Powershell/Serveur Microsoft/Configuration-serveur.ps1

<#
.SYNOPSIS
    <Overview of script>

.NOTES
    Version        : 1.0
    Author         : Hubert CORNET
    Creation Date  : <Date>
    Purpose/Change : <Initial script development>

.LINK
    https://www.tips-of-mine.fr

.EXEMPLE
    <Example goes here. Repeat this attribute for more than one example>

.DESCRIPTION
    Permet de :
    - Renommer le serveur
    - Changer la configuration reseau du serveur
    - Desactiver la configuration de securite renforer pour IE (admins et/ou les users)
    - Desactiver l'ouverture automatique du gestionnaire de serveur au demarrage

    Teste sur : Windows Server 2008 R2 / Windows Server 2012 / Windows Server 2012R2 / Windows Server 2016 / Windows Server 2019 / Windows Server 2022

.PARAMETER <Parameter_Name>
    <Brief description of parameter input required. Repeat this attribute if required>

.INPUTS
    <Inputs if any, otherwise state None>

.OUTPUTS
    <Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
#>

#---------------------------------------------------------[Initialisations]--------------------------------------------------------

# Définir l'action d'erreur pour continuer silencieusement
$ErrorActionPreference = "SilentlyContinue"

# Bibliothèques de fonctions requises

#----------------------------------------------------------[Declarations]----------------------------------------------------------
# Version Script
$sScriptVersion = "1.0"

#Log File Info
$sLogPath = "C:\Tmp"
$sLogName = "Configuration-serveur.log"
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName

$serverIp                      = "10.0.4.100"
$serverMask                    = "255.255.255.0"
$serverInterfaceAlias          = "Ethernet0"
$serverDefaultGateway          = "10.0.4.1"
$serverDnsServers              = "10.0.4.4","10.0.4.2"
$serverName                    = "SWRDSP01"
$desactivateIeEsc              = $true
$ieEscUsers                    = @("admins", "users")    # valeurs possible @("admins"), @("users") ou @("admins", "users")
$doNotOpenServerManagerAtLogon = $false
$JoinDomain                    = $false
$Domain                        = "Tips-Of-Mine.local"
$pw                            = "Password123" | ConvertTo-SecureString -asPlainText –Force # Specify the password for the domain admin.
$usr                           = "$Domain\administrateur" # Specify the domain admin account.
$creds                         = New-Object System.Management.Automation.PSCredential($usr,$pw)
$RemoteDesktop                 = $true

#-----------------------------------------------------------[Functions]------------------------------------------------------------

 # fonction permettant de renommer le serveur
 Function Set-ServerName {
    param(
        [string]$name
    )

    Rename-Computer -NewName $name
}

Function Set-ServerIpConfiguration {
        param( 
           [string]$ip,
           [string]$mask,
           [string]$defaultGateway,
           [string]$interfaceAlias,
           [string[]]$dnsServers
     )

     $nicIndex = (Get-WMIObject Win32_NetworkAdapter | where {$_.netconnectionid -eq $interfaceAlias}).InterfaceIndex
     $nic = Get-WmiObject Win32_NetworkAdapterConfiguration | where {$_.InterfaceIndex -eq $nicIndex}
     $nic.EnableStatic($ip, $mask)
     $nic.SetGateways($defaultGateway)
     $nic.SetDNSServerSearchOrder($dnsServers)
 }

 # fonction permettant de desactiver la securite renforcée pour ie
 Function Disable-IeEscForUsers {
     param(
         [string[]]$users
     )

     If($ieEscUsers.Contains("admins")) {
         $adminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
         Set-ItemProperty -Path $adminKey -Name "IsInstalled" -Value 0
     }
     If($ieEscUsers.Contains("users")) {
         $userKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
         Set-ItemProperty -Path $userKey -Name "IsInstalled" -Value 0
     }
 }

 # fonction permettant de desactiver l'ouverture automatique au demarrage du gestionnaire de serveur
 Function Disable-OpenServerManagerAtLogon {
     $serverManagerKey = "HKLM:\SOFTWARE\Microsoft\ServerManager"
     Set-ItemProperty -Path $serverManagerKey -Name "DoNotOpenServerManagerAtLogon" -Value 1
 }

#------------------------------------------------------------[Script]--------------------------------------------------------------

Set-ServerName -name $serverName
Set-ServerIpConfiguration -ip $serverIp -mask $serverMask -defaultGateway $serverDefaultGateway -interfaceAlias $serverInterfaceAlias -dnsServers $serverDnsServers

If ($desactivateIeEsc -eq $true) { Disable-IeEscForUsers -users $ieEscUsers }
If ($doNotOpenServerManagerAtLogon -eq $true) { Disable-OpenServerManagerAtLogon }
If ($JoinDomain -eq $true) { add-computer –domainname $Domain -Credential $creds -restart -force -verbose }
If ($RemoteDesktop -eq $true) {
    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\" -Name "fDenyTSConnections" -Value 0
    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name "UserAuthentication" -Value 1
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
}

Restart-Computer