update

Serveur Microsoft/Configuration-serveur.ps1

@@ -0,0 +1,131 @@
+<#
+.SYNOPSIS
+    <Overview of script>
+
+.NOTES
+    Version        : 1.0
+    Author         : Hubert CORNET
+    Creation Date  : <Date>
+    Purpose/Change : <Initial script development>
+
+.LINK
+    https://www.tips-of-mine.fr
+
+.EXEMPLE
+    <Example goes here. Repeat this attribute for more than one example>
+
+.DESCRIPTION
+    Permet de :
+    - Renommer le serveur
+    - Changer la configuration reseau du serveur
+    - Desactiver la configuration de securite renforer pour IE (admins et/ou les users)
+    - Desactiver l'ouverture automatique du gestionnaire de serveur au demarrage
+
+    Teste sur : Windows Server 2008 R2 / Windows Server 2012 / Windows Server 2012R2 / Windows Server 2016 / Windows Server 2019 / Windows Server 2022
+
+.PARAMETER <Parameter_Name>
+    <Brief description of parameter input required. Repeat this attribute if required>
+
+.INPUTS
+    <Inputs if any, otherwise state None>
+
+.OUTPUTS
+    <Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
+#>
+
+#---------------------------------------------------------[Initialisations]--------------------------------------------------------
+
+# Définir l'action d'erreur pour continuer silencieusement
+$ErrorActionPreference = "SilentlyContinue"
+
+# Bibliothèques de fonctions requises
+
+#----------------------------------------------------------[Declarations]----------------------------------------------------------
+# Version Script
+$sScriptVersion = "1.0"
+
+#Log File Info
+$sLogPath = "C:\Tmp"
+$sLogName = "Configuration-serveur.log"
+$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName
+
+$serverIp                      = "10.0.4.100"
+$serverMask                    = "255.255.255.0"
+$serverInterfaceAlias          = "Ethernet0"
+$serverDefaultGateway          = "10.0.4.1"
+$serverDnsServers              = "10.0.4.4","10.0.4.2"
+$serverName                    = "SWRDSP01"
+$desactivateIeEsc              = $true
+$ieEscUsers                    = @("admins", "users")    # valeurs possible @("admins"), @("users") ou @("admins", "users")
+$doNotOpenServerManagerAtLogon = $false
+$JoinDomain                    = $false
+$Domain                        = "Tips-Of-Mine.local"
+$pw                            = "Password123" | ConvertTo-SecureString -asPlainText –Force # Specify the password for the domain admin.
+$usr                           = "$Domain\administrateur" # Specify the domain admin account.
+$creds                         = New-Object System.Management.Automation.PSCredential($usr,$pw)
+$RemoteDesktop                 = $true
+
+#-----------------------------------------------------------[Functions]------------------------------------------------------------
+
+ # fonction permettant de renommer le serveur
+ Function Set-ServerName {
+    param(
+        [string]$name
+    )
+
+    Rename-Computer -NewName $name
+}
+
+Function Set-ServerIpConfiguration {
+        param( 
+           [string]$ip,
+           [string]$mask,
+           [string]$defaultGateway,
+           [string]$interfaceAlias,
+           [string[]]$dnsServers
+     )
+
+     $nicIndex = (Get-WMIObject Win32_NetworkAdapter | where {$_.netconnectionid -eq $interfaceAlias}).InterfaceIndex
+     $nic = Get-WmiObject Win32_NetworkAdapterConfiguration | where {$_.InterfaceIndex -eq $nicIndex}
+     $nic.EnableStatic($ip, $mask)
+     $nic.SetGateways($defaultGateway)
+     $nic.SetDNSServerSearchOrder($dnsServers)
+ }
+
+ # fonction permettant de desactiver la securite renforcée pour ie
+ Function Disable-IeEscForUsers {
+     param(
+         [string[]]$users
+     )
+
+     If($ieEscUsers.Contains("admins")) {
+         $adminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
+         Set-ItemProperty -Path $adminKey -Name "IsInstalled" -Value 0
+     }
+     If($ieEscUsers.Contains("users")) {
+         $userKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
+         Set-ItemProperty -Path $userKey -Name "IsInstalled" -Value 0
+     }
+ }
+
+ # fonction permettant de desactiver l'ouverture automatique au demarrage du gestionnaire de serveur
+ Function Disable-OpenServerManagerAtLogon {
+     $serverManagerKey = "HKLM:\SOFTWARE\Microsoft\ServerManager"
+     Set-ItemProperty -Path $serverManagerKey -Name "DoNotOpenServerManagerAtLogon" -Value 1
+ }
+
+#------------------------------------------------------------[Script]--------------------------------------------------------------
+
+Set-ServerName -name $serverName
+Set-ServerIpConfiguration -ip $serverIp -mask $serverMask -defaultGateway $serverDefaultGateway -interfaceAlias $serverInterfaceAlias -dnsServers $serverDnsServers
+
+If ($desactivateIeEsc -eq $true) { Disable-IeEscForUsers -users $ieEscUsers }
+If ($doNotOpenServerManagerAtLogon -eq $true) { Disable-OpenServerManagerAtLogon }
+If ($JoinDomain -eq $true) { add-computer –domainname $Domain -Credential $creds -restart -force -verbose }
+If ($RemoteDesktop -eq $true) {
+    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\" -Name "fDenyTSConnections" -Value 0
+    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name "UserAuthentication" -Value 1
+    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
+}
+
+Restart-Computer