164 lines
9.0 KiB
PowerShell
164 lines
9.0 KiB
PowerShell
Start-Job -Name "Install and Configure Chocolatey" -ScriptBlock {
|
||
Write-Host "Installing Chocolatey"
|
||
# Setting up directories for values
|
||
Set-ExecutionPolicy Bypass -Scope Process -Force
|
||
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
|
||
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
|
||
choco feature enable -n=allowGlobalConfirmation
|
||
choco feature enable -n=useFipsCompliantChecksums
|
||
choco feature enable -n=useEnhancedExitCodes
|
||
choco config set commandExecutionTimeoutSeconds 14400
|
||
choco config set --name="'cacheLocation'" --value="'C:\temp\chococache'"
|
||
choco config set --name="'proxyBypassOnLocal'" --value="'true'"
|
||
choco upgrade all
|
||
refreshenv
|
||
Start-Job -Name "Installing Windows Updates" -ScriptBlock {
|
||
Write-Host "Install Latest Windows Updates"
|
||
choco install pswindowsupdate
|
||
Set-Executionpolicy -ExecutionPolicy RemoteSigned -Force
|
||
Import-Module PSWindowsUpdate -Force
|
||
Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false
|
||
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install
|
||
Get-WuInstall -AcceptAll -IgnoreReboot -IgnoreUserInput -nottitle 'preview'
|
||
Get-WindowsUpdate –Install
|
||
}
|
||
}
|
||
|
||
Start-Job -Name "Installing Browsers" -Scriptblock {
|
||
Write-Host "Installing Browsers"
|
||
choco install googlechrome firefox microsoft-edge
|
||
}
|
||
|
||
Start-Job -Name "Installing Administrative, Networking, and Security Tools " -Scriptblock {
|
||
Write-Host "Installing Administration Tools"
|
||
choco install driverbooster
|
||
|
||
Write-Host "Installing Logging Tools"
|
||
choco install sysmon
|
||
|
||
Write-Host "Installing Terminals"
|
||
choco install powershell4 powershell powershellhere-elevated powershell.portable microsoft-windows-terminal
|
||
}
|
||
|
||
Start-Job -Name "Installing Dev Tools" -Scriptblock {
|
||
Write-Host "Installing Java"
|
||
choco install jre8 openjdk openjdk.portable
|
||
}
|
||
|
||
Start-Job -Name "Installing Other Tools and Software" -Scriptblock {
|
||
Write-host "Installing PatchMyPCHome"
|
||
choco install patch-my-pc --ignore-checksum
|
||
|
||
Write-host "Installing Media Software"
|
||
choco install vlc
|
||
|
||
Write-Host "Installing Document Readers and Editors"
|
||
choco install adobereader onlyoffice joplin
|
||
|
||
Write-Host "Installing Misc."
|
||
choco install 7zip.install
|
||
}
|
||
|
||
Start-Job -Name "Customizations" -ScriptBlock {
|
||
|
||
Write-Host "Configuring Windows - Optimizations, Debloating,"
|
||
New-Item "C:\" -Name "temp" -ItemType "directory" -Force
|
||
iwr -useb 'https://simeononsecurity.ch/scripts/windowsoptimizeandharden.ps1' | iex
|
||
Start-Job -Name "System Wide Ad and Tracker Blocking" -ScriptBlock {
|
||
iwr -useb 'https://simeononsecurity.ch/scripts/soswindowsadblocker.ps1' | iex
|
||
}
|
||
#Start-Job -Name "SoS Branding" -ScriptBlock {
|
||
# iwr -useb 'https://simeononsecurity.ch/scripts/sosbranding.ps1' | iex
|
||
#}
|
||
Start-Job -Name "SoS Sysmon" -ScriptBlock {
|
||
iwr -useb 'https://simeononsecurity.ch/scripts/sosautomatesysmon.ps1'|iex
|
||
}
|
||
|
||
|
||
#Set Screen Timeout to 15 Minutes
|
||
powercfg -change -monitor-timeout-ac 15
|
||
|
||
Write-Host "Enable Darkmode"
|
||
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Force | Out-Null
|
||
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name AppsUseLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name SystemUsesLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name ColorPrevalence -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name EnableTransparency -Type "DWORD" -Value "00000001" -Force | Out-Null
|
||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name AppsUseLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name SystemUsesLightTheme -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name ColorPrevalence -Type "DWORD" -Value "00000000" -Force | Out-Null
|
||
