Sunday, February 13, 2022

 Adding proxy from command:


reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d 10.0.0.1:3128 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v proxyoverride /t reg_sz /d "*.name.com;10.*" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /t REG_DWORD /d 1 /f
# start IE and close it.
netsh winhttp import proxy source =ie

Install Powershell:

mkdir c:\temp
Write-host "Downloading Powershell 5.1" -ForegroundColor Cyan
(New-Object System.Net.WebClient).DownloadFile('https://go.microsoft.com/fwlink/?linkid=839516'"c:\\temp\\Win8.1AndW2K12R2-KB3191564-x64.msu")
Write-host "Downloaded Powershell 5.1" -ForegroundColor Cyan
 
Write-host "Installing PowerShell 5.1" -ForegroundColor Cyan
write-host "Extracting file" -ForegroundColor Cyan
winrs -r:localhost c:\windows\system32\wusa.exe c:\temp\Win8.1AndW2K12R2-KB3191564-x64.msu /extract:c:\temp
write-host "Installing file" -ForegroundColor Cyan
winrs -r:localhost dism /online /add-package /PackagePath:c:\temp\WindowsBlue-KB3191564-x64.cab /norestart
write-host "Finished Installing file" -ForegroundColor Cyan

Modules installation:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -Force -Proxy "http://host:3128"
Install-Module PSWindowsUpdate -Force -Proxy "http://host:3128"

IIS install:

import-module servermanager
Install-WindowsFeature net-framework-core -Source C:\temp\sxs\sxs
Install-WindowsFeature NET-Framework-45-Features
add-windowsfeature Web-Server, Web-WebServer, Web-Security, Web-Filtering, Web-Request-Monitor, Web-App-Dev, Web-Net-Ext, Web-Net-Ext45, Web-Asp-Net, Web-Asp-Net45, Web-CGI, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Service
Add-WindowsFeature PowerShell-ISE

Update Windows

Get-WUInstall -WindowsUpdate -AcceptAll -Install -IgnoreReboot -verbose
Get-WUInstall -MicrosoftUpdate -AcceptAll -Install -IgnoreReboot -verbose

Optional updates:
(New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/3/9/7/3971FEA1-C483-409E-BF13-219F8A6E907E/Windows8.1-KB2975061-x64.msu'"c:\\temp\\Windows8.1-KB2975061-x64.msu")
winrs -r:localhost c:\windows\system32\wusa.exe c:\temp\Windows8.1-KB2975061-x64.msu /extract:c:\temp
winrs -r:localhost dism /online /add-package /PackagePath:c:\temp\Windows8.1-KB2975061-x64.cab /norestart
 
(New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/D/1/3/D13E3150-3BB2-4B22-9D8A-47EE2D609FFF/Windows8.1-KB2999226-x64.msu'"c:\\temp\\Windows8.1-KB2999226-x64.msu")
winrs -r:localhost c:\windows\system32\wusa.exe c:\temp\Windows8.1-KB2999226-x64.msu /extract:c:\temp
winrs -r:localhost dism /online /add-package /PackagePath:c:\temp\Windows8.1-KB2999226-x64.cab /norestart


Sysmon install:

$nodes = ("crkfsazwe0""crkfsazwe1")
 
 
Invoke-Command -ComputerName $nodes -ScriptBlock {
    if (!(test-path c:\temp)) {New-Item c:\temp -ItemType Directory}
    Invoke-WebRequest -Uri https://download.sysinternals.com/files/SysinternalsSuite.zip -OutFile c:\temp\SysinternalsSuite.zip
    Invoke-WebRequest -Uri https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml -OutFile c:\temp\sysmonconfig-export.xml
    if (test-path C:\temp\SysinternalsSuite.zip -PathType Leaf ) {write-host "C:\temp\SysinternalsSuite.zip found.Extracting" -ForegroundColor Cyan;Expand-Archive C:\temp\SysinternalsSuite.zip -DestinationPath C:\Tools -Force}
    else
    {write-host "C:\temp\SysinternalsSuite.zip not found." -ForegroundColor red}
    if (Test-Path c:\tools\sysmon.exe)
    {
        Write-Host "c:\tools\sysmon.exe found." -ForegroundColor Cyan
    }
    else
    {
        Write-Host "c:\tools\sysmon.exe not found." -ForegroundColor Red
        break
    }
    if (Test-Path c:\temp\sysmonconfig-export.xml)
    {
        Write-Host "Config c:\temp\sysmonconfig-export.xml found. Installing" -ForegroundColor Cyan
        c:\tools\sysmon.exe -accepteula -i c:\temp\sysmonconfig-export.xml
    }
    else
    {
        Write-Host "Config c:\temp\sysmonconfig-export.xml missing." -ForegroundColor Red
        break
    }
}


Regional settings:

Invoke-Command hostname -ScriptBlock {
 
if (!(test-path c:\temp)) {New-Item c:\temp -ItemType Directory} 
[xml]$XmlDocument = invoke-webrequest -Uri https://raw.githubusercontent.com/poorleno1/systemlocale/master/USRegion.xml -UseBasicParsing Select-Object -ExpandProperty content
$XmlDocument.Save("c:\temp\USRegion.xml")
# Set Locale, language etc.
$env:SystemRoot\System32\control.exe "intl.cpl,,/f:`"c:\temp\USRegion.xml`""
  
# Set Timezone
& tzutil /s "Central European Standard Time"
   
# Set languages/culture
Set-Culture en-US

}


Disable automatic updates:

