Table of Contents

5.4 Scripting

Sample Build Script

Below is an example of a Sample script that has been constructed to build a business domain computer to company standards by installing various settings and software. By utilising many different commands into one script this simplifies the build process time to deploy devices.

The file can be either saved as a PowerShell script (.ps1) file and run using a start-process PowerShell command pointed to the filepath or copied into PowerShell ISE and run directly from within the shell completly. Each part of the script will start one after the other and print an error if it fails.

# 1) On device open Powershell ISE and run the bellow commands

Rename-Computer -NewName "INSERT COMPUTER NAME"

# 2) Domain Join

Add-Computer -DomainName "poshpython.local" -Credential (get-credential)

# 3) Move to computers AD OU

$Session = New-PSSession -ComputerName "dc02" -Credential (get-credential)
Invoke-Command -ScriptBlock {Import-Module ActiveDirectory} -Session $Session
Invoke-Command -ScriptBlock {Get-ADComputer -Identity "$env:COMPUTERNAME" | Move-ADObject -TargetPath "OU=Windows 10,OU=Workstations,DC=poshpython,DC=local"} -Session $Session

# 4) ODBC 32bit - System DSN - Required for company custom software

invoke-item -path \\fs01\IT\Build_Scripts\ODBCscript.bat

# 5) Remove Bloatware

(Get-WmiObject -Class win32_product | Where-Object {$_.name -like "*office*" -or $_.name -like "*trend*" -or $_.name -like "*mcafe*" -or $_.name -like "*symantec*" -or$_.name -like "*kapersky*"}).uninstall()

# 6) Local Admin

Remove-LocalUser -Name "user"
Set-LocalUser -Name "administrator" -Password (ConvertTo-SecureString -AsPlainText "P@ssword!" -Force)
Enable-LocalUser -Name "administrator"

# 7) Citrix Shortcut

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("c:\users\public\Desktop\Citrix.url")
$Shortcut.TargetPath = http://storefront.poshpython.com

# 8) RDP

(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null

# 9) No Domain Firewall

netsh advfirewall set domain state off

# 10) Date/Time

$timeZone = "AUS Eastern Standard Time"
$WinOSVerReg = Get-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$WinOSVer = $WinOSVerReg.GetValue("CurrentVersion")
if ($WinOSVer -GE 6){
tzutil.exe /s $timeZone
} Else {
$params = "/c Start `"Change timeZone`" /MIN %WINDIR%\System32\Control.exe TIMEDATE.CPL,,/Z "
$params += $timeZone
$proc = [System.Diagnostics.Process]::Start( "CMD.exe", $params )

# 11) SMB 1

DISM /Online /Enable-Feature /All /FeatureName:SMB1Protocol

# 12) Fonts - Required for custom software

$FONTS = 0x14
$objShell = New-Object -ComObject Shell.Application
$objFolder = $objShell.Namespace($FONTS)

# now copy each file

foreach($File in $(Ls $Frompath)) {

# 13 )Silent Install

Start-Process .\jre-8u171-windows-x64.exe -ArgumentList "/s" -Wait

Visit next page to learn about - 5.5 Testing - Debugging