sdovnic/StartupTask.ps1

## StartupTask.ps1
$Path = "C:\Users\Public"
Start-Transcript -Path (Join-Path -Path $Path -ChildPath ("{0}-StartupTask.txt" -f $env:COMPUTERNAME)) -NoClobber -Append -Verbose

$VerbosePreference = "continue"
# $RestartComputer = $false

# Disable RestoreConnection in Windows Explorer / Default not exist
if ([System.Environment]::OSVersion.Version.Major -eq 10) {
    $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider"
    if (-not (Get-ItemProperty -Path $Path -Name "RestoreConnection" -ErrorAction SilentlyContinue)) {
        New-ItemProperty -Path $Path -Name "RestoreConnection" -Value 0 -PropertyType DWORD
    } else {
        if (-not (Get-ItemPropertyValue -Path $Path -Name "RestoreConnection") -eq 0) {
            Set-ItemProperty -Path $Path -Name "RestoreConnection" -Value 0
        }
    }
}

# Enable SMB 1.0 Client / Require UAC
if ([System.Environment]::OSVersion.Version.Major -eq 10) {
    if ((Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client" | Select-Object -ExpandProperty State) -eq "Disabled") {
        Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client" | Where-Object -FilterScript {$_.State -ne "Enabled"} | Enable-WindowsOptionalFeature -Online -All -Verbose
        # $RestartComputer = $true
    }
}

# Enable PSRemoting / Require UAC
$TrustedHosts = Import-Clixml -Path TrustedHosts.xml -Verbose
if (-not (Test-WSMan -ComputerName $env:COMPUTERNAME -ErrorAction SilentlyContinue)) {
    Enable-PSRemoting -Force -Verbose -ErrorAction SilentlyContinue
    Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value ($TrustedHosts -join ",") -Force -Verbose
    Restart-Service WinRM -Verbose -ErrorAction SilentlyContinue
    Invoke-Command -ComputerName $env:COMPUTERNAME -ScriptBlock {
        Set-ExecutionPolicy -ExecutionPolicy Bypass -Verbose
    } -Verbose -ErrorAction SilentlyContinue
}

# Enable NET Framework 3.5 / Require UAC
if (-not (Get-Item -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5" -ErrorAction SilentlyContinue)) {
    Add-WindowsCapability -Online -Name "NetFX3~~~~" -Verbose
    # $RestartComputer = $true
}

# Enable OpenSSH Server / Require UAC
if (-not (Get-WindowsCapability -Online -Name "OpenSSH.Server~~~~*").State -eq "Installed") {
    Add-WindowsCapability -Online -Name "OpenSSH.Server~~~~*" -Verbose
    # $RestartComputer = $true
}

# Enable OpenSSH Client / Require UAC
if (-not (Get-WindowsCapability -Online -Name "OpenSSH.Client~~~~*").State -eq "Installed") {
    Add-WindowsCapability -Online -Name "OpenSSH.Client~~~~*" -Verbose
    # $RestartComputer = $true
}

# Set Windows Time Server / Require UAC
$TimeServers = Import-Clixml -Path TimeServers.xml -Verbose
$Path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers"
$TimeServers.Keys | ForEach-Object -Process {
    if (Get-ItemProperty -Path $Path -Name "$_" -ErrorAction SilentlyContinue) {
        if ((Get-ItemPropertyValue -Path $Path -Name "$_") -ne $TimeServers.Item($_)) {
            Set-ItemProperty -Path $Path -Name "$_" -Value $TimeServers.Item($_) -Verbose
        }
    } else {
        New-ItemProperty -Path $Path -Name "$_" -Value $TimeServers.Item($_) -Verbose
    }
}
if ((Get-ItemPropertyValue -Path $Path -Name "(Default)") -ne "0") {
    Set-ItemProperty -Path $Path -Name "(Default)" -Value "0" -Verbose
}
$Path = "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Parameters"
if ((Get-ItemPropertyValue -Path $Path -Name "NtpServer") -ne $TimeServers[0]) {
    Set-ItemProperty -Path $Path -Name "NtpServer" -Value $TimeServers[0] -Verbose
    Restart-Service -Name W32Time -Verbose
}

$Peers = ($TimeServers.Values | Sort-Object -Descending) -join ","
& w32tm.exe /config /manualpeerlist:"${Peers}" /syncfromflags:manual /reliable:yes /update
& w32tm.exe /resync /force
& w32tm.exe /query /status
& w32tm.exe /query /peers

<#
$TaskName = "StartupTask"
$TaskPath = "\"
if (Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue) {
    Unregister-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Verbose
}
#>

