Windows Server 2016 桌面环境的自动配置脚本

Posted 备忘录

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Windows Server 2016 桌面环境的自动配置脚本相关的知识,希望对你有一定的参考价值。

github:https://github.com/m2nlight/WindowsServerToWindowsDesktop

下载:https://github.com/m2nlight/WindowsServerToWindowsDesktop/archive/master.zip

它的功能是自动启动音频服务、允许未登录关机、禁用Ctrl+Alt+Del登录系统、禁用关机时要求输入关机原因、CPU性能优秀程序、IE安全策略、登录时不现实服务器管理器、禁用密码混淆和长度要求、当前用户密码永不过期,安装Bitlocker、Direct-Play、无线网络、优质Windows音视频体验组件。

 

  • Config Service

    • [Automatic] Windows Audio
    • [Automatic] Windows Audio Endpoint Builder
    • [Manual] Windows Remote Management (WS-Management)

  • Config Registry and GroupPolicy

    • Enable Shutdown without logon
    • Disable Shutdown reason On
    • No Lock Screen
    • Disable Ctrl+Alt+Del login
    • Disable UAC
    • Disable DEP (Turn on DEP for essential Windows programs and services only)
    • Disable SEHOP
    • Enable disk performance counters
    • Enable Video Hardware Acceleration (Thanks @cjrcl)
    • Enable Audio Hardware Acceleration
    • CPU Priority for Program
    • Adjust Visual Effects (Manual)
    • Adjust IE MaxConnection
    • IE Security Policy
    • Disable TCP Auto-Tuning
    • Change Power Scheme To High Performance
    • No Autorun Server Manager
    • Disable Password complexity and Minimum password length
    • Current user Password never expires
    • Disable Application Experience task schedulers
    • Disable Customer Experience Improvement Program task schedulers

  • Config Windows Feature

    • BitLocker
    • Direct-Play
    • Wireless-Networking
    • qWave


 

将脚本复制到桌面,并且要求管理员权限,去运行,输入y开始配置,会重新启动一次系统,演示效果如图:

 

BAT脚本如下:

