PowerShell: OS Build Script for Windows Server 2008, 2008 R2 and Windows 7

3 minute read

Background:

Around 2 years ago, I originally written a set of script to configure newly built Windows 2008 servers using PowerShell when my previous employer started to deploy their very first Windows 2008 server. These set of scripts were the very first scripts I’ve ever written in PowerShell.

Over the time, I have updated them many times and now they also support Windows 2008 R2 and Windows 7.

You can download the scripts HERE.

Purpose:

This set of build script is designed to automate the process of building a Windows server (version 2008 and above). It is designed for environments that do not have server SOEs. The intention is to install the OS with default settings and run these scripts right after the OS install. Although they will also work in Windows Vista and Windows 7, the settings are set according to server standard, they may not be suitable for configuring desktop / laptop for your end users.

Below is a list of items that these scripts will configure for you (and where you can set the values for these items):

Item Configured by Config-urable Configure from Note
Rename Computer 1_OSConfig.PS1 Yes User Input  
Registered Organization 1_OSConfig.PS1 Yes Configuration.ini (RegisteredOrg)  
Registered Owner 1_OSConfig.PS1 Yes Configuration.ini (RegisteredOwner)  
Startup & Recovery Options Small Memory dump (256K) Automatically Restart Write an event to the system log 1_OSConfig.PS1 No    
Disabling unwanted services 1_OSConfig.PS1 Yes Configuration.ini (DisabledService) Enter the service name (not the display name) for each unwanted services
Enable Remote Desktop 1_OSConfig.PS1 No    
Screen Saver with Password Protection 1_OSConfig.PS1 No    
Screen Saver 1_OSConfig.PS1 Yes Configuration.ini (ScreenSaverName) Name of the screen Saver
Screen Saver time out 1_OSConfig.PS1 Yes Configuration.ini (ScreenSaverTimeout) Screen Saver Time out in seconds
Force Classic Start Menu 1_OSConfig.PS1 No    
Disable Windows Animations 1_OSConfig.PS1 No    
Automatically End Hung Applications on ShutDown 1_OSConfig.PS1 No    
My Computer Icon Matches System Name on desktop 1_OSConfig.PS1 No    
NTP Time source 1_OSConfig.PS1 Yes Configuration.ini (NTP) After joining to the domain, this setting will be ignored as the NTP setting is set to NT5DS
Disable User Account Control 1_OSConfig.PS1 No    
Boot menu time out setting 1_OSConfig.PS1 Yes Configuration.ini (BootTimeOut) Boot menu time out - in seconds
Power Options - High Performance 1_OSConfig.PS1 No    
Regional and Language Options 1_OSConfig.PS1 Yes Configuration.ini (UserLocale, SystemLocale, ShortDate)  
Configure Time Zone 1_OSConfig.PS1 Yes User Input  
Configure Network Connections IP Address Subnet Mask Default Gateway 2_network.PS1 Yes User Input Inputs are validated
Rename Active Connections that have names start with "Local Area Connection" 2_network.PS1 No    
Configure DNS Servers 2_network.PS1 Yes Configuration.ini (DNSServer) Enter the DNS server IP address for each DNS server
Configure DNS Suffix Search List 2_network.PS1 Yes Configuration.ini (DNSSuffixSearch) Enter the domain name for each DNS suffix search
Disable LMHosts lookup 2_network.PS1 No    
Show Network Connection Icon in Sys Tray - Windows 6.0 (2008 & Vista) only 2_network.PS1 No    
Disable IPV6 2_network.PS1 No    
Rename Local Admin account 3_Security.PS1 Yes SecPolicy.inf (NewAdministratorName)  
Reset Local Admin Password 3_Security.PS1 Yes User Input + Configuration.ini (AdminPassword) User input to decide if the password needs to be changed. New password stored in configuration.ini
Rename Local Guest account 3_Security.PS1 Yes SecPolicy.inf (NewGuestName)  
Reset Local Guest Password 3_Security.PS1 Yes Configuration.ini (GuestPassword)  
Disable Local Guest account 3_Security.PS1 No    
Logon legal notice 3_Security.PS1 Yes SecPolicy.inf [Registry Values] LegalNoticeCaption and LegalNoticeText
Configure local security policy 3_Security.PS1 Yes SecPolicy.inf SecPolicy.inf will be applied to the computer. Log file: security.log
Configuring Event Logs (System, Application & Security) 3_Security.PS1 Yes SecPolicy.inf under [system log], [application log] and [security log] section
Configuring audit policies 3_Security.PS1 Yes SecPolicy.inf Under [Event Audit] section
Do not display last user name 3_Security.PS1 Yes SecPolicy.inf Under [Registry Values]
Configure LAN Manager authentication level 3_Security.PS1 Yes SecPolicy.inf Under [Registry Values], In Windows 2008 R2 and Windows 7, by default, it is set to only use NTLM V2. bu

Leave a comment