PowerShell: OS Build Script for Windows Server 2008, 2008 R2 and Windows 7
Background:
Around 2 years ago, I originally written a set of script to configure newly built Windows 2008 servers using PowerShell when my previous employer started to deploy their very first Windows 2008 server. These set of scripts were the very first scripts I’ve ever written in PowerShell.
Over the time, I have updated them many times and now they also support Windows 2008 R2 and Windows 7.
You can download the scripts HERE.
Purpose:
This set of build script is designed to automate the process of building a Windows server (version 2008 and above). It is designed for environments that do not have server SOEs. The intention is to install the OS with default settings and run these scripts right after the OS install. Although they will also work in Windows Vista and Windows 7, the settings are set according to server standard, they may not be suitable for configuring desktop / laptop for your end users.
Below is a list of items that these scripts will configure for you (and where you can set the values for these items):
| Item | Configured by | Config-urable | Configure from | Note |
| Rename Computer | 1_OSConfig.PS1 | Yes | User Input | |
| Registered Organization | 1_OSConfig.PS1 | Yes | Configuration.ini (RegisteredOrg) | |
| Registered Owner | 1_OSConfig.PS1 | Yes | Configuration.ini (RegisteredOwner) | |
| Startup & Recovery Options Small Memory dump (256K) Automatically Restart Write an event to the system log | 1_OSConfig.PS1 | No | ||
| Disabling unwanted services | 1_OSConfig.PS1 | Yes | Configuration.ini (DisabledService) | Enter the service name (not the display name) for each unwanted services |
| Enable Remote Desktop | 1_OSConfig.PS1 | No | ||
| Screen Saver with Password Protection | 1_OSConfig.PS1 | No | ||
| Screen Saver | 1_OSConfig.PS1 | Yes | Configuration.ini (ScreenSaverName) | Name of the screen Saver |
| Screen Saver time out | 1_OSConfig.PS1 | Yes | Configuration.ini (ScreenSaverTimeout) | Screen Saver Time out in seconds |
| Force Classic Start Menu | 1_OSConfig.PS1 | No | ||
| Disable Windows Animations | 1_OSConfig.PS1 | No | ||
| Automatically End Hung Applications on ShutDown | 1_OSConfig.PS1 | No | ||
| My Computer Icon Matches System Name on desktop | 1_OSConfig.PS1 | No | ||
| NTP Time source | 1_OSConfig.PS1 | Yes | Configuration.ini (NTP) | After joining to the domain, this setting will be ignored as the NTP setting is set to NT5DS |
| Disable User Account Control | 1_OSConfig.PS1 | No | ||
| Boot menu time out setting | 1_OSConfig.PS1 | Yes | Configuration.ini (BootTimeOut) | Boot menu time out - in seconds |
| Power Options - High Performance | 1_OSConfig.PS1 | No | ||
| Regional and Language Options | 1_OSConfig.PS1 | Yes | Configuration.ini (UserLocale, SystemLocale, ShortDate) | |
| Configure Time Zone | 1_OSConfig.PS1 | Yes | User Input | |
| Configure Network Connections IP Address Subnet Mask Default Gateway | 2_network.PS1 | Yes | User Input | Inputs are validated |
| Rename Active Connections that have names start with "Local Area Connection" | 2_network.PS1 | No | ||
| Configure DNS Servers | 2_network.PS1 | Yes | Configuration.ini (DNSServer) | Enter the DNS server IP address for each DNS server |
| Configure DNS Suffix Search List | 2_network.PS1 | Yes | Configuration.ini (DNSSuffixSearch) | Enter the domain name for each DNS suffix search |
| Disable LMHosts lookup | 2_network.PS1 | No | ||
| Show Network Connection Icon in Sys Tray - Windows 6.0 (2008 & Vista) only | 2_network.PS1 | No | ||
| Disable IPV6 | 2_network.PS1 | No | ||
| Rename Local Admin account | 3_Security.PS1 | Yes | SecPolicy.inf (NewAdministratorName) | |
| Reset Local Admin Password | 3_Security.PS1 | Yes | User Input + Configuration.ini (AdminPassword) | User input to decide if the password needs to be changed. New password stored in configuration.ini |
| Rename Local Guest account | 3_Security.PS1 | Yes | SecPolicy.inf (NewGuestName) | |
| Reset Local Guest Password | 3_Security.PS1 | Yes | Configuration.ini (GuestPassword) | |
| Disable Local Guest account | 3_Security.PS1 | No | ||
| Logon legal notice | 3_Security.PS1 | Yes | SecPolicy.inf [Registry Values] | LegalNoticeCaption and LegalNoticeText |
| Configure local security policy | 3_Security.PS1 | Yes | SecPolicy.inf | SecPolicy.inf will be applied to the computer. Log file: security.log |
| Configuring Event Logs (System, Application & Security) | 3_Security.PS1 | Yes | SecPolicy.inf | under [system log], [application log] and [security log] section |
| Configuring audit policies | 3_Security.PS1 | Yes | SecPolicy.inf | Under [Event Audit] section |
| Do not display last user name | 3_Security.PS1 | Yes | SecPolicy.inf | Under [Registry Values] |
| Configure LAN Manager authentication level | 3_Security.PS1 | Yes | SecPolicy.inf | Under [Registry Values], In Windows 2008 R2 and Windows 7, by default, it is set to only use NTLM V2. bu |
Leave a comment