Last active
May 14, 2024 20:43
-
-
Save rolambert/3db028e26daea47bfd6002f54e2a8cbb to your computer and use it in GitHub Desktop.
Set up a windows machine for python and .Net development
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [string]$vsrelease="17", #17=2022 | |
| [string]$vsedition="enterprise", #community, professional, or enterprise | |
| [string]$pythonversion = "3.9.10" | |
| ) | |
| ### | |
| # Author: Robert Lambert | |
| # Revision: 1.0 | |
| # Date Edit: 2022 | |
| ### | |
| # 1.0 Python | |
| #region python | |
| # 1.1 Pyenv | |
| Invoke-WebRequest -UseBasicParsing -Uri "https://raw.githubusercontent.com/pyenv-win/pyenv-win/master/pyenv-win/install-pyenv-win.ps1" -OutFile "./install-pyenv-win.ps1"; &"./install-pyenv-win.ps1" | |
| $Env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") | |
| # 1.2 Python | |
| $pyenvversion = try{ pyenv --Version } catch {} | |
| if( [string]::IsNullOrEmpty($pyenvversion) ) | |
| { | |
| Write-Host "`n pyenv not found `n run command with correct execution policy" | |
| Write-Host "`n python install failed" -BackgroundColor Red | |
| } else { | |
| Write-Host "`n pyenv installed `n $($pyenvversion)" | |
| pyenv install 3.9.10 2.7.4 3.8.9 | |
| pyenv global $pythonversion | |
| } | |
| $pythonversion = try { python --version } catch{} | |
| if( [string]::IsNullOrEmpty($pythonversion) ) | |
| { | |
| } else {} | |
| # 1.3 Poetry | |
| (Invoke-WebRequest -Uri https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py -UseBasicParsing).Content | python - | |
| $Env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") | |
| $poetryversion = try{ poetry -V } catch {} | |
| if( [string]::IsNullOrEmpty($poetryversion) ) | |
| { | |
| } else { | |
| Write-Host (" Poetry Installed `n {0}" -f $poetryversion) | |
| $poetryenvs = mkdir "~\.poetryenvs" | |
| poetry config virtualenvs.path $poetryenvs.FullName | |
| poetry config virtualenvs.in-project false | |
| poetry config --list | |
| } | |
| #endregion | |
| ### | |
| # 2. Visual studio | |
| #region VisualStudio | |
| # 2.1 DL | |
| Invoke-WebRequest -Uri "https://aka.ms/vs/$($vsrelease)/release/vs_professional.exe" -OutFile "~\Downloads\VisualStudioSetup.exe" | |
| # 2.2 Configure | |
| $workloadArgument = @( | |
| "Microsoft.VisualStudio.Component.NuGet", | |
| "Microsoft.VisualStudio.Component.Roslyn.Compiler", | |
| "Microsoft.Component.MSBuild", | |
| "Microsoft.NetCore.Component.Runtime.6.0", | |
| "Microsoft.NetCore.Component.SDK", | |
| "Microsoft.Net.Component.4.7.2.TargetingPack", | |
| "Microsoft.VisualStudio.Component.Roslyn.LanguageServices", | |
| "Microsoft.VisualStudio.Component.FSharp", | |
| "Microsoft.ComponentGroup.ClickOnce.Publish", | |
| "Microsoft.NetCore.Component.DevelopmentTools", | |
| "Microsoft.Net.Component.4.5.2.TargetingPack", | |
| "Microsoft.VisualStudio.Component.TestTools.CodedUITest", | |
| "Microsoft.VisualStudio.Component.MSODBC.SQL", | |
| "Microsoft.VisualStudio.Component.MSSQL.CMDLnUtils", | |
| "Microsoft.VisualStudio.Component.SQL.LocalDB.Runtime", | |
| "Microsoft.VisualStudio.Component.SQL.CLR", | |
| "Microsoft.VisualStudio.Component.TestTools.WebLoadTest", | |
| "Microsoft.VisualStudio.Component.CoreEditor", | |
| "Microsoft.VisualStudio.Workload.CoreEditor", | |
| "Microsoft.Net.Component.4.8.SDK", | |
| "Microsoft.Net.ComponentGroup.DevelopmentPrerequisites", | |
| "Microsoft.VisualStudio.Component.TypeScript.TSServer", | |
| "Microsoft.VisualStudio.Component.TypeScript.SDK.4.7", | |
| "Microsoft.VisualStudio.ComponentGroup.WebToolsExtensions", | |
| "Microsoft.VisualStudio.Component.JavaScript.TypeScript", | |
| "Microsoft.VisualStudio.Component.JavaScript.Diagnostics", | |
| "Microsoft.VisualStudio.Component.TextTemplating", | |
| "Component.Microsoft.VisualStudio.RazorExtension", | |
| "Microsoft.VisualStudio.Component.IISExpress", | |
| "Microsoft.VisualStudio.Component.Common.Azure.Tools", | |
| "Microsoft.Component.ClickOnce", | |
| "Microsoft.VisualStudio.Component.ManagedDesktop.Core", | |
| "Microsoft.VisualStudio.Component.SQL.SSDT", | |
| "Microsoft.VisualStudio.Component.SQL.DataSources", | |
| "Component.Microsoft.Web.LibraryManager", | |
| "Component.Microsoft.WebTools.BrowserLink.WebLivePreview", | |
| "Microsoft.VisualStudio.ComponentGroup.Web", | |
| "Microsoft.VisualStudio.Component.FSharp.WebTemplates", | |
| "Microsoft.VisualStudio.Component.DockerTools", | |
| "Microsoft.NetCore.Component.Web", | |
| "Microsoft.VisualStudio.Component.WebDeploy", | |
| "Microsoft.VisualStudio.Component.AppInsights.Tools", | |
| "Microsoft.VisualStudio.Component.Web", | |
| "Microsoft.Net.Component.4.8.TargetingPack", | |
| "Microsoft.Net.ComponentGroup.4.8.DeveloperTools", | |
| "Microsoft.VisualStudio.Component.AspNet45", | |
| "Microsoft.VisualStudio.Component.AspNet", | |
| "Component.Microsoft.VisualStudio.Web.AzureFunctions", | |
| "Microsoft.VisualStudio.ComponentGroup.AzureFunctions", | |
| "Microsoft.VisualStudio.Component.Debugger.Snapshot", | |
| "Microsoft.VisualStudio.ComponentGroup.Web.CloudTools", | |
| "Microsoft.VisualStudio.Component.IntelliTrace.FrontEnd", | |
| "Microsoft.VisualStudio.Component.DiagnosticTools", | |
| "Microsoft.VisualStudio.Component.EntityFramework", | |
| "Microsoft.VisualStudio.Component.LiveUnitTesting", | |
| "Microsoft.VisualStudio.Component.Debugger.JustInTime", | |
| "Component.Microsoft.VisualStudio.LiveShare.2022", | |
| "Microsoft.VisualStudio.Component.WslDebugging", | |
| "Microsoft.VisualStudio.Component.IntelliCode", | |
| "Microsoft.VisualStudio.Component.ClassDesigner", | |
| "Microsoft.VisualStudio.Component.CodeClone", | |
| "Microsoft.VisualStudio.Component.GraphDocument", | |
| "Microsoft.VisualStudio.Component.CodeMap", | |
| "Microsoft.VisualStudio.Component.DependencyValidation.Enterprise", | |
| "Microsoft.VisualStudio.ComponentGroup.ArchitectureTools.Managed", | |
| "Microsoft.VisualStudio.Workload.NetWeb", | |
| "Microsoft.Component.Azure.DataLake.Tools", | |
| "Microsoft.Component.PythonTools", | |
| "Microsoft.VisualStudio.Component.VC.CoreIde", | |
| "Microsoft.VisualStudio.Component.VC.Tools.x86.x64", | |
| "Microsoft.VisualStudio.Component.Graphics.Tools", | |
| "Microsoft.VisualStudio.Component.Windows10SDK.19041", | |
| "Microsoft.Component.PythonTools.Web", | |
| "Microsoft.VisualStudio.Workload.Python", | |
| "Microsoft.VisualStudio.ComponentGroup.MSIX.Packaging", | |
| "Microsoft.VisualStudio.Component.ManagedDesktop.Prerequisites", | |
| "Microsoft.VisualStudio.Component.DotNetModelBuilder", | |
| "Microsoft.VisualStudio.Component.FSharp.Desktop", | |
| "Microsoft.ComponentGroup.Blend", | |
| "Microsoft.VisualStudio.Workload.ManagedDesktop", | |
| "Microsoft.VisualStudio.Component.VC.Tools.ARM64", | |
| "Microsoft.VisualStudio.Component.UWP.VC.ARM64", | |
| "Microsoft.VisualStudio.Component.VC.Tools.ARM", | |
| "Microsoft.VisualStudio.ComponentGroup.UWP.VC", | |
| "Microsoft.VisualStudio.Component.Windows11SDK.22621", | |
| "Microsoft.VisualStudio.Component.Windows10SDK.18362", | |
| "Microsoft.Component.NetFX.Native", | |
| "Microsoft.VisualStudio.ComponentGroup.UWP.NetCoreAndStandard", | |
| "Microsoft.VisualStudio.Component.Graphics", | |
| "Microsoft.VisualStudio.ComponentGroup.UWP.Xamarin", | |
| "Microsoft.VisualStudio.ComponentGroup.UWP.Support", | |
| "Microsoft.VisualStudio.Component.Windows10SDK.IpOverUsb", | |
| "Microsoft.VisualStudio.Workload.Universal", | |
| "Microsoft.VisualStudio.Component.NuGet.BuildTools", | |
| "Microsoft.VisualStudio.Workload.Data", | |
| "Microsoft.VisualStudio.Component.Git" | |
| ) | |
| $optionsAddLayout = '--add {0}' -f [string]::Join(" --add ", $workloadArgument ) | |
| $optionsQuiet = '--passive' | |
| $optionsLayout = '--layout $downloadPath' | |
| $optionsIncludeRecommended = '--includeRecommended' | |
| $optionsForce = '--force' | |
| $optionsInstallandDownload = '--installWhileDownloading' | |
| $vsOptions = @( | |
| $optionsLayout, | |
| $optionsIncludeRecommended, | |
| $optionsAddLayout, | |
| $optionsQuiet, | |
| $optionsInstallandDownload, | |
| $optionsForce | |
| ) | |
| # 2.3 Install | |
| $InstallVSStudio = Start-Process "~\Downloads\VisualStudioSetup.exe" -ArgumentList $vsOptions | |
| #endregion | |
| ### | |
| # 3.0 Git | |
| #region Git | |
| $Env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") | |
| $gitversion = try{ git -v } catch {} | |
| if( [string]::IsNullOrEmpty($gitversion) ) | |
| { | |
| Write-Host "`n GIT not installed" -BackgroundColor Red | |
| } else { | |