  1 @echo off
  2 pushd %~dp0
  3 set gpfile=temp_gpfile
  4 set currentuser=%username%
  5 set videopsfile=Acceleration.Level.ps1
  6 rem UAC code begin
  7 set getadminfile=getadmin.vbs
  8 echo Windows Server To Windows Desktop
  9 echo =================================
 10 echo Starting
 11 "%SYSTEMROOT%\\system32\\cacls.exe" "%SYSTEMROOT%\\system32\\config\\SYSTEM" >nul 2>nul
 12 if %ERRORLEVEL% EQU 0 (
 13     goto :Admin
 14 ) else (
 15     if %ERRORLEVEL% EQU 2 (
 16         goto :PathErr
 17     ) else (
 18         goto :UAC
 19     )
 20 )
 21 :PathErr
 22 echo.
 23 echo Please open "%~n0%~x0" by explorer.exe
 24 echo.
 25 echo Press any key to explore the folder...
 26 pause>nul
 27 start "" "%SYSTEMROOT%\\system32\\explorer.exe" /select,"%~f0"
 28 goto :END
 29 :UAC
 30 echo Set sh = CreateObject^("Shell.Application"^) > %getadminfile%
 31 echo sh.ShellExecute "%~f0", "", "", "runas", 1 >> %getadminfile%
 32 ping 127.1 -n 1 >nul
 33 "%SYSTEMROOT%\\system32\\cscript.exe" %getadminfile%
 34 goto :END
 35 :Admin
 36 if exist %getadminfile% ( del %getadminfile% )
 37 cls
 38 rem UAC code end
 39 if "%currentuser%" == "" set currentuser=Administrator
 40 echo Windows Server To Windows Desktop
 41 echo =================================
 42 ::PowerShell /Command "&{Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty Caption}"
 43 set caption=
 44 for /f "skip=1 delims=" %%t in (\'wmic os get caption\') do (
 45 if not defined caption set caption=%%t
 46 )
 47 echo %caption%
 48 echo %caption%|find /i "Windows Server">nul 2>nul
 49 if ERRORLEVEL 1 goto :OSERR
 50 echo Current Domain: %USERDOMAIN%
 51 echo Current User: %currentuser%
 52 echo.
 53 set /p tmpInput=Maybe will restart computer. Are you ready? (Y/N):
 54 if /i "%tmpInput%"=="y" goto :START
 55 echo Canelled.
 56 echo Press any key to exit...
 57 pause>nul
 58 goto :END
 59 :OSERR
 60 echo.
 61 echo ERROR: Unsupported operating system!
 62 echo Press any key to exit...
 63 pause>nul
 64 goto :END
 65 :START
 66 echo (1/3) Config Service
 67 PowerShell /Command "&{Import-Module ServerManager}"
 68 echo - [Automatic] Windows Audio
 69 PowerShell /Command "&{Set-Service "Audiosrv" -StartupType Automatic}"
 70 echo - [Automatic] Windows Audio Endpoint Builder
 71 PowerShell /Command "&{Set-Service "AudioEndpointBuilder" -StartupType Automatic}"
 72 echo - [Manual] Windows Remote Management (WS-Management)
 73 PowerShell /Command "&{Set-Service "WinRM" -StartupType Manual}"
 74 echo (2/3) Config Registry and GroupPolicy
 75 echo - Enable Shutdown without logon
 76 REG ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v ShutdownWithoutLogon /t REG_DWORD /d 1 /f>nul
 77 echo - Disable Shutdown reason On
 78 REG ADD "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Reliability" /v ShutdownReasonOn /t REG_DWORD /d 0 /f>nul
 79 :: echo - No Lock Screen
 80 :: reg add "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization" /v "NoLockScreen" /t REG_DWORD /d 0x1 /f>nul
 81 echo - Disable Ctrl+Alt+Del login
 82 REG ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableCAD /t REG_DWORD /d 1 /f>nul
 83 echo - Disable UAC
 84 reg add "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" /v "EnableLUA" /t REG_DWORD /d 0x0 /f>nul
 85 echo - Disable DEP (Turn on DEP for essential Windows programs and services only)
 86 bcdedit /set {current} nx OptIn>nul
 87 ::bcdedit /set {current} nx AlwaysOff>nul
 88 echo - Disable SEHOP
 89 reg add "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0x1 /f>nul
 90 echo - Enable disk performance counters
 91 diskperf -Y>nul
 92 if exist %videopsfile%. (
 93 echo - Enable Video Hardware Acceleration
 94 PowerShell -ExecutionPolicy Unrestricted -File %videopsfile%>nul
 95 del Acceleration.Level.reg /f /q
 96 )
 97 echo - Enable Audio Hardware Acceleration
 98 reg add "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Multimedia\\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d 0x14 /f>nul
 99 echo - CPU Priority for Program
100 REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Control\\PriorityControl /v Win32PrioritySeparation /t REG_DWORD /d 38 /f>nul
101 echo - Adjust Visual Effects (Manual)
