JaapsTools

17.14

Scripts/WSUS.ps1

                                
$Adapter = Get-NetAdapter

New-NetIPAddress -IPAddress 172.16.70.6 -PrefixLength 24 -DefaultGateway 172.16.70.1 -InterfaceIndex $Adapter.ifIndex | Format-Table

Set-DnsClientServerAddress -Addresses 172.16.70.1, 10.240.55.10 -InterfaceIndex $Adapter.ifIndex | Format-Table

$PasswordString = Read-Host -AsSecureString -Prompt "Enter Password"

$AccountName = "Jaap"

$Param = @{

    Password                 = $PasswordString

    PasswordNeverExpires     = $true

    UserMayNotChangePassword = $false

    AccountNeverExpires      = $true

    Name                     = $AccountName

}

New-LocalUser @Param

Add-LocalGroupMember -Group Administrators -Member $AccountName

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

cd\

if (!(Test-Path $profile)) {

    $ProfileContents = 'cd\

    # Chocolatey profile

    $ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"

    if (Test-Path($ChocolateyProfile)) {

      Import-Module "$ChocolateyProfile"

    }

    '

    New-Item (Split-Path $PROFILE) -Type Directory -ErrorAction 0

    New-Item $PROFILE -Type file -Value $ProfileContents -ErrorAction 0

}

UserAccountControlSettings.exe

#System settings

Set-ExecutionPolicy RemoteSigned -Force

# Disable Autoplay

Write-Host "Disabling Autoplay..."

Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1

# Disable Autorun for all drives

Write-Host "Disabling Autorun for all drives..."

If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) {

    New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null

}

Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255

# Disable Sticky keys prompt

Write-Host "Disabling Sticky keys prompt..."

Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506"

# Unpin Store from Taskbar

if ((Test-Path -LiteralPath "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer") -ne $true) {

    New-Item "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Force -ea SilentlyContinue

};

New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -Name 'NoPinningStoreToTaskbar' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;

# Powershell

Install-PackageProvider -Name NuGet -Force

Set-PSRepository -Name PSGallery -InstallationPolicy Trusted

Install-Module packagemanagement -Force

# UI customisation

# Hide Search button / box

Write-Host "Hiding Search Box / Button..."

Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0

# Taskbar combining

New-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarGlomLevel -PropertyType DWORD -Value 2 -Force

# Tray icons

New-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name EnableAutoTray -PropertyType DWORD -Value 0 -Force

# Explorer settings

Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name Hidden -Value 1

Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name HideFileExt -Value 0

Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name LaunchTo -Value 1

New-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Value "0" -PropertyType DWORD -Force

New-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Value "0" -PropertyType DWORD -Force

New-ItemProperty -Path HKCU:Software\Microsoft\ServerManager -Name DoNotOpenServerManagerAtLogon -PropertyType DWORD -Value "0x1" -Force

Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0

if ((Test-Path -LiteralPath "HKCU:\Control Panel\Desktop") -ne $true) {

    New-Item "HKCU:\Control Panel\Desktop" -Force -ea SilentlyContinue

};

if ((Test-Path -LiteralPath "HKCU:\Control Panel\Colors") -ne $true) {

    New-Item "HKCU:\Control Panel\Colors" -Force -ea SilentlyContinue

};

New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Desktop' -Name 'WallPaper' -Value '' -PropertyType String -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Colors' -Name 'Background' -Value '20 20 20' -PropertyType String -Force -ea SilentlyContinue;

# Chocolatey

# Set-ExecutionPolicy Bypass -Scope Process -Force

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072

Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

choco feature enable -n allowGlobalConfirmation

# Install

# choco install microsoft-edge

choco install 7zip

choco install notepadplusplus.install

choco install treesizefree

# 7-zip settings

if ((Test-Path -LiteralPath "HKCU:\SOFTWARE\7-Zip\Options") -ne $true) {

    New-Item "HKCU:\SOFTWARE\7-Zip\Options" -Force -ea SilentlyContinue

};

New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'CascadedMenu' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'ContextMenu' -Value 4391 -PropertyType DWord -Force -ea SilentlyContinue;

New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'MenuIcons' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

Set-Location C:\windows\system32

cscript .\slmgr.vbs /ipk X3BQ9-4NPMT-J6KX7-JYVJJ-JFJVQ

cscript .\slmgr.vbs /ato

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

###########################################################################################################################

Install-WindowsFeature UpdateServices-WidDB, UpdateServices-Services -IncludeAllSubFeature -IncludeManagementTools -Restart

Get-Command -Module UpdateServices

(Get-WsusServer).GetStatus()

# Add WSUS Products

$WsusProducts = @()

$WsusProducts += "Windows 10"

$WsusProducts += "Windows 11"

$WsusProducts += "Microsoft Edge"

$WsusProducts += "Microsoft Defender"

foreach ($wp in $WsusProducts) {

    Get-WsusProduct -TitleIncludes $wp | Set-WsusProduct

}

# Deselect WSUS Products

$WsusProducts = @()

$WsusProducts += "Language"

foreach ($wp in $WsusProducts) {

    Get-WsusProduct -TitleIncludes $wp | Set-WsusProduct -Disable

}

# Select WSUS classifications

$DoNotSelectThisClassification = @()

$DoNotSelectThisClassification += "Driver Sets"

$DoNotSelectThisClassification += "Stuurprogramma"

$DoNotSelectThisClassification += "Hulpmiddelen"

$DoNotSelectThisClassification += "Upgrades"

Get-WsusClassification | Where-Object { $_.Classification.Title -notin $DoNotSelectThisClassification } | Set-WsusClassification

Get-WsusClassification | Where-Object { $_.Classification.Title -in $DoNotSelectThisClassification } | Set-WsusClassification -Disable

# Approve updates

Get-WsusUpdate -Classification Critical | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers"

Get-WsusUpdate -Classification Security | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers"

$WsusUpdate = Get-WsusUpdate -Approval Unapproved

$WsusUpdate.update | Sort-Object Title | Select-Object Title

# Deny

$Title = @()

$Title += "Language"

$Title += "taalpakket"

$Title += "taalinterfacepakket"

$Title += "Lang Pack"

$WsusUpdate | Where-Object Classification -EQ "Upgrades" | Deny-WsusUpdate          # Hoeft maar eenmalig?

foreach ($t in $Title) {

    $WsusUpdate | Where-Object { $_.Update.Title -like "*$($t)*" } | Deny-WsusUpdate

}

#Approve

$Title = @()

$Title += "Adobe Flash Player"

$Title += "Microsoft Edge"

$Title += ".NET Framework"

$Title += "FeatureOnDemand"

$Title += "Feature on Demand"

$Title += "schadelijke software"

foreach ($t in $Title) {

    $WsusUpdate | Where-Object { $_.Update.Title -like "*$($t)*" } | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers"

}

# WSUS cleanup

Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates