Windows Server 2016 桌面环境的自动配置脚本
github:https://github.com/m2nlight/WindowsServerToWindowsDesktop
下载:https://github.com/m2nlight/WindowsServerToWindowsDesktop/archive/master.zip
它的功能是自动启动音频服务、允许未登录关机、禁用Ctrl+Alt+Del登录系统、禁用关机时要求输入关机原因、CPU性能优秀程序、IE安全策略、登录时不现实服务器管理器、禁用密码混淆和长度要求、当前用户密码永不过期,安装Bitlocker、Direct-Play、无线网络、优质Windows音视频体验组件。
Config Service
- [Automatic] Windows Audio
- [Automatic] Windows Audio Endpoint Builder
- [Manual] Windows Remote Management (WS-Management)
Config Registry and GroupPolicy
- Enable Shutdown without logon
- Disable Shutdown reason On
No Lock Screen- Disable Ctrl+Alt+Del login
- Disable UAC
- Disable DEP (Turn on DEP for essential Windows programs and services only)
- Disable SEHOP
- Enable disk performance counters
- Enable Video Hardware Acceleration (Thanks @cjrcl)
- Enable Audio Hardware Acceleration
- CPU Priority for Program
- Adjust Visual Effects (Manual)
- Adjust IE MaxConnection
- IE Security Policy
- Disable TCP Auto-Tuning
- Change Power Scheme To High Performance
- No Autorun Server Manager
- Disable Password complexity and Minimum password length
- Current user Password never expires
- Disable Application Experience task schedulers
- Disable Customer Experience Improvement Program task schedulers
Config Windows Feature
- BitLocker
- Direct-Play
- Wireless-Networking
- qWave
将脚本复制到桌面,并且要求管理员权限,去运行,输入y开始配置,会重新启动一次系统,演示效果如图:
BAT脚本如下:
@echo off
pushd %~dp0
set gpfile=temp_gpfile
set currentuser=%username%
set videopsfile=Acceleration.Level.ps1
rem UAC code begin
set getadminfile=getadmin.vbs
echo Windows Server To Windows Desktop
echo =================================
echo Starting
"%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\SYSTEM" >nul 2>nul
if %ERRORLEVEL% EQU 0 (
goto :Admin
) else (
if %ERRORLEVEL% EQU 2 (
goto :PathErr
) else (
goto :UAC
)
)
:PathErr
echo.
echo Please open "%~n0%~x0" by explorer.exe
echo.
echo Press any key to explore the folder...
pause>nul
start "" "%SYSTEMROOT%\system32\explorer.exe" /select,"%~f0"
goto :END
:UAC
echo Set sh = CreateObject^("Shell.Application"^) > %getadminfile%
echo sh.ShellExecute "%~f0", "", "", "runas", 1 >> %getadminfile%
ping 127.1 -n 1 >nul
"%SYSTEMROOT%\system32\cscript.exe" %getadminfile%
goto :END
:Admin
if exist %getadminfile% ( del %getadminfile% )
cls
rem UAC code end
if "%currentuser%" == "" set currentuser=Administrator
echo Windows Server To Windows Desktop
echo =================================
::PowerShell /Command "&{Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty Caption}"
set caption=
for /f "skip=1 delims=" %%t in ('wmic os get caption') do (
if not defined caption set caption=%%t
)
echo %caption%
echo %caption%|find /i "Windows Server">nul 2>nul
if ERRORLEVEL 1 goto :OSERR
echo Current Domain: %USERDOMAIN%
echo Current User: %currentuser%
echo.
set /p tmpInput=Maybe will restart computer. Are you ready? (Y/N):
if /i "%tmpInput%"=="y" goto :START
echo Canelled.
echo Press any key to exit...
pause>nul
goto :END
:OSERR
echo.
echo ERROR: Unsupported operating system!
echo Press any key to exit...