| Write-Host "`n Git installed`n $($gitversion)" | |
| git config --global help.autocorrect 20 | |
| } | |
| #endregion | |
| ### | |
| # 4.0 SSH | |
| #region SSH | |
| $sshversion = try { ssh -V } catch {} | |
| if( [string]::IsNullOrEmpty($sshversion) ) | |
| { | |
| Write-Host "`n SSH version error" -BackgroundColor Red | |
| } else | |
| { | |
| Write-Host "`n SSH installed`n $($sshversion)" | |
| } | |
| Get-Service ssh-agent | |
| Get-Service ssh-agent | Select StartType | |
| Get-Service -Name ssh-agent | Set-Service -StartupType Manual | |
| Start-Service ssh-agent | |
| Get-Service -Name ssh-agent | Set-Service -StartupType Automatic | |
| Get-Service ssh-agent | |
| cd "~\.ssh" | |
| #endregion | |
| ### | |
| # 5.0 | |
| $Content = Get-Content $profile | |
| $Content += @" | |
| # Improved shell changed directory navigation | |
| Set-Alias -Name ~\ -Value Go-Home | |
| function Go-Home($d) | |
| { | |
| switch ($d) | |
| { | |
| "s" {$r="~\Source"; break} | |
| "d" {$r="~\Downloads"; break} | |
| default {$r="~\"} | |
| } | |
| Set-Location $r | |
| "@ | |
| ### | |
| # 5.1 Vim and Fugative | |
| cd ~\Downloads | |
| Invoke-WebRequest -Uri "https://github.com/vim/vim-win32-installer/releases/download/v9.0.0189/gvim_9.0.0189_x86.zip" -OutFile "~\Downloads\Vim90.exe" | |
| mkdir -p ~/.vim/pack/tpope/start | |
| cd ~/.vim/pack/tpope/start | |
| git clone https://tpope.io/vim/fugitive.git | |
| vim -u NONE -c "helptags fugitive/doc" -c q | |
| ### | |
| # 6.0 Harden remove bloat | |
| #region harden | |
| # | |
| # Enforce device driver signing | |
| BCDEDIT /set nointegritychecks OFF | |
| # Removal Media Settings | |
| # Disable autorun/autoplay on all drives | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v NoAutoplayfornonVolume /t REG_DWORD /d 1 /f | |
| reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f | |
| reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAutorun /t REG_DWORD /d 1 /f | |
| # Require encrypted RPC connections to Remote Desktop | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEncryptRPCTraffic /t REG_DWORD /d 1 /f | |
| # Prevent sharing of local drives via Remote Desktop Session Hosts | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fDisableCdm /t REG_DWORD /d 1 /f | |
| # Enable Notifications in IE when a site attempts to install software | |
| # Edge and Chrome | |
| # reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer" /v SafeForScripting /t REG_DWORD /d 0 /f | |
| # Chrome | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AdvancedProtectionAllowed" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AllowCrossOriginAuthPrompt" /t REG_DWORD /d 0 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AlwaysOpenPdfExternally" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AmbientAuthenticationInPrivateModesEnabled" /t REG_DWORD /d 0 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AudioCaptureAllowed" /t REG_DWORD /d 0 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "AudioSandboxEnabled" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "BlockExternalExtensions" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "DnsOverHttpsMode" /t REG_SZ /d on /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "SSLVersionMin" /t REG_SZ /d tls1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ScreenCaptureAllowed" /t REG_DWORD /d 0 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "SitePerProcess" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "TLS13HardeningForLocalAnchorsEnabled" /t REG_DWORD /d 1 /f | |
| # reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "VideoCaptureAllowed" /t REG_DWORD /d 0 /f | |
| #Uninstall common extra apps found on a lot of Win10 installs | |
| $baggage = @() | |
