saleem-mirza/vagrant_prep.ps1

## vagrant_prep.ps1
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

Set-Service  -Name WinRM -StartupType Automatic

#netsh firewall add portopening TCP 5985 "Port 5985"
#winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'

#Disable shutdown GUI for shutdown reason
$RegKey = "HKLM:\Software\Policies\Microsoft\Windows NT\Reliability"
New-Item -Path $RegKey -Name Reliability -Force
Set-ItemProperty -Path $RegKey -Name ShutdownReasonOn -Value 0 -Force -ErrorAction SilentlyContinue

#Disable server manager at startup for windows 2008 server and newer
$RegKey = "HKLM:\SOFTWARE\Microsoft\ServerManager"
Set-ItemProperty -Path $RegKey -Name DoNotOpenServerManagerAtLogon -Value 0 -Force -ErrorAction SilentlyContinue

#Disable UAC
$RegKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system"
Set-ItemProperty -Path $RegKey -Name EnableLUA -Value 0 -ErrorAction SilentlyContinue

#Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

#Disable complex password requirements
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false

#Create user 'vagrant' and add it to 'Administrators' group
NET USER vagrant "vagrant" /ADD
NET LOCALGROUP "Administrators" "vagrant" /add
	winrm quickconfig -q
	winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
	winrm set winrm/config '@{MaxTimeoutms="1800000"}'
	winrm set winrm/config/service '@{AllowUnencrypted="true"}'
	winrm set winrm/config/service/auth '@{Basic="true"}'

	Set-Service -Name WinRM -StartupType Automatic

	#netsh firewall add portopening TCP 5985 "Port 5985"
	#winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'

	#Disable shutdown GUI for shutdown reason
	$RegKey = "HKLM:\Software\Policies\Microsoft\Windows NT\Reliability"
	New-Item -Path $RegKey -Name Reliability -Force
	Set-ItemProperty -Path $RegKey -Name ShutdownReasonOn -Value 0 -Force -ErrorAction SilentlyContinue

	#Disable server manager at startup for windows 2008 server and newer
	$RegKey = "HKLM:\SOFTWARE\Microsoft\ServerManager"
	Set-ItemProperty -Path $RegKey -Name DoNotOpenServerManagerAtLogon -Value 0 -Force -ErrorAction SilentlyContinue

	#Disable UAC
	$RegKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system"
	Set-ItemProperty -Path $RegKey -Name EnableLUA -Value 0 -ErrorAction SilentlyContinue

	#Enable Remote Desktop
	Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0

	Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

	Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

	#Disable complex password requirements
	secedit /export /cfg c:\secpol.cfg
	(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") \| Out-File C:\secpol.cfg
	secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
	rm -force c:\secpol.cfg -confirm:$false

	#Create user 'vagrant' and add it to 'Administrators' group
	NET USER vagrant "vagrant" /ADD
	NET LOCALGROUP "Administrators" "vagrant" /add