pause>nul
goto :END
:START
echo (1/3) Config Service
PowerShell /Command "&{Import-Module ServerManager}"
echo - [Automatic] Windows Audio
PowerShell /Command "&{Set-Service "Audiosrv" -StartupType Automatic}"
echo - [Automatic] Windows Audio Endpoint Builder
PowerShell /Command "&{Set-Service "AudioEndpointBuilder" -StartupType Automatic}"
echo - [Manual] Windows Remote Management (WS-Management)
PowerShell /Command "&{Set-Service "WinRM" -StartupType Manual}"
echo (2/3) Config Registry and GroupPolicy
echo - Enable Shutdown without logon
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ShutdownWithoutLogon /t REG_DWORD /d 1 /f>nul
echo - Disable Shutdown reason On
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t REG_DWORD /d 0 /f>nul
:: echo - No Lock Screen
:: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreen" /t REG_DWORD /d 0x1 /f>nul
echo - Disable Ctrl+Alt+Del login
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 1 /f>nul
echo - Disable UAC
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0x0 /f>nul
echo - Disable DEP (Turn on DEP for essential Windows programs and services only)
bcdedit /set {current} nx OptIn>nul
::bcdedit /set {current} nx AlwaysOff>nul
echo - Disable SEHOP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0x1 /f>nul
echo - Enable disk performance counters
diskperf -Y>nul
if exist %videopsfile%. (
echo - Enable Video Hardware Acceleration
PowerShell -ExecutionPolicy Unrestricted -File %videopsfile%>nul
del Acceleration.Level.reg /f /q
)
echo - Enable Audio Hardware Acceleration
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d 0x14 /f>nul
echo - CPU Priority for Program
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl /v Win32PrioritySeparation /t REG_DWORD /d 38 /f>nul
echo - Adjust Visual Effects (Manual)
SystemPropertiesPerformance.exe
::reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
::reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v DragFullWindows /t REG_SZ /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v FontSmoothing /t REG_SZ /d 2 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v MinAnimate /t REG_SZ /d 1 /f>nul
::reg add "HKCU\Control Panel\Desktop" /v UserPreferencesMask /t REG_BINARY /d 9E3E078012000000 /f>nul
echo - Adjust IE Max Connection
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "MaxConnectionsPer1_0Server" /t REG_DWORD /d 10 /f>nul
echo - IE Security Policy
REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin
echo - Disable TCP Auto-Tuning
netsh interface tcp set heuristics disabled>nul
echo - Change Power Scheme To High Performance
powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c>nul
echo - No Autorun Server Manager
REG ADD HKLM\Software\Microsoft\ServerManager /v DoNotOpenServerManagerAtLogon /t REG_DWORD /d 1 /f>nul
echo - Disable Password complexity and Minimum password length
echo [version]>%gpfile%.inf
echo signature="$CHICAGO$">>%gpfile%.inf
echo [System Access]>>%gpfile%.inf
echo MinimumPasswordLength = 0 >>%gpfile%.inf
echo PasswordComplexity = 0 >>%gpfile%.inf
secedit /configure /db %gpfile%.sdb /cfg %gpfile%.inf /log %gpfile%.log>nul 2>nul
del %gpfile%.inf %gpfile%.sdb %gpfile%.log %gpfile%.jfm /f /q
echo - %currentuser%'s Password never expires
wmic Path Win32_UserAccount Where Name="%currentuser%" Set PasswordExpires="FALSE">nul
echo PasswordExpires List:
wmic useraccount get Name,PasswordExpires
echo - Disable Application Experience task schedulers
schtasks /change /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Application Experience\StartupAppTask" /disable>nul 2>nul
echo - Disable Customer Experience Improvement Program task schedulers
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable>nul 2>nul
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable>nul 2>nul
echo (3/3) Config Windows Feature
echo - BitLocker
echo - Direct-Play
echo - Wireless-Networking
echo - qWave
echo please wait...
PowerShell /Command "&{Install-WindowsFeature "BitLocker","Direct-Play","Wireless-Networking","qWave" -Restart}"
echo Completed!
echo Press any key to exit...
pause>nul
:END
if exist %getadminfile% ( del %getadminfile% )
popd
Acceleration.Level.ps1
function WriteKey($File, $Key)
{
ECHO $Key >> $File;
ECHO '"Acceleration.Level"=dword:00000000' >> $File;
ECHO "" >> $File;
} function Generate($File, $ControlSet)
{
$Item = Get-Item -Path "HKLM:\HARDWARE\DEVICEMAP\VIDEO";
$ValueNames = $Item.GetValueNames();
foreach($ValueName in $ValueNames)
{
if($ValueName.StartsWith("\Device\Video"))
{
$Value = $Item.GetValue($ValueName);
if($Value.Length -gt 43)
{
$Guid = $Value.SubString($Value.Length - 43, 38);
$ObjectNumber = $Value.SubString($Value.Length - 4);
try
{
[System.Guid]::Parse($Guid);
[System.Int32]::Parse($ObjectNumber);
}
catch
{
continue;
}
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\Video";
$Service = (Get-Item -Path $Path).GetValue("Service");
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Services\" + $Service;
$ChildItems = Get-ChildItem -Path $Path;
foreach($ChildItem in $ChildItems)
{
if($ChildItem.PSChildName.StartsWith("Device"))
{
$Key = "[" + $ChildItem.Name + "]";
WriteKey $File $Key;
}
}
$Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "]";
WriteKey $File $Key;
$Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "\Settings]";
WriteKey $File $Key;
}
}
}
$VideoControllers = Get-WmiObject -Class Win32_VideoController;
foreach($VideoController in $VideoControllers)
{
$PnPEntities = Get-WmiObject -Class Win32_PnPEntity;
foreach($PnPEntity in $PnPEntities)
{
if($PnPEntity.PNPDeviceID -eq $VideoController.PNPDeviceID)
{
$Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Class\" + $PnPEntity.ClassGuid;
$ChildItems = Get-ChildItem -Path $Path;
foreach($ChildItem in $ChildItems)
{
try
{
[System.Int32]::Parse($ChildItem.PSChildName);
}
catch
{
continue;
}
$Key = "[" + $ChildItem.Name + "]";
WriteKey $File $Key;
$Key = "[" + $ChildItem.Name + "\Settings]";
WriteKey $File $Key;
}
}
}
}
} $File = "Acceleration.Level.reg";
New-Item $File -Type File -Force;
ECHO "Windows Registry Editor Version 5.00" > $File;
ECHO "" >> $File;
Generate $File "ControlSet001";
Generate $File "ControlSet002";
Generate $File "CurrentControlSet";
TYPE $File;
regedit.exe /s $File;
Windows Server 2016 桌面环境的自动配置脚本的更多相关文章
- Windows Server 2016 桌面环境的自动配置脚本(2017-10-24更新)
github:https://github.com/m2nlight/WindowsServerToWindowsDesktop 下载:https://github.com/m2nlight/Wind ...
