Scripts/WSUS.ps1
$Adapter = Get-NetAdapter New-NetIPAddress -IPAddress 172.16.70.6 -PrefixLength 24 -DefaultGateway 172.16.70.1 -InterfaceIndex $Adapter.ifIndex | Format-Table Set-DnsClientServerAddress -Addresses 172.16.70.1, 10.240.55.10 -InterfaceIndex $Adapter.ifIndex | Format-Table $PasswordString = Read-Host -AsSecureString -Prompt "Enter Password" $AccountName = "Jaap" $Param = @{ Password = $PasswordString PasswordNeverExpires = $true UserMayNotChangePassword = $false AccountNeverExpires = $true Name = $AccountName } New-LocalUser @Param Add-LocalGroupMember -Group Administrators -Member $AccountName ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### cd\ if (!(Test-Path $profile)) { $ProfileContents = 'cd\ # Chocolatey profile $ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1" if (Test-Path($ChocolateyProfile)) { Import-Module "$ChocolateyProfile" } ' New-Item (Split-Path $PROFILE) -Type Directory -ErrorAction 0 New-Item $PROFILE -Type file -Value $ProfileContents -ErrorAction 0 } UserAccountControlSettings.exe #System settings Set-ExecutionPolicy RemoteSigned -Force # Disable Autoplay Write-Host "Disabling Autoplay..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 # Disable Autorun for all drives Write-Host "Disabling Autorun for all drives..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 # Disable Sticky keys prompt Write-Host "Disabling Sticky keys prompt..." Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" # Unpin Store from Taskbar if ((Test-Path -LiteralPath "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer") -ne $true) { New-Item "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" -Force -ea SilentlyContinue }; New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -Name 'NoPinningStoreToTaskbar' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue; # Powershell Install-PackageProvider -Name NuGet -Force Set-PSRepository -Name PSGallery -InstallationPolicy Trusted Install-Module packagemanagement -Force # UI customisation # Hide Search button / box Write-Host "Hiding Search Box / Button..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 # Taskbar combining New-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarGlomLevel -PropertyType DWORD -Value 2 -Force # Tray icons New-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer -Name EnableAutoTray -PropertyType DWORD -Value 0 -Force # Explorer settings Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name Hidden -Value 1 Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name HideFileExt -Value 0 Set-ItemProperty HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -Name LaunchTo -Value 1 New-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "AppsUseLightTheme" -Value "0" -PropertyType DWORD -Force New-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" -Name "SystemUsesLightTheme" -Value "0" -PropertyType DWORD -Force New-ItemProperty -Path HKCU:Software\Microsoft\ServerManager -Name DoNotOpenServerManagerAtLogon -PropertyType DWORD -Value "0x1" -Force Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 if ((Test-Path -LiteralPath "HKCU:\Control Panel\Desktop") -ne $true) { New-Item "HKCU:\Control Panel\Desktop" -Force -ea SilentlyContinue }; if ((Test-Path -LiteralPath "HKCU:\Control Panel\Colors") -ne $true) { New-Item "HKCU:\Control Panel\Colors" -Force -ea SilentlyContinue }; New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Desktop' -Name 'WallPaper' -Value '' -PropertyType String -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Colors' -Name 'Background' -Value '20 20 20' -PropertyType String -Force -ea SilentlyContinue; # Chocolatey # Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco feature enable -n allowGlobalConfirmation # Install # choco install microsoft-edge choco install 7zip choco install notepadplusplus.install choco install treesizefree # 7-zip settings if ((Test-Path -LiteralPath "HKCU:\SOFTWARE\7-Zip\Options") -ne $true) { New-Item "HKCU:\SOFTWARE\7-Zip\Options" -Force -ea SilentlyContinue }; New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'CascadedMenu' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'ContextMenu' -Value 4391 -PropertyType DWord -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath 'HKCU:\SOFTWARE\7-Zip\Options' -Name 'MenuIcons' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue; ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### Set-Location C:\windows\system32 cscript .\slmgr.vbs /ipk X3BQ9-4NPMT-J6KX7-JYVJJ-JFJVQ cscript .\slmgr.vbs /ato ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### ########################################################################################################################### Install-WindowsFeature UpdateServices-WidDB, UpdateServices-Services -IncludeAllSubFeature -IncludeManagementTools -Restart Get-Command -Module UpdateServices (Get-WsusServer).GetStatus() # Add WSUS Products $WsusProducts = @() $WsusProducts += "Windows 10" $WsusProducts += "Windows 11" $WsusProducts += "Microsoft Edge" $WsusProducts += "Microsoft Defender" foreach ($wp in $WsusProducts) { Get-WsusProduct -TitleIncludes $wp | Set-WsusProduct } # Deselect WSUS Products $WsusProducts = @() $WsusProducts += "Language" foreach ($wp in $WsusProducts) { Get-WsusProduct -TitleIncludes $wp | Set-WsusProduct -Disable } # Select WSUS classifications $DoNotSelectThisClassification = @() $DoNotSelectThisClassification += "Driver Sets" $DoNotSelectThisClassification += "Stuurprogramma" $DoNotSelectThisClassification += "Hulpmiddelen" $DoNotSelectThisClassification += "Upgrades" Get-WsusClassification | Where-Object { $_.Classification.Title -notin $DoNotSelectThisClassification } | Set-WsusClassification Get-WsusClassification | Where-Object { $_.Classification.Title -in $DoNotSelectThisClassification } | Set-WsusClassification -Disable # Approve updates Get-WsusUpdate -Classification Critical | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers" Get-WsusUpdate -Classification Security | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers" $WsusUpdate = Get-WsusUpdate -Approval Unapproved $WsusUpdate.update | Sort-Object Title | Select-Object Title # Deny $Title = @() $Title += "Language" $Title += "taalpakket" $Title += "taalinterfacepakket" $Title += "Lang Pack" $Title += "Preview" $WsusUpdate | Where-Object Classification -EQ "Upgrades" | Deny-WsusUpdate # Hoeft maar eenmalig? foreach ($t in $Title) { $WsusUpdate | Where-Object { $_.Update.Title -like "*$($t)*" } | Deny-WsusUpdate } #Approve $Title = @() $Title += "Adobe Flash Player" $Title += "Microsoft Edge" $Title += ".NET Framework" $Title += "FeatureOnDemand" $Title += "Feature on Demand" $Title += "schadelijke software" foreach ($t in $Title) { $WsusUpdate | Where-Object { $_.Update.Title -like "*$($t)*" } | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers" } # WSUS cleanup Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates |