlechrome", "firefox", "chromium", "microsoft-edge", "tor-Browser", "putty", "winscp.install", "teamviewer", "anydesk.install", "sysinternals", "driverbooster", "sdio", "etcher", "rufus.install", "veracrypt", "windirstat", "mysql.workbench", "rsat", "sql-server-management-studio", "laps", "wumt", "openvpn", "wireguard", "wireshark", "nmap", "winbox", "tor", "cheatengine", "sleuthkit", "hxd", "ida-free", "ghidra", "ossec-client", "burp-suite-free-edition", "zap", "openstego", "accessenum", "accesschk", "sysmon", "powershell4", "powershell", "powershellhere-elevated", "powershell.portable", "microsoft-windows-terminal", "carbon", "jre8", "openjdk", "openjdk.portable", "hugo", "hugo-extended", "nodejs", "vscode", "vscodium", "vscode-ansible", "vscode-python", "chocolatey-vscode", "vscode-prettier", "vscode-java", "vscode-yaml", "vscode-haskell", "vscode-mongo", "vscode-beautify", "vscode-intellicode", "vscode-pull-request-github", "vscode-kubernetes-tools", "vscode-autofilename", "vscode-codespellchecker", "vscode-icons", "vscode-csharp", "dsc.powershellcommunity", "notepadplusplus.install", "python", "pip", "github-desktop", "gh", "git.install", "git-lfx", "gnupg", "gpg4win", "openssh", "wsl", "wsl2", "adb", "universal-adb-drivers", "windows-adk-all", "dotnetfx", "vcredist-all", "microsoft-visual-cpp-build-tools", "patch-my-pc", "rocketchat", "discord", "pidgin", "signal", "steam", "obs-studio", "obs-ndi", "vlc", "gimp", "k-litecodecpackfull", "audacity", "audacity-lame", "screentogif", "adobereader", "installroot", "7zip.install", "curl", "autohotkey", "teracopy", "cpu-z.install", "eraser", "openstego")
$PSversion = $PSVersionTable.PSVersion.Major
If ($PSversion -ge "7"){
If ($PSversion -ge "7") {
Write-Output $chocopackages | ForEach-Object -Parallel {
Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black
Try {
@ -71,7 +71,8 @@ Start-Job -Name "Installing Software" -Scriptblock {
Write-Host "Failed to install $_" -ForegroundColor Red -BackgroundColor Black
}
}
} Else {
}
Else {
Write-Output $chocopackages | ForEach-Object {
Write-Host "Installing $_" -ForegroundColor White -BackgroundColor Black
Try {
@ -84,7 +85,7 @@ Start-Job -Name "Installing Software" -Scriptblock {
}
#Packages that down't work while installing others
Choco install vmwareworkstation vmware-horizon-client vmware-powercli-psmodule vmrc --ignore-checksums --force| Out-Null
Choco install vmwareworkstation vmware-horizon-client vmware-powercli-psmodule vmrc --ignore-checksums --force | Out-Null
<# Optional Packages
@ -242,54 +243,6 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening"
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "ColorPrevalence" -Type "DWORD" -Value "00000000" -Force
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "EnableTransparency" -Type "DWORD" -Value "00000001" -Force
#Clear Start Menu
#https://github.com/builtbybel/privatezilla/blob/master/scripts/Unpin%20Startmenu%20Tiles.ps1
$START_MENU_LAYOUT = @"
<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6" />
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
"@
$layoutFile = "C:\Windows\StartMenuLayout.xml"
#Delete layout file if it already exists
If (Test-Path $layoutFile) {
Remove-Item $layoutFile
}
#Creates the blank layout file
$START_MENU_LAYOUT | Out-File $layoutFile -Encoding ASCII
$regAliases = @("HKLM", "HKCU")
#Assign the start layout and force it to apply with "LockedStartLayout" at both the machine and user level
foreach ($regAlias in $regAliases) {
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
$keyPath = $basePath + "\Explorer"
IF (!(Test-Path -Path $keyPath)) {
New-Item -Path $basePath -Name "Explorer"
}
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 1
Set-ItemProperty -Path $keyPath -Name "StartLayoutFile" -Value $layoutFile
}
#Restart Explorer, open the start menu (necessary to load the new layout), and give it a few seconds to process
Stop-Process -Force -name explorer
Start-Sleep -s 5
$wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('^{ESCAPE}')
Start-Sleep -s 5
#Enable the ability to pin items again by disabling "LockedStartLayout"
foreach ($regAlias in $regAliases) {
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
$keyPath = $basePath + "\Explorer"
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 0
}
#Restart Explorer and delete the layout file
Stop-Process -Force -name explorer
#Uncomment the next line to make clean start menu default for all new users
Import-StartLayout -LayoutPath $layoutFile -MountPath $env:SystemDrive\
Remove-Item $layoutFile
#https://notes.ponderworthy.com/fsutil-tweaks-for-ntfs-performance-and-reliability
fsutil behavior set memoryusage 2
#fsutil behavior set disablelastaccess 1
@ -460,32 +413,4 @@ Start-Job -Name "Configuring Windows - Optimizations, Debloating, and Hardening"
#Enable Sandboxing for Windows Defender
setx /M MP_FORCE_USE_SANDBOX 1
# Dismiss Microsoft Defender offer in the Windows Security about signing in Microsoft account
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows Security Health\State" -Name "AccountProtection_MicrosoftAccount_Disconnected" -PropertyType "DWORD" -Value "1" -Force
#Enable PowerShell Module Logging
if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -Force
}
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -Name "EnableModuleLogging" -PropertyType "DWORD" -Value "1" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -Name "*" -PropertyType "String" -Value "*" -Force
#Enable Windows Sandbox
if (Get-WindowsEdition -Online | Where-Object -FilterScript { $_.Edition -eq "Professional" -or $_.Edition -like "Enterprise*" }) {
# Checking whether x86 virtualization is enabled in the firmware
if ((Get-CimInstance -ClassName CIM_Processor).VirtualizationFirmwareEnabled -eq $true) {
Enable-WindowsOptionalFeature -FeatureName Containers-DisposableClientVM -All -Online -NoRestart
}
else {
try {
# Determining whether Hyper-V is enabled
if ((Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent -eq $true) {
Enable-WindowsOptionalFeature -FeatureName Containers-DisposableClientVM -All -Online -NoRestart
}
}
catch [System.Exception] {
Write-Error -Message $Localization.EnableHardwareVT -ErrorAction SilentlyContinue
}
}
}
}
}