- python环境变量自动配置脚本(setx使用)
前言 setx不是windows系统自带的工具,需要到微软官网下载,但是有的系统也会自带.(是官方提供的,可放心食用) set和setx都可以用来配置环境变量.他们的不同点在于,set只是临时的修改环 ...
- Windows Server 2016 IIS的安装与配置
1. 打开服务器管理器,点击[添加角色和功能选项]. 2. 进入“添加角色和功能向导”页面,点击下一步. 3. 安装类型选择[基于角色或基于功能的安装],点击下一步. 4. 进入服务器选 ...
- Windows Server 2016
Windows Server 2016 正式版教程:安装.激活.设置 http://www.ithome.com/html/win10/261386.htm 2016-9-29 12:57:58来源: ...
- Windows Server 2016 配置 IIS 的详细步骤
Ø 简介 本文主要记录 Windows Server 2016 环境下,安装配置 IIS 的详细步骤.需要说明的是,在选择"功能"或"角色服务"时不建议将所有 ...
- Windows Server 2016 + SCO 2016 安装及配置介绍
Windows Server 2016 + SCO 2016 安装及配置介绍 高文龙关注1人评论6332人阅读2017-02-26 23:23:02 Windows Server 2016 + SCO ...
- Windows Server 2016 上配置 APACHE+SSL+PHP+perl
Windows Server 2016 上配置 APACHE+SSL+PHP+perl 安装环境 谷歌云实例 Windows Server 2016 Apache Apache/2.4.25 (win ...
- 如何在Windows Server 2016启用或关闭Internet Explorer增强的安全配置
一般我们安装完服务器后,开启 Internet Explorer 会发现无法上网或者上网内容被屏蔽掉了 问题的发生原因 在 Windows Server 2016 通常扮演重要的服务器角色,不应该用来 ...
- [转]Windows Server 2016 服务器IIS配置
本文转自:https://blog.csdn.net/corson/article/details/82185407 多余的话就不说了,配置Windows Server 2016服务器具体如下图 ...
随机推荐
- CSS3--选择器
子元素选择器: div>p{background:yellow:} 相邻的后兄弟选择器(必须相邻) h1+p{padding-top:20px:} 后兄弟选择器(同级的当前元素后面的元素) di ...
- asp.net 去掉重复的querystring
string[] vs = HttpContext.Current.Request.QueryString.GetValues(key); if (vs.Leng ...
- RHEL查看CPU等机器信息
查看CPU信息: [root@pqsfc072 ~]# cat /proc/cpuinfo 查看CPU型号: [root@pqsfc072 ~]# cat /proc/cpuinfo | grep n ...
- Gossip protocol(zz)
Gossip protocol 这是一系列用于P2P的通信协议.简单来说,就是模拟人类社会中流言传播的方式.每个节点随机地把消息发给它的邻居,接到消息的节点,如果之前没收到这个消息,则会继续随机地转发 ...
- vue.js
一:vue的简单介绍: (1)Vue.js 的目标是通过尽可能简单的 API 实现响应的数据绑定和组合的视图组件: (2)Vue.js 自身不是一个全能框架——它只聚焦于视图层.因此它非常容易学习,非 ...
- sql like 查询
查询 ids 含有 4 的 精确到4 54 不查询 select * from t_g_sku where ','||ids||',' like '%,4,%'; 序号 id mid quant ...
- nodejs:使用多处理器
nodejs是单线程,这意味着Node只能利用一个处理器来工作.但多数服务器都有多个核.好在nodejs提供了cluster模块,可以把任务分配给子进程.每个子进程有些特殊能力,比如能与其他子进程共享 ...
- php 和mysql httpd 简单网页的搭建
使用两台服务器 Centos 7 做 php和httpd和php-sql 服务的安装 CentOS 5 做php 和 mysql 的安装 1.搭建本地yum源 两台服务器 都是 2.关闭防火墙和s ...
- LDO-BD00C0AWFP
BD00C0AWxx 1.该产品是ROHM公司的一款高输入电压可达26.5V,输出电压可达15V,输出电流1A的LDO.具有较低的ESR Capacitor. 2.输入电压变化4-26.5V,输出3 ...
- C++混合编程之idlcpp教程Python篇(4)
上一篇在这 C++混合编程之idlcpp教程Python篇(3) 第一篇在这 C++混合编程之idlcpp教程(一) 与前面的工程相似,工程PythonTutorial2中,同样加入了三个文件 Pyt ...