-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathupdate.box
130 lines (119 loc) · 8.42 KB
/
update.box
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#dennyhalim.com #windows updater using boxstarter.org
#usage:
#1. download from boxstarter.org and extract (you might need to sync your clock before preceeding)
#2. run following as administrator:
# setup.bat
setx.exe ChocolateyBinRoot "\tools" /M
# boxstarter https://is.gd/boxstarter -disablereboots
#update windows before installing
#https://support.microsoft.com/en-us/help/4009469
#https://support.microsoft.com/en-us/kb/913086
#win7 roll-up https://blogs.technet.microsoft.com/askpfeplat/2016/05/20/windows-7-sp1-and-server-2008-r2-sp1-convenience-roll-up-now-available-at-a-download-location-near-you-kb3125574/
#http://www.wsusoffline.net/docs/
Stop-Service W32Time
#tzutil.exe /s "SE Asia Standard Time"
Start-Service W32Time
net time \\2.pool.ntp.org /set /y
w32tm.exe /resync /nowait
Disable-MicrosoftUpdate
# https://blogs.technet.microsoft.com/networking/2010/12/06/disabling-network-discoverynetwork-resources/
#profile=domain,private,public
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=TCP localport=2869 name=disc_upnp
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=TCP localport=5357 name=disc_wsdapievents
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=TCP localport=5358 name=disc_wsdevents
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=UDP localport=5355 name=disc_llmnr
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=UDP localport=3702 name=disc_wsdpublishing
netsh advfirewall firewall add rule dir=in action=block profile=any protocol=UDP localport=1900 name=disc_ssdp
Set-WindowsExplorerOptions -EnableShowFileExtensions -EnableShowHiddenFilesFoldersDrives # -EnableShowProtectedOSFiles
#Set-ExplorerOptions -showHiddenFilesFoldersDrives -showFileExtensions #-showProtectedOSFiles #obsoletes
#Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\SecurityProviders\WDigest" -Name UseLogonCredential -Value 0 -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" SafeModeBlockNonAdmins -Type DWORD -Value 1 -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" AllowTelemetry -Type DWORD -Value 0 -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers" -Name 1 -Value "pool.ntp.org" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name DeferUpgrade -Type DWORD -Value 1 -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" -Name IncludeRecommendedUpdates -Type DWORD -Value 0 -Force
#Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name IncludeRecommendedUpdates -Type DWORD -Value 0 -Force
#Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" EnableConnectionRateLimiting -Type DWORD -Value 1 -Force
#Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" NtfsDisableLastAccessUpdate -Type DWORD -Value 1 -Force
# https://aka.ms/StopUsingSMB1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
#Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation" -Name DependOnService -Value @("bowser","mrxsmb20","nsi") -Force
#Set-Service -Name mrxsmb10 -StartupType Disabled
#win8+
#Set-SmbServerConfiguration -EnableSMB1Protocol $false
choco uninstall -ry FS-SMB1 -source windowsFeatures
choco uninstall -ry SMB1Protocol-Server -source windowsFeatures
#windowsFeatures
#alternative: pkgmr will call dism
#start /w pkgmgr.exe /iu:TelnetClient;NetFx3;NetFx4-AdvSrvs /norestart
#start /w pkgmgr.exe /uu:FS-SMB1;SMB1Protocol /norestart
#dism.exe /online /norestart /Enable-Feature /FeatureName:TelnetClient /FeatureName:NetFx3
#dism.exe /online /norestart /Enable-Feature /FeatureName:NetFx4-AdvSrvs
#dism.exe /online /norestart /disable-feature /featurename:"FS-SMB1"
#dism.exe /online /norestart /disable-feature /featurename:"SMB1Protocol"
cinst TelnetClient -source windowsFeatures
cinst NetFx3 -source windowsFeatures
cinst NetFx4-AdvSrvs -source windowsFeatures
#cinst Microsoft-Windows-Subsystem-Linux -source windowsFeatures
#choco uninstall -ry Internet-Explorer-Optional-x86 -source windowsFeatures
#choco uninstall -ry Internet-Explorer-Optional-amd64 -source windowsFeatures
choco uninstall -ry Indexing-Service-Package -source windowsFeatures
$env:ChocolateyBinRoot = "\tools"
[Environment]::SetEnvironmentVariable("ChocolateyBinRoot", "\tools", "Machine")
#essentials
choco upgrade -ry autohotkey.portable chocolatey chocolatey-core.extension toolsroot vcredist2008 #some vcredist?