| $baggage += Get-AppxPackage *Microsoft.BingWeather* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.NET.Native.Framework.1.* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.Advertising.Xaml* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.WindowsFeedback* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.ZuneVideo* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.ZuneMusic* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.YourPhone* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.XboxSpeechToTextOverlay* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.XboxIdentityProvider* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.XboxGamingOverlay* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.XboxGameOverlay* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.XboxApp* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.Xbox.TCUI* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.WindowsMaps* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.WindowsFeedbackHub* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.WindowsAlarms* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.Wallet* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.MixedReality.Portal* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.MicrosoftSolitaireCollection* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.Microsoft3DViewer* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.Getstarted* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.GetHelp* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.DesktopAppInstaller* -AllUsers | |
| $baggage += Get-AppxPackage *Microsoft.BingWeather* -AllUsers | |
| $baggage | %{ $_ | Remove-AppxPackage } | |
| # Disable websites from accessing local language list | |
| reg add "HKCU\Control Panel\International\User Profile" /v HttpAcceptLanguageOptOut /t REG_DWORD /d 1 /f | |
| # Toast msg on lock screen ban | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v NoToastApplicationNotificationOnLockScreen /t REG_DWORD /d 1 /f | |
| # DVR Disable Windows GameDVR (Broadcasting and Recording) | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v AllowGameDVR /t REG_DWORD /d 0 /f | |
| # Disable Microsoft consumer experience which prevent notifications of suggested applications to install | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SystemPaneSuggestionsEnabled /t REG_DWORD /d 0 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SilentInstalledAppsEnabled /t REG_DWORD /d 0 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v PreInstalledAppsEnabled /t REG_DWORD /d 0 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v OemPreInstalledAppsEnabled /t REG_DWORD /d 0 /f | |
| # Disable the advertising ID | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v DisabledByGroupPolicy /t REG_DWORD /d 1 /f | |
| # Disable publishing of Win10 user activity | |
| reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v PublishUserActivities /t REG_DWORD /d 1 /f | |
| # Prevent the Start Menu Search from providing internet results and using your location | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v BingSearchEnabled /t REG_DWORD /d 0 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v AllowSearchToUseLocation /t REG_DWORD /d 0 /f | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v CortanaConsent /t REG_DWORD /d 0 /f | |
| # Disable location data | |
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore" /v Location /t REG_SZ /d Deny /f | |
| #endregion | |
| ### | |
| # 6.1 Harden firewall | |
| #region hardenfw | |
| # Block Win32 binaries from making netconns when they shouldn't - specifically targeting native processes known to be abused by bad actors | |
| Netsh.exe advfirewall firewall add rule name="Block Notepad.exe netconns" program="%systemroot%\system32\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block regsvr32.exe netconns" program="%systemroot%\system32\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block calc.exe netconns" program="%systemroot%\system32\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block mshta.exe netconns" program="%systemroot%\system32\mshta.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block wscript.exe netconns" program="%systemroot%\system32\wscript.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block cscript.exe netconns" program="%systemroot%\system32\cscript.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block runscripthelper.exe netconns" program="%systemroot%\system32\runscripthelper.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| Netsh.exe advfirewall firewall add rule name="Block hh.exe netconns" program="%systemroot%\system32\hh.exe" protocol=tcp dir=out enable=yes action=block profile=any | |
| #endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment