PowerShell New Server Setup


On New Builds I always make sure to update these settings:

Start Windows Firewall Service, Remote Registry, WinRM 

Change Startup Mode of above service to Automatic

Disable IPv6 on all NIC's

Add a service account to local admin group for backups and monitoring 

Once the Windows Firewall Service is on, turn off Windows Firewall for Domain Profile 


#Start Log File to  Local Machine
$Env:COMPUTERNAME | Tee-Object C:\temp\MyBuildLog.txt -Append

#For Storing Results 

#Create List of Services

#==================Loop Through Services to Set Startmode to Automatic===================
Foreach($service in $ListofServicestoCheck){

    #Get Service Info
    $WMI = Get-WMIObject -class win32_service -namespace root\cimv2  | where-object { $_.name -eq $service }  
#Check if Service Already Set to Auto Start
    If($WMI.StartMode -ne "Auto"){        
#If Not Set to Auto, Change it
        $Return = $WMI.changestartmode("Automatic") 
#Check to See if Error Returned
        if($Return.returnvalue -eq 0){
            $StartupResultsArray+="$Service `t StartMode Success"             
           $StartupResultsArray+="$Service `t StartMode Failure"          
#Message if Service Already in Automatic Startup Mode
        $StartupResultsArray+="$Service `t StartMode Already Set"         

$StartupResultsArray | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5

#==================Loop Through Services to Check Status & Start Services===================

#For Storing Results 

#Loop Through Each Service and Start Service
Foreach($serviceA in $ListofServicestoCheck){

    $ServiceB=Get-Service $serviceA | Select -ExpandProperty Status 

    If($ServiceB.Status -ne "Running"){Start-Service $serviceA -ErrorAction SilentlyContinue }

    Sleep 5

    $ServiceCheck=Get-Service $serviceA | Select -ExpandProperty Status 

    If($ServiceCheck -eq "Running"){$ServiceStatusArray+="$serviceA Running"}Else{$ServiceStatusArray+="$serviceA Failed to Start"}

$ServiceStatusArray | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5


#============= Set Windows Domain Profile to Disabled ================

# Get Firewall Domain Profile State
$MyFire=Get-netFirewallProfile Domain | Select Enabled

# If Porfile Enabled Shut it Off 
If($MyFire.Enabled -eq $False){

    $MyFirewallText="Domain Firewall is Disabled Passed"

    Set-NetFirewallProfile -Profile Domain -Enabled False 

    $MyFire=Get-netFirewallProfile Domain | Select Enabled

    If($MyFire.Enabled -eq $False){$MyFirewallText="Domain Firewall is Disabled Passed"}Else{$MyFirewallText="Domain Firewall is Enabled Failed"}

$MyFirewallText | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5


#============= Check All NIC for IPv6 and Disable it ========================

$NicTeam=Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where{$_.Enabled -eq $True} | Select Name

Foreach($NIC in $NicTeam){Disable-NetAdapterBinding -Name $NIC.Name -ComponentID ms_tcpip6}

$NicteamCheck=Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where{$_.Enabled -eq $True} | Select Name

If($NicteamCheck -eq $Null){$NICIPv6CheckTool="IPV6 is Off Passed"}Else{$NICIPv6CheckTool="IPV6 is Enabled Failed"}


$NICIPv6CheckTool | Tee-Object C:\temp\MyBuildLog.txt -Append

write-host `n`n

sleep 5

#==== PowerShell -  Add Service Account to Local Admin Group==============
Add-LocalGroupMember -Group "Administrators" -Member "DomainName\Username"


<#========Older PowerShell -  Add Account to Local Admin Group=============
$DomainName =   "Domain name"
$ComputerName = "Computer name"
$UserName =     "User name"
$AdminGroup = [ADSI]"WinNT://$ComputerName/Administrators,group"
$User = [ADSI]"WinNT://$DomainName/$UserName,user"