#install apps
choco upgrade -ry 7zip.install bginfo boxstarter geany hashcheck npackd-cli.portable openssh remy vlc #chef-client
choco upgrade -ry firefoxesr -packageParameters "l=en-US"
#portable not shown on control panel add/remove programs and start menu
choco upgrade -ry adwcleaner autohotkey.portable falkon fastcopy.portable git.portable gow hwinfo.portable kitty.portable netscan.portable npackd-cli.portable pinginfoview processhacker.portable rdiff-backup recuva.portable screentogif shadowexplorer.portable spacesniffer stinger ugetdm
#free for personal use only!
choco upgrade -ry combofix
#need AHK
choco upgrade -ry winpcap
#choco upgrade -ry sdio bginfo bind-toolsonly bleachbit bulk-crap-uninstaller captura driverbooster googlechrome ipscan nssm picklesui poshgit securepointsslvpn snappy-driver-installer tightvnc winpcap
#choco upgrade -ry all #all not installed. The package was not found with the source(s) listed.
#cmd /c "\\192.168.1.1\firefox.en-US.win32.installer.exe -ms"
#add printers #unsigned drivers still need click
#cscript $env:windir\System32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r IP_myprinter08 -h 192.168.1.8
#rundll32 printui.dll,PrintUIEntry /u /if /b "myprinter08" /f "\\192.168.1.8\printers\P62KUSAL.INF" /r "IP_myprinter08" /m "paste model name from inf"
#mkdir $env:windir\boxcfg
#Copy-Item \\192.168.1.1\updater\cfg $env:windir\boxstarter -Recurse
#schtasks.exe /Create /XML $env:windir\boxstarter\cfg\chocoup.xml /TN chocoup
Set-Service -Name wuauserv -StartupType Manual #windows auto update
Set-Service -Name winmgmt -StartupType Manual #wmi
Set-Service -Name DiagTrack -StartupType Disabled #diagnostic tracking
Set-Service -Name dmwappushservice -StartupType Disabled # tracking
Set-Service -Name WSearch -StartupType Disabled #search indexer
#Set-Service -Name SysMain -StartupType Disabled #superfetch
#Set-Service -Name Dnscache -StartupType Manual #dnsclient
#Set-Service -Name TabletInputService -StartupType Disabled
#Set-Service -Name HomeGroupProvider -StartupType Disabled
#Set-Service -Name WMPNetworkSvc -StartupType Disabled #media player network
#Set-Service -Name WPCSvc -StartupType Disabled #parental control
#Set-Service -Name WerSvc -StartupType Disabled #error reporting
#Set-Service -Name WinHttpAutoProxySvc -StartupType Disabled #wpad
#Set-Service -Name wcncsvc -StartupType Disabled #WPS
#Set-Service -Name lfsvc -StartupType Disabled #geolocation geofence
#apps services
Set-Service -Name AdobeFlashPlayerUpdateSvc -StartupType Disabled
Set-Service -Name AdobeARMservice -StartupType Disabled
Set-Service -Name MozillaMaintenance -StartupType Disabled
Set-Service -Name gupdate -StartupType Disabled
Set-Service -Name gupdatem -StartupType Disabled
#remove all startup
$StartMenuPrograms = "$env:ProgramData\Microsoft\Windows\Start Menu\Programs"
New-Item -Path "$StartMenuPrograms\" -Name "Startup.oldbox" -ItemType "directory"
Move-Item "$StartMenuPrograms\Startup\*.*" "$StartMenuPrograms\Startup.oldbox"
Rename-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -NewName Run.oldbox
choco upgrade -ry avastfreeantivirus
#finalize
#$kinstlr = "$env:windir\temp\onekeyfree.exe"; Invoke-WebRequest -Uri http://www.aomeisoftware.com/download/ok/OneKeyFree.exe -OutFile $kinstlr; . $kinstlr
$kinstlr = "$env:windir\chocoup.xml"; Invoke-WebRequest -Uri https://raw.githubusercontent.com/dennyhalim/cfg/master/choco-upgrade-task.xml -OutFile $kinstlr; schtasks.exe /Create /XML $kinstlr /TN chocoup
#$kinstlr = "$env:windir\temp\kabuto.exe"; Invoke-WebRequest -Uri https://app.kabuto.io/dl/c/w1gowhcgaw-zmu0 -OutFile $kinstlr; . $kinstlr
Enable-UAC
#Enable-RemoteDesktop
#Disable-MicrosoftUpdate
#Install-WindowsUpdate -acceptEula -SuppressReboots
Enable-ComputerRestore -drive "c:\"
Checkpoint-Computer -Description 'dennyhalim.com boxstarter finished'