Windows Server 2016 桌面環境的自動配置腳本(2017-10-24更新)

github:https://github.com/m2nlight/WindowsServerToWindowsDesktopios

下載:https://github.com/m2nlight/WindowsServerToWindowsDesktop/archive/master.zipgit

它的功能是自動啓動音頻服務、容許未登陸關機、禁用Ctrl+Alt+Del登陸系統、禁用關機時要求輸入關機緣由、CPU性能優秀程序、IE安全策略、登陸時不現實服務器管理器、禁用密碼混淆和長度要求、當前用戶密碼永不過時,安裝Bitlocker、Direct-Play、無線網絡、優質Windows音視頻體驗組件。github

 

  • Config Serviceshell

    • [Automatic] Windows Audio
    • [Automatic] Windows Audio Endpoint Builder
    • [Manual] Windows Remote Management (WS-Management)
  • Config Registry and GroupPolicywindows

    • Enable Shutdown without logon
    • Disable Shutdown reason On
    • No Lock Screen
    • Disable Ctrl+Alt+Del login
    • Disable UAC
    • Disable DEP (Turn on DEP for essential Windows programs and services only)
    • Disable SEHOP
    • Enable disk performance counters
    • Enable Video Hardware Acceleration (Thanks @cjrcl)
    • Enable Audio Hardware Acceleration
    • CPU Priority for Program
    • Adjust Visual Effects (Manual)
    • Adjust IE MaxConnection
    • IE Security Policy
    • Disable TCP Auto-Tuning
    • Change Power Scheme To High Performance
    • No Autorun Server Manager
    • Disable Password complexity and Minimum password length
    • Current user Password never expires
    • Disable Application Experience task schedulers
    • Disable Customer Experience Improvement Program task schedulers
  • Config Windows Feature安全

    • BitLocker
    • Direct-Play
    • Wireless-Networking
    • qWave


 

將腳本複製到桌面,而且要求管理員權限,去運行,輸入y開始配置,會從新啓動一次系統,演示效果如圖:服務器

 

BAT腳本以下:網絡

  1 @echo off
  2 pushd %~dp0
  3 set gpfile=temp_gpfile
  4 set currentuser=%username%
  5 set videopsfile=Acceleration.Level.ps1
  6 rem UAC code begin
  7 set getadminfile=getadmin.vbs
  8 echo Windows Server To Windows Desktop
  9 echo =================================
 10 echo Starting
 11 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\SYSTEM" >nul 2>nul
 12 if %ERRORLEVEL% EQU 0 (
 13     goto :Admin
 14 ) else (
 15     if %ERRORLEVEL% EQU 2 (
 16         goto :PathErr
 17     ) else (
 18         goto :UAC
 19     )
 20 )
 21 :PathErr
 22 echo.
 23 echo Please open "%~n0%~x0" by explorer.exe
 24 echo.
 25 echo Press any key to explore the folder...
 26 pause>nul
 27 start "" "%SYSTEMROOT%\system32\explorer.exe" /select,"%~f0"
 28 goto :END
 29 :UAC
 30 echo Set sh = CreateObject^("Shell.Application"^) > %getadminfile%
 31 echo sh.ShellExecute "%~f0", "", "", "runas", 1 >> %getadminfile%
 32 ping 127.1 -n 1 >nul
 33 "%SYSTEMROOT%\system32\cscript.exe" %getadminfile%
 34 goto :END
 35 :Admin
 36 if exist %getadminfile% ( del %getadminfile% )
 37 cls
 38 rem UAC code end
 39 if "%currentuser%" == "" set currentuser=Administrator
 40 echo Windows Server To Windows Desktop
 41 echo =================================
 42 ::PowerShell /Command "&{Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty Caption}"
 43 set caption=
 44 for /f "skip=1 delims=" %%t in ('wmic os get caption') do (
 45 if not defined caption set caption=%%t
 46 )
 47 echo %caption%
 48 echo %caption%|find /i "Windows Server">nul 2>nul
 49 if ERRORLEVEL 1 goto :OSERR
 50 echo Current Domain: %USERDOMAIN%
 51 echo Current User: %currentuser%
 52 echo.
 53 set /p tmpInput=Maybe will restart computer. Are you ready? (Y/N):
 54 if /i "%tmpInput%"=="y" goto :START
 55 echo Canelled.
 56 echo Press any key to exit...
 57 pause>nul
 58 goto :END
 59 :OSERR
 60 echo.
 61 echo ERROR: Unsupported operating system!
 62 echo Press any key to exit...
 63 pause>nul
 64 goto :END
 65 :START
 66 echo (1/3) Config Service
 67 PowerShell /Command "&{Import-Module ServerManager}"
 68 echo - [Automatic] Windows Audio
 69 PowerShell /Command "&{Set-Service "Audiosrv" -StartupType Automatic}"
 70 echo - [Automatic] Windows Audio Endpoint Builder
 71 PowerShell /Command "&{Set-Service "AudioEndpointBuilder" -StartupType Automatic}"
 72 echo - [Manual] Windows Remote Management (WS-Management)
 73 PowerShell /Command "&{Set-Service "WinRM" -StartupType Manual}"
 74 echo (2/3) Config Registry and GroupPolicy
 75 echo - Enable Shutdown without logon
 76 REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ShutdownWithoutLogon /t REG_DWORD /d 1 /f>nul
 77 echo - Disable Shutdown reason On
 78 REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t REG_DWORD /d 0 /f>nul
 79 :: echo - No Lock Screen
 80 :: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreen" /t REG_DWORD /d 0x1 /f>nul
 81 echo - Disable Ctrl+Alt+Del login
 82 REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 1 /f>nul
 83 echo - Disable UAC
 84 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0x0 /f>nul
 85 echo - Disable DEP (Turn on DEP for essential Windows programs and services only)
 86 bcdedit /set {current} nx OptIn>nul
 87 ::bcdedit /set {current} nx AlwaysOff>nul
 88 echo - Disable SEHOP
 89 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0x1 /f>nul
 90 echo - Enable disk performance counters
 91 diskperf -Y>nul
 92 if exist %videopsfile%. (
 93 echo - Enable Video Hardware Acceleration
 94 PowerShell -ExecutionPolicy Unrestricted -File %videopsfile%>nul
 95 del Acceleration.Level.reg /f /q
 96 )
 97 echo - Enable Audio Hardware Acceleration
 98 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d 0x14 /f>nul
 99 echo - CPU Priority for Program
100 REG ADD HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl /v Win32PrioritySeparation /t REG_DWORD /d 38 /f>nul
101 echo - Adjust Visual Effects (Manual)
102 SystemPropertiesPerformance.exe
103 ::reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
104 ::reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
105 ::reg add "HKCU\Control Panel\Desktop" /v DragFullWindows /t REG_SZ /d 1 /f>nul
106 ::reg add "HKCU\Control Panel\Desktop" /v FontSmoothing /t REG_SZ /d 2 /f>nul
107 ::reg add "HKCU\Control Panel\Desktop" /v MinAnimate /t REG_SZ /d 1 /f>nul
108 ::reg add "HKCU\Control Panel\Desktop" /v UserPreferencesMask /t REG_BINARY /d 9E3E078012000000 /f>nul
109 echo - Adjust IE Max Connection
110 reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "MaxConnectionsPer1_0Server" /t REG_DWORD /d 10 /f>nul
111 echo - IE Security Policy
112 REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
113 REG ADD "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
114 Rundll32 iesetup.dll, IEHardenLMSettings
115 Rundll32 iesetup.dll, IEHardenUser
116 Rundll32 iesetup.dll, IEHardenAdmin
117 echo - Disable TCP Auto-Tuning
118 netsh interface tcp set heuristics disabled>nul
119 echo - Change Power Scheme To High Performance
120 powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c>nul
121 echo - No Autorun Server Manager
122 REG ADD HKLM\Software\Microsoft\ServerManager /v DoNotOpenServerManagerAtLogon /t REG_DWORD /d 1 /f>nul
123 echo - Disable Password complexity and Minimum password length
124 echo [version]>%gpfile%.inf
125 echo signature="$CHICAGO$">>%gpfile%.inf
126 echo [System Access]>>%gpfile%.inf
127 echo MinimumPasswordLength = 0 >>%gpfile%.inf
128 echo PasswordComplexity = 0 >>%gpfile%.inf
129 secedit /configure /db %gpfile%.sdb /cfg %gpfile%.inf /log %gpfile%.log>nul 2>nul
130 del %gpfile%.inf %gpfile%.sdb %gpfile%.log %gpfile%.jfm /f /q
131 echo - %currentuser%'s Password never expires
132 wmic Path Win32_UserAccount Where Name="%currentuser%" Set PasswordExpires="FALSE">nul
133 echo   PasswordExpires List:
134 wmic useraccount get Name,PasswordExpires
135 echo - Disable Application Experience task schedulers
136 schtasks /change /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable>nul 2>nul
137 schtasks /change /tn "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable>nul 2>nul
138 schtasks /change /tn "\Microsoft\Windows\Application Experience\StartupAppTask" /disable>nul 2>nul
139 echo - Disable Customer Experience Improvement Program task schedulers
140 schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable>nul 2>nul
141 schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable>nul 2>nul
142 schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable>nul 2>nul
143 echo (3/3) Config Windows Feature
144 echo - BitLocker
145 echo - Direct-Play
146 echo - Wireless-Networking
147 echo - qWave
148 echo please wait...
149 PowerShell /Command "&{Install-WindowsFeature "BitLocker","Direct-Play","Wireless-Networking","qWave" -Restart}"
150 echo Completed!
151 echo Press any key to exit...
152 pause>nul
153 :END
154 if exist %getadminfile% ( del %getadminfile% )
155 popd

 

Acceleration.Level.ps1less

 1 function WriteKey($File, $Key)
 2 {
 3     ECHO $Key >> $File;
 4     ECHO '"Acceleration.Level"=dword:00000000' >> $File;
 5     ECHO "" >> $File;
 6 }
 7 
 8 function Generate($File, $ControlSet)
 9 {
10     $Item = Get-Item -Path "HKLM:\HARDWARE\DEVICEMAP\VIDEO";
11     $ValueNames = $Item.GetValueNames();
12     foreach($ValueName in $ValueNames)
13     {
14         if($ValueName.StartsWith("\Device\Video"))
15         {
16             $Value = $Item.GetValue($ValueName);
17             if($Value.Length -gt 43)
18             {
19                 $Guid = $Value.SubString($Value.Length - 43, 38);
20                 $ObjectNumber = $Value.SubString($Value.Length - 4);
21                 try
22                 {
23                     [System.Guid]::Parse($Guid);
24                     [System.Int32]::Parse($ObjectNumber);
25                 }
26                 catch
27                 {
28                     continue;
29                 }
30                 $Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\Video";
31                 $Service = (Get-Item -Path $Path).GetValue("Service");
32                 $Path = "HKLM:\SYSTEM\" + $ControlSet + "\Services\" + $Service;
33                 $ChildItems = Get-ChildItem -Path $Path;
34                 foreach($ChildItem in $ChildItems)
35                 {
36                     if($ChildItem.PSChildName.StartsWith("Device"))
37                     {
38                         $Key = "[" + $ChildItem.Name + "]";
39                         WriteKey $File $Key;
40                     }
41                 }
42                 $Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "]";
43                 WriteKey $File $Key;
44                 $Key = "[HKEY_LOCAL_MACHINE\SYSTEM\" + $ControlSet + "\Control\Video\" + $Guid + "\" + $ObjectNumber + "\Settings]";
45                 WriteKey $File $Key;
46             }
47         }
48     }
49     $VideoControllers = Get-WmiObject -Class Win32_VideoController;
50     foreach($VideoController in $VideoControllers)
51     {
52         $PnPEntities = Get-WmiObject -Class Win32_PnPEntity;
53         foreach($PnPEntity in $PnPEntities)
54         {
55             if($PnPEntity.PNPDeviceID -eq $VideoController.PNPDeviceID)
56             {
57                 $Path = "HKLM:\SYSTEM\" + $ControlSet + "\Control\Class\" + $PnPEntity.ClassGuid;
58                 $ChildItems = Get-ChildItem -Path $Path;
59                 foreach($ChildItem in $ChildItems)
60                 {
61                     try
62                     {
63                         [System.Int32]::Parse($ChildItem.PSChildName);
64                     }
65                     catch
66                     {
67                         continue;
68                     }
69                     $Key = "[" + $ChildItem.Name + "]";
70                     WriteKey $File $Key;
71                     $Key = "[" + $ChildItem.Name + "\Settings]";
72                     WriteKey $File $Key;
73                 }
74             }
75         }
76     }
77 }
78 
79 $File = "Acceleration.Level.reg";
80 New-Item $File -Type File -Force;
81 ECHO "Windows Registry Editor Version 5.00" > $File;
82 ECHO "" >> $File;
83 Generate $File "ControlSet001";
84 Generate $File "ControlSet002";
85 Generate $File "CurrentControlSet";
86 TYPE $File;
87 regedit.exe /s $File;
相關文章
相關標籤/搜索