# # Use the commands listed at your own risk. I will not be responsible in case running the commands # breaks your setup. # # Set Static IP Address # Replace ip, mask, gw, dns and "some_domainname" that is appropriate for your environment. # $ip = "192.168.0.202" $mask = "255.255.255.0" $gw = "192.168.0.1" $dns = "192.168.0.4", "192.168.0.9", "192.168.0.5" $iptype = "IPv4" $adapter = Get-WmiObject win32_NetworkAdapterConfiguration -filter "IPEnabled = 'true'" $adapter.EnableStatic($IP, $Mask) Sleep -Seconds 4 $adapter.SetGateways($gw) $adapter.SetDNSServerSearchOrder($DNS) # # Disable NetBIOS over TCP/IP, WINS and Support for LMHost file # $adapter.SetTcpipNetbios(2) $nic = [wmiclass]'Win32_NetworkAdapterConfiguration' $nic.enablewins($false,$false) # # Uncomment "adapter.setdnsdomain" line if you want to set a specific domain name for your # enviornment. Just replace the "some_domainname.com" with settings specific to your # environment. #$adapter.SetDnsDomain("some_domainname.com") # # Disable Firewall, if you want to disable it for public environment add "public" profile string # set-netfirewallprofile -profile domain,private -enabled false # # Enable Remote Desktop Access # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0 # # Disable Network Bindings # Get-NetAdapterBinding will generate the network binding list # If you need IPv6 support remove "ms_tcpip6 from your the bindings variable" # $bindings = "ms_rspndr", "ms_lltdio", "ms_lldp", "ms_implat", "ms_pacer", "ms_server", "ms_tcpip6" foreach ($i in $bindings) { write-host "Remove Bindings for $i" disable-netAdapterBinding -name ethernet -ComponentID $i} # # Disable AntiSpyWare # $antispyware = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" $name = "DisableAntiSpyware" $value = "1" New-ItemProperty -path $antispyware -Name $name -Value $value -PropertyType DWORD -Force # # Disable Logging # $registrypath = get-childitem HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger | select name $registrypath = $registrypath -replace "HKEY_LOCAL_MACHINE","HKLM:" foreach ($regpath in $registrypath) { $regpath -match "@{Name=(?.*)}" $reg = $matches['HKLM'] $name = "start" $value = "0" New-ItemProperty -path $reg -Name $name -Value $value -PropertyType DWORD -Force } # # Unistall OneDrive # taskkill /f /im OneDrive.exe c:\windows\SysWOW64\OneDriveSetup.exe /uninstall # # Disable Cortona via Registry # I still see the Cortana executable running even after reboot. If someone has # successfully disabled Cortana, please let me know how you achieved it and I will # update the code below. For now I am going to leave it commented out. # #$cortanareg = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" #$cortananame = "AllowCortana" #$cortanaprop = "DWORD" #$cortanavalue = "0" #If (-Not (Test-Path "$cortanareg")) { # New-Item -Path $cortanareg | Out-Null #} #New-ItemProperty -path $cortanareg -Name $cortananame -Value $cortanavalue -PropertyType $cortanaprop -Force # # Export All Services on System and there default start mode # Replace "c:\users\admin\" directory with appropriate directory. I initially used # env:userprofile environment variable but I ran into issues on my system # so I decided to hard code it for now. I might revisit the code later on. # get-wmiobject win32_service |Select-Object -property name,displayname,startmode,state | export-csv c:\users\admin\services-all.csv # # Export all services that are running. Same comment about replacing the "c:\users\admin" # directory. # get-wmiobject win32_service | Where-Object {$_.state -eq "running"} | Select-Object -property name,displayname,startmode,state | export-csv c:\users\admin\services-running.csv # # Command to Restore Service to default status based on the output from services that are running # # # $runsvc = import-csv c:\users\admin\services-running.csv # foreach ($svc in $runsvc) { # set-services $svc.name -StartupType $svc.startmode # } # # Disable Runtime Broker # On Win10 pro version the "TimeBroker" path did not exist so Runtime Broker is # still running, even though the reg key exists now. I think the settings might # might only work on specific Win10 versions. # $runtimereg = "HKLM:\SYSTEM\CurrentControlSet\Services\TimeBroker" $runtimename = "Start" $runtimevalue = "4" $runtimeprop = "DWORD" if (-Not (Test-Path "$runtimereg")) { New-Item -Path $runtimereg | Out-Null } New-ItemProperty -path $runtimereg -Name $runtimename -Value $runtimevalue -PropertyType $runtimeprop -Force # # Additional Services To Disable # Set-Service Server -StartupType disabled Set-Service dnscache -StartupType disabled Set-Service homegroupprovider -StartupType disabled Set-Service fdrespub -StartupType disabled Set-Service fdphost -StartupType disabled Set-Service ScDeviceEnum -StartupType disabled Set-Service ScDeviceEnum -StartupType disabled Set-Service fontcache -StartupType disabled Set-Service StiSvc -StartupType disabled Set-Service SysMain -StartupType disabled