SOE – Windows Customization – Top 10 things using Powershell

SOE – Windows Desktop or Server Customization – Top 10 things to do using Powershell 

Overview: Building a new server can be challenging, especially if you are looking to fully automate your installations. It not only helps you save time doing basic system admin tasks but also helps you maintain certain standards. Think of building Custom Application server for you company with few specific Windows Roles required in order to deploy any applications on that server.

Why: I always ask myself a question why I am doing this. Is this work going to improve my day to day routine and Is it reusable and Am I likely to perform this task again & again?
If yes, then automate it as much as possible. Hence this task will be used whenever you are building your server for first time. Script will set certain configurations which most of System Administrator does it anyway. So why not, automate it.

How: Yes, using Powershell script. You can use Powershell to configure any particular configuration or management of Windows Server. It is now likely to be extended to Linux systems as well. You can use Powershell script in WDS or SCCM to configure the server using this script.

Requirements: Next work on your requirements, particularly what would you like to achieve. For the exercise of this blog my requirements are limited by a scope, described next.

  1. Disbale NoExcute
  2. Disable Boot UI to speeds us Reboots
  3. Disable Firewall Completely – Depends on your organisation. Most company uses Proper firewalls rather than windows firewall.
  4. Set Remote Desktop to Enabled
  5. Disable UAC on Servers
  6. Disable IESC for Administrators only.
  7. Disable Windows Error Reporting
  8. Disable Drive indexing on C Drive
  9. Disable Automatic managed PageFile
  10. Set Custom PageFile to x1.5 amount of RAM

Scope: Next you have to decide what tasks you would like to cover and what is not covered.

Script:

#Disable NoExecute
bcdedit /set nx AlwaysOff

#Disable Boot UI (speeds up reboot)
bcdedit /set bootux disabled

#Disable firewall completely
netsh advfirewall set allprofiles state off

#Set Remote Desktop to enabled
Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’ -name “fDenyTSConnections” -Value 0

#Disable UAC
Set-ItemProperty -Path ‘HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System’ -name “ConsentPromptBehaviorAdmin” -Value 00000000
Set-ItemProperty -Path ‘HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System’ -name “EnableLUA” -Value 0

#Disable IESC for Administrators
Set-ItemProperty -Path ‘HKLM:\Software\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}’ -name “IsInstalled” -Value 0
#Disable IESC for Users
Set-ItemProperty -Path ‘HKLM:\Software\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}’ -name “IsInstalled” -Value 0

#Disable Windows Error Reporting
Md “HKLM:\Software\Policies\Microsoft\Windows\Windows Error Reporting”
New-ItemProperty “HKLM:\Software\Policies\Microsoft\Windows\Windows Error Reporting” -Name “Disabled” -Value 1 -PropertyType “DWORD”

#Disable drive indexing on C
$drive = Get-WmiObject -Class win32_volume -Filter “DriveLetter = ‘C:'”
Set-WmiInstance -input $drive -Arguments @{IndexingEnabled=$False}

#Disable automatically managed pagefile
wmic computersystem set AutomaticManagedPagefile=false

#Set pagefile to x1.5 system RAM
$RAM = Get-WmiObject Win32_OperatingSystem | select TotalVisibleMemorySize
$RAM = ($RAM.TotalVisibleMemorySize / 1kb).tostring(“F00”)
$PageFile = Get-WmiObject Win32_PageFile
$PageFile.InitialSize = [int]$RAM * 1.5
$PageFile.MaximumSize = [int]$RAM * 1.5
$PageFile.Put()

Conclusion: Most of these settings are required to properly build the server and have all settings configured so that System Administrators can work efficiently. All these settings improves the performance of Windows OS in one or another way. I believe all of those are self explaining, please feel free to contact me for any issues.

I hope to get some feedback, which I believe is positive even it is negative feedback.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s