Windows Server 2016 桌面环境的自动配置脚本(2017-10-24更新)
github:https://github.com/m2nlight/WindowsServerToWindowsDesktop
下载:https://github.com/m2nlight/WindowsServerToWindowsDesktop/archive/master.zip
它的功能是自动启动音频服务、允许未登录关机、禁用Ctrl+Alt+Del登录系统、禁用关机时要求输入关机原因、CPU性能优秀程序、IE安全策略、登录时不现实服务器管理器、禁用密码混淆和长度要求、当前用户密码永不过期,安装Bitlocker、Direct-Play、无线网络、优质Windows音视频体验组件。
Config Service
- [Automatic] Windows Audio
- [Automatic] Windows Audio Endpoint Builder
- [Manual] Windows Remote Management (WS-Management)
Config Registry and GroupPolicy
- Enable Shutdown without logon
- Disable Shutdown reason On
No Lock Screen- Disable Ctrl+Alt+Del login
- Disable UAC
- Disable DEP (Turn on DEP for essential Windows programs and services only)
- Disable SEHOP
- Enable disk performance counters
- Enable Video Hardware Acceleration (Thanks @cjrcl)
- Enable Audio Hardware Acceleration
- CPU Priority for Program
- Adjust Visual Effects (Manual)
- Adjust IE MaxConnection
- IE Security Policy
- Disable TCP Auto-Tuning
- Change Power Scheme To High Performance
- No Autorun Server Manager
- Disable Password complexity and Minimum password length
- Current user Password never expires
- Disable Application Experience task schedulers
- Disable Customer Experience Improvement Program task schedulers
Config Windows Feature
- BitLocker
- Direct-Play
- Wireless-Networking
- qWave
将脚本复制到桌面,并且要求管理员权限,去运行,输入y开始配置,会重新启动一次系统,演示效果如图:
BAT脚本如下:
@echo off
pushd %~dp0
set gpfile=temp_gpfile
set currentuser=%username%
set videopsfile=Acceleration.Level.ps1
rem UAC code begin
set getadminfile=getadmin.vbs
echo Windows Server To Windows Desktop
echo =================================
echo Starting
"%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\SYSTEM" >nul 2>nul
if %ERRORLEVEL% EQU 0 (
goto :Admin
) else (
if %ERRORLEVEL% EQU 2 (
goto :PathErr
) else (
goto :UAC
)
)
:PathErr
echo.
echo Please open "%~n0%~x0" by explorer.exe
echo.
echo Press any key to explore the folder...
pause>nul
start "" "%SYSTEMROOT%\system32\explorer.exe" /select,"%~f0"
goto :END
:UAC
echo Set sh = CreateObject^("Shell.Application"^) > %getadminfile%
echo sh.ShellExecute "%~f0", "", "", "runas", 1 >> %getadminfile%
ping 127.1 -n 1 >nul
"%SYSTEMROOT%\system32\cscript.exe" %getadminfile%
goto :END
:Admin
if exist %getadminfile% ( del %getadminfile% )
cls
rem UAC code end
if "%currentuser%" == "" set currentuser=Administrator
echo Windows Server To Windows Desktop
echo =================================
::PowerShell /Command "&{Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty Caption}"
set caption=
for /f "skip=1 delims=" %%t in ('wmic os get caption') do (
if not defined caption set caption=%%t
)
echo %caption%
echo %caption%|find /i "Windows Server">nul 2>nul
if ERRORLEVEL 1 goto :OSERR
echo Current Domain: %USERDOMAIN%
echo Current User: %currentuser%
echo.
set /p tmpInput=Maybe will restart computer. Are you ready? (Y/N):
if /i "%tmpInput%"=="y" goto :START
echo Canelled.
echo Press any key to exit...
pause>nul
goto :END
:OSERR
echo.
echo ERROR: Unsupported operating system!
echo Press any key to exit...