Stop-Transcript -Verbose
	$Path = "C:\Users\Public"
	Start-Transcript -Path (Join-Path -Path $Path -ChildPath ("{0}-StartupTask.txt" -f $env:COMPUTERNAME)) -NoClobber -Append -Verbose

	$VerbosePreference = "continue"
	# $RestartComputer = $false

	# Disable RestoreConnection in Windows Explorer / Default not exist
	if ([System.Environment]::OSVersion.Version.Major -eq 10) {
	$Path = "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider"
	if (-not (Get-ItemProperty -Path $Path -Name "RestoreConnection" -ErrorAction SilentlyContinue)) {
	New-ItemProperty -Path $Path -Name "RestoreConnection" -Value 0 -PropertyType DWORD
	} else {
	if (-not (Get-ItemPropertyValue -Path $Path -Name "RestoreConnection") -eq 0) {
	Set-ItemProperty -Path $Path -Name "RestoreConnection" -Value 0
	}
	}
	}

	# Enable SMB 1.0 Client / Require UAC
	if ([System.Environment]::OSVersion.Version.Major -eq 10) {
	if ((Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client" \| Select-Object -ExpandProperty State) -eq "Disabled") {
	Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol-Client" \| Where-Object -FilterScript {$_.State -ne "Enabled"} \| Enable-WindowsOptionalFeature -Online -All -Verbose
	# $RestartComputer = $true
	}
	}

	# Enable PSRemoting / Require UAC
	$TrustedHosts = Import-Clixml -Path TrustedHosts.xml -Verbose
	if (-not (Test-WSMan -ComputerName $env:COMPUTERNAME -ErrorAction SilentlyContinue)) {
	Enable-PSRemoting -Force -Verbose -ErrorAction SilentlyContinue
	Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value ($TrustedHosts -join ",") -Force -Verbose
	Restart-Service WinRM -Verbose -ErrorAction SilentlyContinue
	Invoke-Command -ComputerName $env:COMPUTERNAME -ScriptBlock {
	Set-ExecutionPolicy -ExecutionPolicy Bypass -Verbose
	} -Verbose -ErrorAction SilentlyContinue
	}

	# Enable NET Framework 3.5 / Require UAC
	if (-not (Get-Item -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5" -ErrorAction SilentlyContinue)) {
	Add-WindowsCapability -Online -Name "NetFX3~~~~" -Verbose
	# $RestartComputer = $true
	}

	# Enable OpenSSH Server / Require UAC
	if (-not (Get-WindowsCapability -Online -Name "OpenSSH.Server~~~~*").State -eq "Installed") {
	Add-WindowsCapability -Online -Name "OpenSSH.Server~~~~*" -Verbose
	# $RestartComputer = $true
	}

	# Enable OpenSSH Client / Require UAC
	if (-not (Get-WindowsCapability -Online -Name "OpenSSH.Client~~~~*").State -eq "Installed") {
	Add-WindowsCapability -Online -Name "OpenSSH.Client~~~~*" -Verbose
	# $RestartComputer = $true
	}

	# Set Windows Time Server / Require UAC
	$TimeServers = Import-Clixml -Path TimeServers.xml -Verbose
	$Path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers"
	$TimeServers.Keys \| ForEach-Object -Process {
	if (Get-ItemProperty -Path $Path -Name "$_" -ErrorAction SilentlyContinue) {
	if ((Get-ItemPropertyValue -Path $Path -Name "$_") -ne $TimeServers.Item($_)) {
	Set-ItemProperty -Path $Path -Name "$_" -Value $TimeServers.Item($_) -Verbose
	}
	} else {
	New-ItemProperty -Path $Path -Name "$_" -Value $TimeServers.Item($_) -Verbose
	}
	}
	if ((Get-ItemPropertyValue -Path $Path -Name "(Default)") -ne "0") {
	Set-ItemProperty -Path $Path -Name "(Default)" -Value "0" -Verbose
	}
	$Path = "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Parameters"
	if ((Get-ItemPropertyValue -Path $Path -Name "NtpServer") -ne $TimeServers[0]) {
	Set-ItemProperty -Path $Path -Name "NtpServer" -Value $TimeServers[0] -Verbose
	Restart-Service -Name W32Time -Verbose
	}

	$Peers = ($TimeServers.Values \| Sort-Object -Descending) -join ","
	& w32tm.exe /config /manualpeerlist:"${Peers}" /syncfromflags:manual /reliable:yes /update
	& w32tm.exe /resync /force
	& w32tm.exe /query /status
	& w32tm.exe /query /peers

	<#
	$TaskName = "StartupTask"
	$TaskPath = "\"
	if (Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue) {
	Unregister-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Verbose
	}
	#>

	Stop-Transcript -Verbose