-
Notifications
You must be signed in to change notification settings - Fork 0
/
FirstRun.ps1
65 lines (55 loc) · 4.63 KB
/
FirstRun.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Firstrun - 2021-05-11
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
# Install Chrome-Browser
$Path = $env:TEMP; $Installer = "chrome_installer.exe";
Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer; Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait;
Remove-Item $Path\$Installer
# Disable EventTracker
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability") -ne $true) { New-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -force -ea SilentlyContinue };
if((Test-Path -LiteralPath "HKCU:\Software\Microsoft\ServerManager") -ne $true) { New-Item "HKCU:\Software\Microsoft\ServerManager" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability' -Name 'ShutdownReasonOn' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\ServerManager' -Name 'DoNotOpenServerManagerAtLogon' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\ServerManager' -Name 'CheckedUnattendLaunchSetting' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;
# Disable IE Enhanced Security
function Disable-ieESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
Disable-ieESC
# Set TimeZone to Berlin
Set-TimeZone -Id 'W. Europe Standard Time'
# Show FileExtensions
if((Test-Path -LiteralPath "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced") -ne $true) { New-Item "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'Hidden' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'ShowSuperHidden' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
# Change Title-Bar settings (Color-Scheme for inactive windows)
New-ItemProperty -LiteralPath 'HKCU:\Software\Microsoft\Windows\DWM' -Name 'AccentColorInactive' -Value 7102566 -PropertyType DWord -Force -ea SilentlyContinue;
$TitleBar = "HKCU:\Software\Microsoft\Windows\DWM"
Set-ItemProperty -Path $TitleBar -Name "ColorizationGlassAttribute" -Value 1
Set-ItemProperty -Path $TitleBar -Name "ColorPrevalence" -Value 1
Set-ItemProperty -Path $TitleBar -Name "Composition" -Value 1
# Install needed Apps
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco feature enable -n=allowGlobalConfirmation
choco install 7zip.install notepadplusplus.install vscode.install clamwin clamsentinel sysinternals windirstat winscp.install wumgr git.install greenshot dependency-scanner dotnetfx vcredist140 -y
choco upgrade all -y
# Install Ms Terminal
winget install --id Microsoft.WindowsTerminal -e
# Windows-Updates
Install-Module -Name PSWindowsUpdate -Force
Get-Package -Name PSWindowsUpdate
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Get-WUInstall -MicrosoftUpdate -IgnoreUserInput -WhatIf -Verbose
Get-WUList
Get-WUlist -MicrosoftUpdate
Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -AddServiceFlag 7 -Confirm:$false
#Get-WindowsUpdate -AcceptAll -Download -Install -Confirm:$false
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot -Install -Confirm:$false | Out-File "C:\Windows\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force
# Generate Scheduled-Task for Updates (No AutoReboot!)
Invoke-WUJob -Script {ipmo PSWindowsUpdate; Get-WindowsUpdate -Install -AcceptAll -AutoReboot:$false -Confirm:$false | Out-File C:\Windows\PSWindowsUpdate.log } -Confirm:$false -Verbose -RunNow:$false