pause>nul
goto :END
:START
echo (1/3) Config Service
PowerShell /Command "&{Import-Module ServerManager}"
echo - [Automatic] Windows Audio
PowerShell /Command "&{Set-Service "Audiosrv" -StartupType Automatic}"
echo - [Automatic] Windows Audio Endpoint Builder
PowerShell /Command "&{Set-Service "AudioEndpointBuilder" -StartupType Automatic}"
echo - [Manual] Windows Remote Management (WS-Management)
PowerShell /Command "&{Set-Service "WinRM" -StartupType Manual}"
echo (2/3) Config Registry and GroupPolicy
echo - Enable Shutdown without logon
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ShutdownWithoutLogon /t REG_DWORD /d 1 /f>nul
echo - Disable Shutdown reason On
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t REG_DWORD /d 0 /f>nul
:: echo - No Lock Screen
:: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreen" /t REG_DWORD /d 0x1 /f>nul
echo - Disable Ctrl+Alt+Del login
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 1 /f>nul
echo - Disable UAC
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0x0 /f>nul
echo - Disable DEP (Turn on DEP for essential Windows programs and services only)
bcdedit /set {current} nx OptIn>nul
::bcdedit /set {current} nx AlwaysOff>nul
echo - Disable SEHOP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0x1 /f>nul
echo - Enable disk performance counters
diskperf -Y>nul
if exist %videopsfile%. (
echo - Enable Video Hardware Acceleration
PowerShell -ExecutionPolicy Unrestricted -File %videopsfile%>nul
del Acceleration.Level.reg /f /q
)
echo - Enable Audio Hardware Acceleration
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d 0x14 /f>nul
echo - CPU Priority for Program
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl /v Win32PrioritySeparation /t REG_DWORD /d 38 /f>nul
echo - Adjust Visual Effects (Manual)
SystemPropertiesPerformance.exe
::reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
::reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v DragFullWindows /t REG_SZ /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v FontSmoothing /t REG_SZ /d 2 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v MinAnimate /t REG_SZ /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v UserPreferencesMask /t REG_BINARY /d 9E3E078012000000 /f>nul
echo - Adjust IE Max Connection
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "MaxConnectionsPer1_0Server" /t REG_DWORD /d 10 /f>nul
echo - IE Security Policy
REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin
echo - Disable TCP Auto-Tuning
netsh interface tcp set heuristics disabled>nul
echo - Change Power Scheme To High Performance
powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c>nul
echo - No Autorun Server Manager
REG ADD HKLM\Software\Microsoft\ServerManager /v DoNotOpenServerManagerAtLogon /t REG_DWORD /d 1 /f>nul
echo - Disable Password complexity and Minimum password length
echo [version]>%gpfile%.inf
echo signature="$CHICAGO$">>%gpfile%.inf
echo [System Access]>>%gpfile%.inf
echo MinimumPasswordLength = 0 >>%gpfile%.inf
echo PasswordComplexity = 0 >>%gpfile%.inf
secedit /configure /db %gpfile%.sdb /cfg %gpfile%.inf /log %gpfile%.log>nul 2>nul
del %gpfile%.inf %gpfile%.sdb %gpfile%.log %gpfile%.jfm /f /q
echo - %currentuser%'s Password never expires
wmic Path Win32_UserAccount Where Name="%currentuser%" Set PasswordExpires="FALSE">nul
echo PasswordExpires List:
wmic useraccount get Name,PasswordExpires
echo - Disable Application Experience task schedulers
schtasks /change /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Application Experience\StartupAppTask" /disable>nul 2>nul
echo - Disable Customer Experience Improvement Program task schedulers
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable>nul 2>nul
echo (3/3) Config Windows Feature
echo - BitLocker
echo - Direct-Play
echo - Wireless-Networking
echo - qWave
echo please wait...
PowerShell /Command "&{Install-WindowsFeature "BitLocker","Direct-Play","Wireless-Networking","qWave" -Restart}"
echo Completed!
echo Press any key to exit...
pause>nul
:END
if exist %getadminfile% ( del %getadminfile% )
popd
Acceleration.Level.ps1
function WriteKey($File, $Key)
{
ECHO $Key >> $File;
ECHO '"Acceleration.Level"=dword:00000000' >> $File;
ECHO "" >> $File;
} function Generate($File, $ControlSet)
{
$Item = Get-Item -Path "HKLM:\HARDWARE\DEVICEMAP\VIDEO";
$ValueNames = $Item.GetValueNames();
foreach($ValueName in $ValueNames)
{
if($ValueName.StartsWith("\Device\Video"))
{
$Value = $Item.GetValue($ValueName);
if($Value.Length -gt 43)
{
$Guid = $Value.SubString($Value.Length - 43, 38);
$ObjectNumber = $Value.SubString($Value.Length - 4);
try
{
[System.Guid]::Parse($Guid);
[System.Int32]::Parse($ObjectNumber);
}
catch
{
continue;
}
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\Video";
$Service = (Get-Item -Path $Path).GetValue("Service");
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Services\" + $Service;
$ChildItems = Get-ChildItem -Path $Path;
foreach($ChildItem in $ChildItems)
{
if($ChildItem.PSChildName.StartsWith("Device"))
{
$Key = "[" + $ChildItem.Name + "]";
WriteKey $File $Key;
}
}
$Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "]";
WriteKey $File $Key;
$Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "\Settings]";
WriteKey $File $Key;
}
}
}
$VideoControllers = Get-WmiObject -Class Win32_VideoController;
foreach($VideoController in $VideoControllers)
{
$PnPEntities = Get-WmiObject -Class Win32_PnPEntity;
foreach($PnPEntity in $PnPEntities)
{
if($PnPEntity.PNPDeviceID -eq $VideoController.PNPDeviceID)
{
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Class\" + $PnPEntity.ClassGuid;
$ChildItems = Get-ChildItem -Path $Path;
foreach($ChildItem in $ChildItems)
{
try
{
[System.Int32]::Parse($ChildItem.PSChildName);
}
catch
{
continue;
}
$Key = "[" + $ChildItem.Name + "]";
WriteKey $File $Key;
$Key = "[" + $ChildItem.Name + "\Settings]";
WriteKey $File $Key;
}
}
}
}
} $File = "Acceleration.Level.reg";
New-Item $File -Type File -Force;
ECHO "Windows Registry Editor Version 5.00" > $File;
ECHO "" >> $File;
Generate $File "ControlSet001";
Generate $File "ControlSet002";
Generate $File "CurrentControlSet";
TYPE $File;
regedit.exe /s $File;
Windows Server 2016 桌面环境的自动配置脚本(2017-10-24更新)的更多相关文章
- Windows Server 2016 桌面环境的自动配置脚本
除非学习要求,还是建议使用Windows 10 LTSB 2016或其他桌面系统. github:https://github.com/m2nlight/WindowsServerToWindowsD ...
