PowerShell New Server Setup
<#
On New Builds I always make sure to update these settings:
Start Windows Firewall Service, Remote Registry, WinRM
Change Startup Mode of above service to Automatic
Disable IPv6 on all NIC's
Add a service account to local admin group for backups and monitoring
Once the Windows Firewall Service is on, turn off Windows Firewall for Domain Profile
#>
#Start Log File to Local Machine
$Env:COMPUTERNAME | Tee-Object C:\temp\MyBuildLog.txt -Append
#For Storing Results
$StartupResultsArray=@()
#Create List of Services
$ListofServicestoCheck=@('RemoteRegistry','WinRM','mpssvc')
#==================Loop Through Services to Set Startmode to Automatic===================
Foreach($service in $ListofServicestoCheck){
#Get Service Info
$WMI = Get-WMIObject -class win32_service -namespace root\cimv2 | where-object { $_.name -eq $service }
#Check if Service Already Set to Auto Start
If($WMI.StartMode -ne "Auto"){
#If Not Set to Auto, Change it
$Return = $WMI.changestartmode("Automatic")
#Check to See if Error Returned
if($Return.returnvalue -eq 0){
$StartupResultsArray+="$Service `t StartMode Success"
}Else{
$StartupResultsArray+="$Service `t StartMode Failure"
}
}Else{
#Message if Service Already in Automatic Startup Mode
$StartupResultsArray+="$Service `t StartMode Already Set"
}
}
cls
$StartupResultsArray | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5
#==================Loop Through Services to Check Status & Start Services===================
#For Storing Results
$ServiceStatusArray=@()
#Loop Through Each Service and Start Service
Foreach($serviceA in $ListofServicestoCheck){
$ServiceB=Get-Service $serviceA | Select -ExpandProperty Status
If($ServiceB.Status -ne "Running"){Start-Service $serviceA -ErrorAction SilentlyContinue }
Sleep 5
$ServiceCheck=Get-Service $serviceA | Select -ExpandProperty Status
If($ServiceCheck -eq "Running"){$ServiceStatusArray+="$serviceA Running"}Else{$ServiceStatusArray+="$serviceA Failed to Start"}
}
cls
$ServiceStatusArray | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5
#============= Set Windows Domain Profile to Disabled ================
# Get Firewall Domain Profile State
$MyFire=Get-netFirewallProfile Domain | Select Enabled
# If Porfile Enabled Shut it Off
If($MyFire.Enabled -eq $False){
$MyFirewallText="Domain Firewall is Disabled Passed"
}Else{
Set-NetFirewallProfile -Profile Domain -Enabled False
$MyFire=Get-netFirewallProfile Domain | Select Enabled
If($MyFire.Enabled -eq $False){$MyFirewallText="Domain Firewall is Disabled Passed"}Else{$MyFirewallText="Domain Firewall is Enabled Failed"}
}
cls
$MyFirewallText | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5
#============= Check All NIC for IPv6 and Disable it ========================
$NicTeam=Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where{$_.Enabled -eq $True} | Select Name
Foreach($NIC in $NicTeam){Disable-NetAdapterBinding -Name $NIC.Name -ComponentID ms_tcpip6}
$NicteamCheck=Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where{$_.Enabled -eq $True} | Select Name
If($NicteamCheck -eq $Null){$NICIPv6CheckTool="IPV6 is Off Passed"}Else{$NICIPv6CheckTool="IPV6 is Enabled Failed"}
cls
$NICIPv6CheckTool | Tee-Object C:\temp\MyBuildLog.txt -Append
write-host `n`n
sleep 5
#==== PowerShell - Add Service Account to Local Admin Group==============
Add-LocalGroupMember -Group "Administrators" -Member "DomainName\Username"
<#========Older PowerShell - Add Account to Local Admin Group=============
$DomainName = "Domain name"
$ComputerName = "Computer name"
$UserName = "User name"
$AdminGroup = [ADSI]"WinNT://$ComputerName/Administrators,group"
$User = [ADSI]"WinNT://$DomainName/$UserName,user"
$AdminGroup.Add($User.Path)
#>