########################### ### Download Choco ########################### Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) ########################### ### Choco for generic servers ########################### choco install -y --ignore-checksums chocolatey chocolatey-core.extension chocolatey-windowsupdate.extension chocolateygui notepadplusplus.install 7zip.install putty.install sysinternals procexp curl windirstat autoruns latencymon openhardwaremonitor processhacker.install cpu-z gpu-z lockhunter pstools wget openssl.light keystore-explorer.portable filezilla bginfo wireshark nmap bleachbit vcredist-all gsmartcontrol vcredist2012 s3put hijackthis virustotaluploader pci-z lessmsi cmder wsus-offline-update hashtab opera dotnet4.7 aspnetmvc4.install aspnetmvc2 bulk-crap-uninstaller cyberduck googlechrome ########################### ### Enable Task Scheduler history (requires restart) ########################### $logName = 'Microsoft-Windows-TaskScheduler/Operational' $log = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration $logName $log.IsEnabled=$true $log.SaveChanges() ########################### ### Choco for IIS servers ########################### choco install -y --ignore-checksums iiscrypto webdeploy webpicmd ########################### ### Install IIS features ########################### # IIS, WebDAV, Telnet, WAS, NETFrameworks etc $IISFeatures = "WebDAV-Redirector","WAS","Telnet-Client","Web-WHC","NET-Framework-Features","NET-Framework-45-Features","Web-Mgmt-Console","Web-Scripting-Tools","Web-Mgmt-Service","Web-Server" Install-WindowsFeature -Name $IISFeatures -IncludeAllSubFeature #WebPICMD.exe /Install /Products:MVC2 /AcceptEula /SuppressReboot WebPICMD.exe /Install /Products:MVC3Runtime /AcceptEula /SuppressReboot WebPICMD.exe /Install /Products:UrlRewrite2 /AcceptEula /SuppressReboot WebPICMD.exe /Install /Products:ApplicationRequestRouting /AcceptEula /SuppressReboot choco install -y dotnetcore-sdk ########################### ### Install DEVOPS01 Features ########################### $DEVOPS01 = "FS-FileServer", "File-Service" Install-WindowsFeature -Name $DEVOPS01 -IncludeAllSubFeature ########################### ### Remove default IIS apps ########################### Remove-Website -Name "Default Web Site" $defaultAppPools = @(".NET v2.0",".NET v2.0 Classic",".NET v4.5",".NET v4.5 Classic","Classic .NET AppPool","DefaultAppPool") Foreach ($defaultAppPool in $defaultAppPools){ IF (Test-path "IIS:\AppPools\$defaultAppPool"){Remove-WebAppPool -name $DefaultAppPool} } ########################### ### Disable IIS logging ########################### $dontLog = (get-WebConfigurationProperty -PSPath "IIS:\" -filter "system.webServer/httpLogging" -name dontLog).Value set-WebConfigurationProperty -PSPath "IIS:\" -filter "system.webServer/httpLogging" -name dontLog -value $true $dontLog = (get-WebConfigurationProperty -PSPath "IIS:\" -filter "system.webServer/httpLogging" -name dontLog).Value ########################### ### Change IIS log location ########################### #$NewFolders = "inetpub", "inetpub\apps", "logs" #$NewFolders | ForEach-Object {New-Item E:\$_ -type directory} #Import-Module WebAdministration #Set-WebConfigurationProperty "/system.applicationHost/sites/siteDefaults" -name logfile.directory -value E:\logs ########################### ### Disable Windows autoupdates ########################### New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows -Name WindowsUpdate New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name AU New-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoUpdate -Value 1 ########################### ### Pariplay Firewall rules ########################### # Information website New-NetFirewallrule -displayname Pariplay.Information -direction inbound -action allow -protocol tcp -LocalPort 42001 # Health check website New-NetFirewallrule -DisplayName Pariplay.Health -Direction inbound -Action allow -Protocol tcp -LocalPort 42002-42020 ########################### ### Remove password expiration for Administrator ########################### Enable-LocalUser -Name "Administrator" Set-LocalUser -Name Administrator -PasswordNeverExpires $true -AccountNeverExpires ########################### ### Make the required restart ########################### Restart-Computer -Force