- python环境变量自动配置脚本(setx使用)
前言 setx不是windows系统自带的工具,需要到微软官网下载,但是有的系统也会自带.(是官方提供的,可放心食用) set和setx都可以用来配置环境变量.他们的不同点在于,set只是临时的修改环 ...
- Windows Server 2016 IIS的安装与配置
1. 打开服务器管理器,点击[添加角色和功能选项]. 2. 进入“添加角色和功能向导”页面,点击下一步. 3. 安装类型选择[基于角色或基于功能的安装],点击下一步. 4. 进入服务器选 ...
- Windows Server 2016
Windows Server 2016 正式版教程:安装.激活.设置 http://www.ithome.com/html/win10/261386.htm 2016-9-29 12:57:58来源: ...
- Windows Server 2016 配置 IIS 的详细步骤
Ø 简介 本文主要记录 Windows Server 2016 环境下,安装配置 IIS 的详细步骤.需要说明的是,在选择"功能"或"角色服务"时不建议将所有 ...
- Windows Server 2016 + SCO 2016 安装及配置介绍
Windows Server 2016 + SCO 2016 安装及配置介绍 高文龙关注1人评论6332人阅读2017-02-26 23:23:02 Windows Server 2016 + SCO ...
- Windows Server 2016 上配置 APACHE+SSL+PHP+perl
Windows Server 2016 上配置 APACHE+SSL+PHP+perl 安装环境 谷歌云实例 Windows Server 2016 Apache Apache/2.4.25 (win ...
- 如何在Windows Server 2016启用或关闭Internet Explorer增强的安全配置
一般我们安装完服务器后,开启 Internet Explorer 会发现无法上网或者上网内容被屏蔽掉了 问题的发生原因 在 Windows Server 2016 通常扮演重要的服务器角色,不应该用来 ...
- [转]Windows Server 2016 服务器IIS配置
本文转自:https://blog.csdn.net/corson/article/details/82185407 多余的话就不说了,配置Windows Server 2016服务器具体如下图 ...
随机推荐
- mybatis框架(三)
mybatis框架
- 解决ubuntu 无法挂载移动硬盘问题 unknown filesystem type 'exfat'
Ubuntu 13.10 或以上 安装exfat-fuse: sudo apt-get install exfat-fuse Ubuntu 13.04 或以下 sudo apt-add-reposit ...
- SAP系统接口方式:
SAP系统接口方式: 1.PI - 信使中间件 (大公司多选择) 数据: SAP- PI- U8 U8- PI- SAPPI 底层用的还是webservice 技术优点:实时性高: 可处理大数据(在调 ...
- c++ 11nullptr
1. 引入nullptr的原因 引入nullptr的原因,这个要从NULL说起.对于C和C++程序员来说,一定不会对NULL感到陌生.但是C和C++中的NULL却不等价.NULL表示指针不指向任何对象 ...
- blogCMS中出现的错误整理
1.在写日期归档的时候,出现如下错误: not enough values to unpack (expected 2, got 1) 出现这个错误是因为:字符串需要能够split成2份才能赋值给2个 ...
- 常用模块(hashlib,configparser,logging)
常用模块(hashlib,configparser,logging) hashlib hashlib 摘要算法的模块md5 sha1 sha256 sha512摘要的过程 不可逆能做的事:文件的一致性 ...
- 微信小程序 使用腾讯地图SDK详解及实现步骤
信小程序 使用腾讯地图SDK详解及实现步骤 微信小程序JavaScript SDK: 官方文档:http://lbs.qq.com/qqmap_wx_jssdk/index.html 步骤: 1 ...
- No module named bz2
yum install bzip* python2.6 import bz2 python2.7 import bz2 error 解决:sudo cp /usr/lib64/python2.6/li ...
- 20145217《网络对抗》 MAL_简单后门学习总结
20145217<网络对抗> MAL_简单后门学习总结 实践内容: 1.netcat的应用 2.socat的应用 3.meterpreter的应用 知识点学习总结 后门程序一般是指那些绕过 ...
- python的正则表达式捕获组命名问题