sdovnic/Startup.ps1

## Startup.ps1
$Path = "C:\Users\Public"
Start-Transcript -Path (Join-Path -Path $Path -ChildPath ("{0}-Startup.txt" -f $env:COMPUTERNAME)) -NoClobber -Append -Verbose

$VerbosePreference = "continue"

# Enable Network Discovery / Require UAC
Get-NetFirewallRule -Group "@FirewallAPI.dll,-32752" -Enabled False -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} | ForEach-Object -Process {
    Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
}
Get-NetFirewallRule -Group "@FirewallAPI.dll,-28502" -Enabled False -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} | ForEach-Object -Process {
    Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
}

# Enable Remote Desktop / Require UAC
Get-NetFirewallRule -Group "@FirewallAPI.dll,-28752" | Where-Object -FilterScript {$_.Enabled -eq $false} | ForEach-Object -Process {
    Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
}
if ((Get-ItemPropertyValue -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections") -ne 0) {
    Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 -Verbose
}

# Enable DisableWindowsConsumerFeatures / Default: May not exist / Require UAC
if ([System.Environment]::OSVersion.Version.Major -eq 10) {
    if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) {
        New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
    }
    if (-not (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue)) {
        New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose
    }
    if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue) -eq 0) {
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose
    }
}

# Disable AllowCortana / Default: May not exist / Require UAC
if ([System.Environment]::OSVersion.Version.Major -eq 10) {
    if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience")) {
        New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience"
    }
    if (-not (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue)) {
        New-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose
    }
    if ((Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue) -ne 0) {
        Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose
    }
}

# Disable DiagTrack / Default: StartType Automatic Status Running / Require UAC
if (Get-Service -Name DiagTrack | Where-Object -FilterScript { $_.StartType -eq "Automatic" -or $_.Status -eq "Running" }) {
    Stop-Service -Name DiagTrack -Verbose
    Set-Service -Name DiagTrack -StartupType Disabled -Verbose
}

$TaskName = "StartupTask"
$TaskPath = "\"
$User = "XXX\Administrator"
$Password = "XXXX"
$Path = "\\XXX\MACHINE\Scripts\Startup"
if (-not (Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue)) {
    $Action = New-ScheduledTaskAction -Execute "powershell" -Argument ("-ExecutionPolicy ByPass -File `"{0}\StartupTask.ps1`"" -f $Path)
    $Trigger = New-ScheduledTaskTrigger -AtLogOn
    $Settings = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -Hidden
    Register-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Action $Action -Settings $Settings -Trigger $Trigger -User $User -Password $Password -Verbose
}

Stop-Transcript -Verbose
	$Path = "C:\Users\Public"
	Start-Transcript -Path (Join-Path -Path $Path -ChildPath ("{0}-Startup.txt" -f $env:COMPUTERNAME)) -NoClobber -Append -Verbose

	$VerbosePreference = "continue"

	# Enable Network Discovery / Require UAC
	Get-NetFirewallRule -Group "@FirewallAPI.dll,-32752" -Enabled False -ErrorAction SilentlyContinue \| Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} \| ForEach-Object -Process {
	Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
	}
	Get-NetFirewallRule -Group "@FirewallAPI.dll,-28502" -Enabled False -ErrorAction SilentlyContinue \| Where-Object -FilterScript {$_.Profile -eq "Private" -or $_.Profile -eq "Domain"} \| ForEach-Object -Process {
	Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
	}

	# Enable Remote Desktop / Require UAC
	Get-NetFirewallRule -Group "@FirewallAPI.dll,-28752" \| Where-Object -FilterScript {$_.Enabled -eq $false} \| ForEach-Object -Process {
	Set-NetFirewallRule -Name $_.Name -Enabled True -Verbose
	}
	if ((Get-ItemPropertyValue -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections") -ne 0) {
	Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 -Verbose
	}

	# Enable DisableWindowsConsumerFeatures / Default: May not exist / Require UAC
	if ([System.Environment]::OSVersion.Version.Major -eq 10) {
	if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent")) {
	New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
	}
	if (-not (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue)) {
	New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose
	}
	if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -ErrorAction SilentlyContinue) -eq 0) {
	Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" -Name "DisableWindowsConsumerFeatures" -Value 1 -Verbose
	}
	}

	# Disable AllowCortana / Default: May not exist / Require UAC
	if ([System.Environment]::OSVersion.Version.Major -eq 10) {
	if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience")) {
	New-Item -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience"
	}
	if (-not (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue)) {
	New-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose
	}
	if ((Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -ErrorAction SilentlyContinue) -ne 0) {
	Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Experience" -Name "AllowCortana" -Value 0 -Type DWord -Verbose
	}
	}

	# Disable DiagTrack / Default: StartType Automatic Status Running / Require UAC
	if (Get-Service -Name DiagTrack \| Where-Object -FilterScript { $_.StartType -eq "Automatic" -or $_.Status -eq "Running" }) {
	Stop-Service -Name DiagTrack -Verbose
	Set-Service -Name DiagTrack -StartupType Disabled -Verbose
	}

	$TaskName = "StartupTask"
	$TaskPath = "\"
	$User = "XXX\Administrator"
	$Password = "XXXX"
	$Path = "\\XXX\MACHINE\Scripts\Startup"
	if (-not (Get-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -ErrorAction SilentlyContinue)) {
	$Action = New-ScheduledTaskAction -Execute "powershell" -Argument ("-ExecutionPolicy ByPass -File `"{0}\StartupTask.ps1`"" -f $Path)
	$Trigger = New-ScheduledTaskTrigger -AtLogOn
	$Settings = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -Hidden
	Register-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Action $Action -Settings $Settings -Trigger $Trigger -User $User -Password $Password -Verbose
	}

	Stop-Transcript -Verbose