scripts/Windows/init_server.ps1

# Disable UAC

Write-Host "Disabling UAC"
Write-Host "============="

Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value "0"

Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green  


# Set PowerShell execution policy to unrestricted

Write-Host "Changing PS execution policy to Unrestricted"
Write-Host "============================================"
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force -ErrorAction Ignore -Scope Process
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force -ErrorAction Ignore
Write-Host "PS policy updated"


# Disable Server Manager auto-start

Write-Host "Disabling Server Manager auto-start"
Write-Host "==================================="

$serverManagerMachineKey = "HKLM:\SOFTWARE\Microsoft\ServerManager"
$serverManagerUserKey = "HKCU:\SOFTWARE\Microsoft\ServerManager"
if(Test-Path $serverManagerMachineKey) {
    Set-ItemProperty -Path $serverManagerMachineKey -Name "DoNotOpenServerManagerAtLogon" -Value 1
    Write-Host "Disabled Server Manager at logon for all users" -ForegroundColor Green
}
if(Test-Path $serverManagerUserKey) {
    Set-ItemProperty -Path $serverManagerUserKey -Name "CheckedUnattendLaunchSetting" -Value 0
    Write-Host "Disabled Server Manager for current user" -ForegroundColor Green
}


# Disable WER

Write-Host "Disabling Windows Error Reporting (WER)"
Write-Host "======================================="

$werKey = "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting"
Set-ItemProperty $werKey -Name "ForceQueue" -Value 1

if(Test-Path "$werKey\Consent") {
    Set-ItemProperty "$werKey\Consent" -Name "DefaultConsent" -Value 1
}
Write-Host "Windows Error Reporting (WER) dialog has been disabled." -ForegroundColor Green  


# Disable IE ESC and Welcome Screen

Write-Host "Disabling Internet Explorer ESC"
Write-Host "==============================="

$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
if((Test-Path $AdminKey) -or (Test-Path $UserKey)) {
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
    Stop-Process -Name Explorer -ErrorAction SilentlyContinue
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}

Write-Host "Disabling Internet Explorer Welcome Screen"
Write-Host "=========================================="

$AdminKey = "HKLM:\Software\Policies\Microsoft\Internet Explorer\Main"
New-Item -Path $AdminKey -Value 1 -Force
Set-ItemProperty -Path $AdminKey -Name "DisableFirstRunCustomize" -Value 1 -Force
Write-Host "Disabled IE Welcome screen" -ForegroundColor Green


# Disable Antivirus

Write-Host "Disabling Antivirus"
Write-Host "==================="

Set-MpPreference -DisableRealtimeMonitoring $true


# Disable Windows Update

Write-Host "Disabling Windows Updates"
Write-Host "========================="

$AutoUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
If (Test-Path -Path $AutoUpdatePath) {
    Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 1
    Write-Host "Disabled Windows Update"
}
else {
    Write-Host "Windows Update key does not exist"
}

# Allow connecting to any host via WinRM

Write-Host "WinRM - allow * hosts"
Write-Host "====================="

cmd /c 'winrm set winrm/config/client @{TrustedHosts="*"}'
Write-Host "WinRM configured"

# Allow RDP connections

Write-Host "Allow RDP connections"
Write-Host "====================="

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Write-Host "RDP connections enabled"

# Disable new network location wizard

Write-Host "Disabling new network location wizard"
Write-Host "====================================="

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff /f
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard /v HideWizard /t REG_DWORD /d 1 /f

Write-Host "Network location wizard disabled"

# Set UTC time zone

Write-Host "Switch time zone to UTC"
Write-Host "========================"

tzutil /s UTC

Write-Host "Time zone switched"

# .NET 3.5

Write-Host "Installing .NET 3.5"
Write-Host "==================="

Install-WindowsFeature NET-Framework-Core
Write-Host ".NET 3.5 installed"

Write-Host "Disable .NET NGEN service and Windows updates"
Get-ScheduledTask -TaskPath '\Microsoft\Windows\.NET Framework\*' | Disable-ScheduledTask -ErrorAction SilentlyContinue | ForEach-Object { $_.URI }
Set-Service wuauserv -StartupType Disabled -ErrorAction SilentlyContinue