Windows 2012 ICT via PowerShell

Well, since Windows 2k12 was released I kind of missed the Windows 2k8 ICT (Initial Configuration Tasks) which was straight forward to do the basic and most important things when setting up a box, especially when I am doing labs or proof of concepts. SO! I decided to write a script that would cover that which the ICT in Win2k8 had covered such computername, firewall status, network configuration etc…

This had proven to be very useful, takes about lest than 3-5 minutes to do all initial configuration tasks on Win2k12, I hope you’d take benefit from it as I did =).

# Windows 2k12 PowerShell ICT by (Abdullah)^2
# This is for usage only in test environments to save time, you can freely modify it if you want to use in a live environment though.
# Modify this as your own risk and if you need any help please do not hesitate in contacting me.

# Change Computer Name:
# =====================
# Change Computer Name : Rename-Computer -NewName -Force
Write-Host "[ - Change Box Name - ]" -ForegroundColor Black -BackgroundColor Yellow
$ChangeBoxName = Read-Host "Type in the name of your box: "
$OldBoxName = hostname
$NewBoxName = Rename-Computer -NewName $ChangeBoxName -Force
Write-Host "The box" $OldBoxName is now $ChangeBoxName

# Disable Firewall on all profiles:
# =================================
# Disable Firewall: netsh advfirewall set allprofiles state off
# Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled false
# netsh advfirewall show allprofiles state
Write-Host "[ - Disable Firewall - ]" -ForegroundColor Black -BackgroundColor Yellow
$DisableFirewall = Read-Host "Would you like to disable firewall on all profiles (Y/N)? "
if ($DisableFirewall -eq "Y")
$FirewallStateOff = Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled false
Write-Host "Your firewall on all profiles is now disabled" -ForegroundColor Yellow -BackgroundColor Black
Get-NetFirewallProfile | fl Name, Enabled
Write-Host "Your firewall state is kept as is" -ForegroundColor Yellow -BackgroundColor Black
Get-NetFirewallProfile | fl Name, Enabled

# Set Time Zone (Beirut):
# =======================
# Set Time Zone (Beirut) : tzutil /s "Middle East Standard Time"
Write-Host "[ - Setting Time Zone - ]" -ForegroundColor Black -BackgroundColor Yellow
$Beirut = "Middle East Standard Time"
$TZ = Read-Host "Enter a time zone please (open CMD and type tzutil /l for a listing) or enter nothing for Beirut "
if ($TZ)
tzutil /s $TZ
else { tzutil /s $Beirut }
$GetTimeZone = tzutil /g
Write-Host "Your time zone is now set to" $GetTimeZone -ForegroundColor Yellow -BackgroundColor Black

# Disable Windows Update Service
# ==============================
# gwmi win32_service|?{$ -eq "wuauserv"} | %{$_.changestartmode("Disabled")}
# Stop Windows Update Services: (Get-WmiObject Win32_Service -Filter 'Name="wuauserv"').StopService()
Write-Host "[ - Disabling Windows Updates Service - ]" -ForegroundColor Black -BackgroundColor Yellow
gwmi win32_service|?{$ -eq "wuauserv"} | %{$_.changestartmode("Disabled")} | Out-Null
Write-Host "Windows Updates Service is now disabled!" -ForegroundColor Yellow -BackgroundColor Black

# Enable Remote Desktop:
# ======================
# Enable Remote Desktop: set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
# Disable NLA: set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0 -erroraction silentlycontinue
Write-Host "[ - Enabling Remode Desktop with Removal of NLA - ]" -ForegroundColor Black -BackgroundColor Yellow
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0 -erroraction silentlycontinue
Write-Host "RDP Has been enabled and Network Level Authentication has been disabled!" -ForegroundColor Yellow -BackgroundColor Black
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" | fl fDenyTSConnections
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" | fl UserAuthentication

# Configure ethernet [IP, DNS and Gateway]
# Get Ethernet Interfaces: Get-NetIPAddress | fl InterfaceIndex, InterfaceAlias
# Get Adapter: Get-NetAdapter
# New Ip Address: New-NetIPAddress -InterfaceIndex -IPAddress <address> -PrefixLength "24" -DefaultGateway
# Change Ip Address: Set-NetIPAddress -InterfaceIndex -IPAddress</address><address>-PrefixLength "24"
# Setup DNS Client: Set-DnsClientServerAddress -InterfaceIndex -ServerAddresses
Write-Host "[ - Configuring primary network interface - ]" -ForegroundColor Black -BackgroundColor Yellow
Write-Host "Listing interfaces:"
$SelectedInterface = Read-Host "Please select the interface you want to configure (InterfaceIndex): "
$SelectedIP = Read-Host "Please type in the IP address: "
$SelectedSubnet = Read-Host "Please choose a subnet (example: 24): "
$SelectedGateway = Read-Host "Please assign a gateway address: "
$SelectedDNS = Read-Host "Please assign a DNS server address (if multiple put a &gt;,&lt; for separation): "
New-NetIPAddress -InterfaceIndex $SelectedInterface -IPAddress $SelectedIP -PrefixLength $SelectedSubnet -DefaultGateway $SelectedGateway | Out-Null
Set-DnsClientServerAddress -InterfaceIndex $SelectedInterface -ServerAddresses $SelectedDNS | Out-Null
Write-Host "The Interface with index" $SelectedInterface "has been configured with the following options: " -ForegroundColor Yellow -BackgroundColor Black
Get-NetAdapter -InterfaceIndex $SelectedInterface
Get-DnsClientServerAddress -InterfaceIndex $SelectedInterface</address>

# Add server to domain:
# =====================
# Add Computer to domain: Add-Computer -DomainName -Credential -PassThru
Write-Host "[ - Join the box AD - ]" -ForegroundColor Black -BackgroundColor Yellow
$SelectedDomain = Read-Host "Please type in your domain name "
$DomainUser = Read-Host "Please type a domain user with delegations to join computers "
$DomainUserPassword = Read-Host -AsSecureString "Put the password of the user which you've used "
$UserAndPassword = New-Object System.Management.Automation.PSCredential($DomainUser,$DomainUserPassword)
Add-Computer -DomainName $SelectedDomain -Credential $UserAndPassword -PassThru

# Restart the box:
Write-Host "[ - Restarting the box - ]" -ForegroundColor Black -BackgroundColor Yellow
$DoRestart = Read-Host "Would you like to restart thix box now? (Y/N) "
if($DoRestart -eq "Y")
Restart-Computer -Confirm
else { Write-Host "You need to restart the box manually to fullfil this ICT" -ForegroundColor Yellow -BackgroundColor Black

Copy the up above and save them into Something.ps1 run it after your first logon to your Win2k12 system and see the magic =), you can also download the script directly from here if you don’t feel like copying and pasting ;-).


2820 Total Views 1 Views Today


Knowledge is limitless.

2 Responses

  1. Mark Hardy says:

    A really useful script. Many thanks for sharing it!

Leave a Reply

Your email address will not be published. Required fields are marked *