#Disable Windows Update
  
Run Sconfig -> option 5 -> Manual
#Install Telnet-Client
  
Install-WindowsFeature Telnet-Client
  
  
#Add VM to Active Directory
Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
Import-module ActiveDirectory
 
Invoke-Command $nodes {
    # /au 4  - set automatic updates
    $p = Start-Process "C:\Windows\System32\cscript.exe" -ArgumentList "C:\windows\System32\SCregEdit.wsf /AU 1" -Wait -PassThru
    $env:computername
    $p.ExitCode
}
 
 
#or:
Invoke-Command $nodes {
    $reg_path = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
    if (-Not (Test-Path $reg_path)) { New-Item $reg_path -Force }
    Set-ItemProperty $reg_path -Name NoAutoUpdate -Value 1
    Set-ItemProperty $reg_path -Name AUOptions -Value 3
}

Install sysinternals:

Invoke-Command -Session $ses -ScriptBlock ${Function:DownloadFile} -ArgumentList "https://download.sysinternals.com/files/SysinternalsSuite.zip","c:\\temp\\SysinternalsSuite.zip"
Invoke-Command -Session $ses -ScriptBlock {
    $test_path=Test-Path C:\tools
    if(($test_path))
    {
        Remove-Item -Path C:\tools -Recurse -Force
    }
    Invoke-WebRequest -Uri 'https://download.sysinternals.com/files/SysinternalsSuite.zip' -OutFile 'c:\temp\SysinternalsSuite.zip'
    Add-Type -A 'System.IO.Compression.FileSystem'
    [IO.Compression.ZipFile]::ExtractToDirectory('c:\temp\SysinternalsSuite.zip''c:\tools')
 
    #instlling Windows update module
    Install-PackageProvider -Name NuGet -Force
    Install-Module PSWindowsUpdate -Force
}


Install PWSH:


if (!(Test-Path c:\temp)){mkdir c:\temp}
  
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri https://github.com/PowerShell/Win32-OpenSSH/releases/download/v8.0.0.0p1-Beta/OpenSSH-Win64.zip -outFile c:\temp\OpenSSH-Win64.zip
  
Expand-Archive C:\temp\OpenSSH-Win64.zip -DestinationPath 'C:\Program Files' -Force
"C:\Program Files\OpenSSH-Win64\install-sshd.ps1"
  
New-NetFirewallRule -DisplayName "SSH 22" -Direction Inbound -Name "SSH22" -LocalPort 22 -Protocol TCP -Action Allow -Profile Any
  
Set-Service -Name sshd -StartupType "Automatic"
Start-Service ssh*
get-service ssh*
  
iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI -Quiet"
  
New-Item -ItemType symboliclink -Target 'C:\Program Files\PowerShell\7' -Path 'c:\pwsh'
  
$fileName 'C:\ProgramData\ssh\sshd_config'
$nl = [Environment]::NewLine
  
  
Add-Content -Path $fileName -Value "PasswordAuthentication yes"
Add-Content -Path $fileName -Value "PubkeyAuthentication yes"
#(gc $fileName) -replace "Subsystem sftp    sftp-server.exe", "$&$($nl)Subsystem powershell C:\pwsh\pwsh.exe -sshs -NoLogo -NoProfile" | sc $fileName
(gc $fileName-replace "# override default of no subsystems""$&$($nl)Subsystem powershell C:\pwsh\pwsh.exe -sshs -NoLogo -NoProfile" sc $fileName
  
#new-item -Path C:\ProgramData\ssh\ -Name administrators_authorized_keys -ItemType File
Set-Content -Path "C:\ProgramData\ssh\administrators_authorized_keys" -Value "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDzopJmA+aO5ejUA1Bkb3NXpd9ZY200vNH33SKko7AObYpHt3YEHTlUvaD3PmAcWqaVfY8dQOj8a5CrYGwJjNqqw0vp9nDEvFSWxoy3/KZpudjHUdcaCHLShjIWG/kfSqdxdmxYLu8o/HAlDmB5gV3P1tzTQjtt89egu1dCHAqMR0bC6wLunz4mqfcRGqc5tGJ84vdE6G0lQZhDf03X68Ygx6UAx8P4A8AHqMm6sljkb7Z625g3ZYHfQSm4wP6U7wdjltXd2IJBdxT7qtsIqVVFTnicIW8IdjLYi7wSFXXxBROmEdFPYb1EP0H2MJxo8X83u3FpwsYU029BKkb070TArsz9GE/o1ot7nqYNZLB6bma6NQq8doIY6JpGwoBeRNhp+BTwVEm8IZA5WTJHAl3ZAcIsKNt4YUAK7tbLBZmnBCRFY8GjCWrPBKZviomExxyvQsZLEot7UjeWDsYdCDb21BBUPb69fG2t3Euxfet70rxByZFVvzcRk9HT6NU127gCGOzx53AWguwNMae3uP43XNSavg4+HY8Lyk6cb8VLSFa10p86QupZPrFRg6XvXa0+dJamRCmANKoUNxssbO7hn/egR+T6iU2IzPiQxxdMfZBtxM6G0FsFVR0XLPdYuz9kpqyRqTKpJIRPBWn0HxMvLeOQN6xhKalCVd/oaCYWQ== jarekole"
  
icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:d
icacls C:\ProgramData\ssh\administrators_authorized_keys /remove:g "Authenticated Users"
icacls C:\ProgramData\ssh\administrators_authorized_keys
  
restart-Service sshd

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)