Created
December 20, 2023 18:57
-
-
Save EmmanuelTsouris/3ebc8ec3da71f06d948ed3ce5c81195d to your computer and use it in GitHub Desktop.
Some useful PowerShell snippets to prep an EC2 Instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # turn off ie security | |
| $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" | |
| $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" | |
| Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 | |
| Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 | |
| # priority to programs, not background | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\PriorityControl" -Name "Win32PrioritySeparation" -Value 38 | |
| # explorer set to performance | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" -Name "VisualFXSetting" -Value 2 | |
| # disable crash dump | |
| Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" -Name "CrashDumpEnabled" -Value 0 | |
| # disable some more scheduled tasks | |
| Disable-ScheduledTask -TaskName 'ServerManager' -TaskPath '\Microsoft\Windows\Server Manager' | |
| Disable-ScheduledTask -TaskName 'ScheduledDefrag' -TaskPath '\Microsoft\Windows\Defrag' | |
| Disable-ScheduledTask -TaskName 'ProactiveScan' -TaskPath '\Microsoft\Windows\Chkdsk' | |
| Disable-ScheduledTask -TaskName 'Scheduled' -TaskPath '\Microsoft\Windows\Diagnosis' | |
| Disable-ScheduledTask -TaskName 'SilentCleanup' -TaskPath '\Microsoft\Windows\DiskCleanup' | |
| Disable-ScheduledTask -TaskName 'WinSAT' -TaskPath '\Microsoft\Windows\Maintenance' | |
| Disable-ScheduledTask -TaskName 'StartComponentCleanup' -TaskPath '\Microsoft\Windows\Servicing' | |
| # disable unnecessary services | |
| $services = @( | |
| "diagnosticshub.standardcollector.service" # Microsoft (R) Diagnostics Hub Standard Collector Service | |
| "DiagTrack" # Diagnostics Tracking Service | |
| "dmwappushservice" # WAP Push Message Routing Service | |
| "lfsvc" # Geolocation Service | |
| "MapsBroker" # Downloaded Maps Manager | |
| "NetTcpPortSharing" # Net.Tcp Port Sharing Service | |
| "RemoteRegistry" # Remote Registry | |
| "SharedAccess" # Internet Connection Sharing (ICS) | |
| "TrkWks" # Distributed Link Tracking Client | |
| "WbioSrvc" # Windows Biometric Service | |
| "XblAuthManager" # Xbox Live Auth Manager | |
| "XblGameSave" # Xbox Live Game Save Service | |
| "LanmanServer" # File/Printer sharing | |
| "Spooler" # Printing stuff | |
| "RemoteAccess" # Routing and Remote Access | |
| ) | |
| foreach ($service in $services) { | |
| Set-Service $service -startuptype "disabled" | |
| Stop-Service $service -force | |
| } | |
| # package manager stuff | |
| Install-PackageProvider -Name NuGet -Force | |
| # show file extensions, hidden items and disable item checkboxes | |
| $key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' | |
| Set-ItemProperty $key HideFileExt 0 | |
| Set-ItemProperty $key HideDrivesWithNoMedia 0 | |
| Set-ItemProperty $key Hidden 1 | |
| Set-ItemProperty $key AutoCheckSelect 0 | |
| # accessibility stuff | |
| Set-ItemProperty "HKCU:\Control Panel\Accessibility\StickyKeys" "Flags" "506" | |
| Set-ItemProperty "HKCU:\Control Panel\Accessibility\Keyboard Response" "Flags" "122" | |
| Set-ItemProperty "HKCU:\Control Panel\Accessibility\ToggleKeys" "Flags" "58" | |
| # disable telemetry | |
| Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" "AllowTelemetry" -Value 0 | |
| # dont combine taskbar buttons and no tray hiding stuff | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name TaskbarGlomLevel -Value 2 | |
| Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name EnableAutoTray -Value 0 | |
| # hide the touchbar button on the systray | |
| Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PenWorkspace" -Name PenWorkspaceButtonDesiredVisibility -Value 0 | |
| Write-Status "Installing sound card" | |
| auto start audio service | |
| Set-Service Audiosrv -startuptype "automatic" | |
| Start-Service Audiosrv | |
| # disable Windows Update | |
| Set-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "NoAutoUpdate" 1 | |
| Set-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU" "AUOptions" 2 | |
| # install windows update automation and run it | |
| Install-Module PSWindowsUpdate -Force | |
| Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d -Confirm:$false | |
| Get-WUInstall -MicrosoftUpdate -AcceptAll -IgnoreReboot | |
| # disable uac | |
| New-ItemProperty -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system" -Name EnableLUA -PropertyType DWord -Value 0 -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment