Just putting this out there for easy copy / pasta
https://github.com/richie65x
###########################
#~~~~~~#
# c:\windows\system32\sysprep\sysprep.exe /oobe /generalize
# https://www.catalog.update.microsoft.com/Search.aspx?q=KB5032190
# PoSh ~As admin~ shortcut, and S.T.S.T. set up page, on Desktop
$PathToDesktop = "C:\Users\$env:Username\Desktop"
$TargetFile = "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell_ise.exe"
$ShortcutFile = "$PathToDesktop\PoSh-Admin.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()
$bytes = [System.IO.File]::ReadAllBytes($ShortcutFile)
$bytes[0x15] = $bytes[0x15] -bor 0x20 #set byte 21 (0x15) bit 6 (0x20) ON
[System.IO.File]::WriteAllBytes($ShortcutFile, $bytes)
$TargetFile = "http://www.somethingtoscrollthrough.com/2022/05/firewall.html"
$ShortcutFile = "$PathToDesktop\STST ~ PC Set-Up.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$ShortCut.IconLocation = "%SystemRoot%\System32\SHELL32.dll,48"
$Shortcut.Save()
# turn off sleep while plugged in (on AC power)
powercfg /change standby-timeout-ac 0
# Toggle 'Set timezone automatically' to 'On'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate' -name 'Start' -value 3
# Prevent Edge 'First Run' page
# edge://settings/resetProfileSettings # (hit 'reset' - Use this to reset edge if you want to see the First Run)
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge"
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main"
New-ItemProperty -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -Name "PreventFirstRunPage" -Value 1 -PropertyType "DWord" -Force
# start msedge http://www.somethingtoscrollthrough.com/2022/05/firewall.html
get-process | ? {$_.MainWindowTitle -and $_.Name -match "edge"} | kill
Install-PackageProvider -Name NuGet -Force
Install-Module -Name PSWindowsUpdate -Force
Get-Package -Name PSWindowsUpdate -Force
Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
Import-Module PSWindowsUpdate
# $ErrorActionPreference = "SilentlyContinue"
Get-WUList
Sleep 5
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
$ErrorActionPreference = "Continue"
Return
###########################
Break
# Enable RDP - and show the active IP address
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
(Get-NetIPConfiguration | ? {$_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.status -ne "Disconnected"}).IPv4Address.IPAddress
# Set time-zone automatically
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate -Name start -Value "3"
Set-TimeZone "Eastern Standard Time"
w32tm /resync
# Disable the firewall
netsh advfirewall set allprofiles state off
# Set the current connection to 'Private' - By default it is 'Public' so WinRM will not enable.
Set-NetConnectionProfile -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex) -NetworkCategory Private
# Enable WinRM
c:\windows\system32\winrm.cmd quickconfig -quiet
# Add DOT.NET 2.0--3.5
# Add-WindowsCapability -Online -Name NetFx3~~~~
###########################
# Get Serial number from BIOS
$SerialNumber = (Get-WmiObject -class win32_bios).SerialNumber
# Dell computers have a shorter Serial number, but others (ie. BeeLink mini's) are too long - This shortens it (to 7 characters) if the SN is longer than 9 characters.
# MPC = Mini PC
If ($SerialNumber.Length -gt 9) { $SerialNumber = "MPC$($SerialNumber.Remove(0, ($SerialNumber.Length - 7)))" }
$SerialNumber
#Read-Host
# Rename the computer to its SN
Rename-Computer -NewName $SerialNumber -Force
Sleep 5
# Gotta reboot
shutdown -r -t 0
###########################
# Make sure you have successfully, and correctly set the computers hostname
hostname
# This grabs the full name of the domain
$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix
# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')
$JoinFail = $null; Add-Computer -domainname $Domain_Name -ErrorVariable JoinFail
If ($JoinFail -ge 1) {
Write-Host "Well, that didn't work..." -F 14
Write-Host "'$Domain_Name' is in the clipboard..." -F 0 -B 14
$Domain_Name | Set-Clipboard
cmd.exe /c sysdp.cpl
}
Break
# Gotta reboot
shutdown -r -t 0
#---------#
###########################
# Make sure you have successfully, and correctly set the computers hostname
hostname
# This grabs the full name of the domain
$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix
# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')
Add-Computer -domainname $Domain_Name
Break
# Gotta reboot
shutdown -r -t 0
###########################
Others...
netsh advfirewall set currentprofile state off
netsh advfirewall set domainprofile state off
netsh advfirewall set privateprofile state off
netsh advfirewall set publicprofile state off