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name EnableTransparency -Type "DWORD" -Value "00000001" -Force | Out-Null
|
||
|
||
Write-Host "Setting OEM Information"
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name Manufacturer -Type String -Value "SimeonOnSecurity" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name Model -Type String -Value "Super Secure Super Optimized PC" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportHours -Type String -Value "0800-1800 Central" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportPhone -Type String -Value "1-800-555-1234" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name SupportURL -Type String -Value "https://simeononsecurity.ch" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name HelpCustomized -Type DWORD -Value "0" -Force
|
||
|
||
Write-Host "Setting Registered Information"
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name RegisteredOwner -Type String -Value "SimeonOnSecurity" -Force
|
||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name RegisteredOrganization -Type String -Value "SimeonOnSecurity" -Force
|
||
|
||
#Clear Start Menu
|
||
#https://github.com/builtbybel/privatezilla/blob/master/scripts/Unpin%20Startmenu%20Tiles.ps1
|
||
$START_MENU_LAYOUT = @"
|
||
<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
|
||
<LayoutOptions StartTileGroupCellWidth="6" />
|
||
<DefaultLayoutOverride>
|
||
<StartLayoutCollection>
|
||
<defaultlayout:StartLayout GroupCellWidth="6" />
|
||
</StartLayoutCollection>
|
||
</DefaultLayoutOverride>
|
||
</LayoutModificationTemplate>
|
||
"@
|
||
$layoutFile = "C:\Windows\StartMenuLayout.xml"
|
||
|
||
#Delete layout file if it already exists
|
||
If (Test-Path $layoutFile) {
|
||
Remove-Item $layoutFile
|
||
}
|
||
#Creates the blank layout file
|
||
$START_MENU_LAYOUT | Out-File $layoutFile -Encoding ASCII
|
||
$regAliases = @("HKLM", "HKCU")
|
||
#Assign the start layout and force it to apply with "LockedStartLayout" at both the machine and user level
|
||
foreach ($regAlias in $regAliases) {
|
||
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
|
||
$keyPath = $basePath + "\Explorer"
|
||
IF (!(Test-Path -Path $keyPath)) {
|
||
New-Item -Path $basePath -Name "Explorer"
|
||
}
|
||
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 1
|
||
Set-ItemProperty -Path $keyPath -Name "StartLayoutFile" -Value $layoutFile
|
||
}
|
||
#Restart Explorer, open the start menu (necessary to load the new layout), and give it a few seconds to process
|
||
Stop-Process -Force -name explorer
|
||
Start-Sleep -s 5
|
||
$wshell = New-Object -ComObject wscript.shell; $wshell.SendKeys('^{ESCAPE}')
|
||
Start-Sleep -s 5
|
||
#Enable the ability to pin items again by disabling "LockedStartLayout"
|
||
foreach ($regAlias in $regAliases) {
|
||
$basePath = $regAlias + ":\SOFTWARE\Policies\Microsoft\Windows"
|
||
$keyPath = $basePath + "\Explorer"
|
||
Set-ItemProperty -Path $keyPath -Name "LockedStartLayout" -Value 0
|
||
}
|
||
#Restart Explorer and delete the layout file
|
||
Stop-Process -Force -name explorer
|
||
#Uncomment the next line to make clean start menu default for all new users
|
||
Import-StartLayout -LayoutPath $layoutFile -MountPath $env:SystemDrive\
|
||
Remove-Item $layoutFile
|
||
|
||
Write-Host "Disabling Action Center..."
|
||
If (!(Test-Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer")) {
|
||
New-Item -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" | Out-Null
|
||
}
|
||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1
|
||
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0
|
||
|
||
#Auto Update Choco Packages
|
||
$Sta = New-ScheduledTaskAction -Execute "powershell -Command 'choco upgrade all'"
|
||
$Stset = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -RunOnlyIfIdle -IdleDuration 00:02:00 -IdleWaitTimeout 02:30:00 -ExecutionTimeLimit (New-TimeSpan -Hours 1) -DontStopOnIdleEnd -WakeToRun
|
||
Register-ScheduledTask Task02 -Action $Sta -Settings $Stset
|
||
}
|