102 SystemPropertiesPerformance.exe
103 ::reg add HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
104 ::reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VisualEffects /v VisualFXSetting /t REG_DWORD /d 1 /f>nul
105 ::reg add "HKCU\\Control Panel\\Desktop" /v DragFullWindows /t REG_SZ /d 1 /f>nul
106 ::reg add "HKCU\\Control Panel\\Desktop" /v FontSmoothing /t REG_SZ /d 2 /f>nul
107 ::reg add "HKCU\\Control Panel\\Desktop" /v MinAnimate /t REG_SZ /d 1 /f>nul
108 ::reg add "HKCU\\Control Panel\\Desktop" /v UserPreferencesMask /t REG_BINARY /d 9E3E078012000000 /f>nul
109 echo - Adjust IE Max Connection
110 reg add "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" /v "MaxConnectionsPer1_0Server" /t REG_DWORD /d 10 /f>nul
111 echo - IE Security Policy
112 REG ADD "HKLM\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
113 REG ADD "HKLM\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f>nul
114 Rundll32 iesetup.dll, IEHardenLMSettings
115 Rundll32 iesetup.dll, IEHardenUser
116 Rundll32 iesetup.dll, IEHardenAdmin
117 echo - Disable TCP Auto-Tuning
118 netsh interface tcp set heuristics disabled>nul
119 echo - Change Power Scheme To High Performance
120 powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c>nul
121 echo - No Autorun Server Manager
122 REG ADD HKLM\\Software\\Microsoft\\ServerManager /v DoNotOpenServerManagerAtLogon /t REG_DWORD /d 1 /f>nul
123 echo - Disable Password complexity and Minimum password length
124 echo [version]>%gpfile%.inf
125 echo signature="$CHICAGO$">>%gpfile%.inf
126 echo [System Access]>>%gpfile%.inf
127 echo MinimumPasswordLength = 0 >>%gpfile%.inf
128 echo PasswordComplexity = 0 >>%gpfile%.inf
129 secedit /configure /db %gpfile%.sdb /cfg %gpfile%.inf /log %gpfile%.log>nul 2>nul
130 del %gpfile%.inf %gpfile%.sdb %gpfile%.log %gpfile%.jfm /f /q
131 echo - %currentuser%\'s Password never expires
132 wmic Path Win32_UserAccount Where Name="%currentuser%" Set PasswordExpires="FALSE">nul
133 echo   PasswordExpires List:
134 wmic useraccount get Name,PasswordExpires
135 echo - Disable Application Experience task schedulers
136 schtasks /change /tn "\\Microsoft\\Windows\\Application Experience\\Microsoft Compatibility Appraiser" /disable>nul 2>nul
137 schtasks /change /tn "\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater" /disable>nul 2>nul
138 schtasks /change /tn "\\Microsoft\\Windows\\Application Experience\\StartupAppTask" /disable>nul 2>nul
139 echo - Disable Customer Experience Improvement Program task schedulers
140 schtasks /change /tn "\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator" /disable>nul 2>nul
141 schtasks /change /tn "\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask" /disable>nul 2>nul
142 schtasks /change /tn "\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" /disable>nul 2>nul
143 echo (3/3) Config Windows Feature
144 echo - BitLocker
145 echo - Direct-Play
146 echo - Wireless-Networking
147 echo - qWave
148 echo please wait...
149 PowerShell /Command "&{Install-WindowsFeature "BitLocker","Direct-Play","Wireless-Networking","qWave" -Restart}"
150 echo Completed!
151 echo Press any key to exit...
152 pause>nul
153 :END
154 if exist %getadminfile% ( del %getadminfile% )
155 popd

 

Acceleration.Level.ps1

 1 function WriteKey($File, $Key)
 2 {
 3     ECHO $Key >> $File;
 4     ECHO \'"Acceleration.Level"=dword:00000000\' >> $File;
 5     ECHO "" >> $File;
 6 }
 7 
 8 function Generate($File, $ControlSet)
 9 {
10     $Item = Get-Item -Path "HKLM:\\HARDWARE\\DEVICEMAP\\VIDEO";
11     $ValueNames = $Item.GetValueNames();
12     foreach($ValueName in $ValueNames)
13     {
14         if($ValueName.StartsWith("\\Device\\Video"))
15         {
16             $Value = $Item.GetValue($ValueName);
17             if($Value.Length -gt 43)
18             {
19                 $Guid = $Value.SubString($Value.Length - 43, 38);
20                 $ObjectNumber = $Value.SubString($Value.Length - 4);
21                 try
22                 {
23                     [System.Guid]::Parse($Guid);
24                     [System.Int32]::Parse($ObjectNumber);
25                 }
26                 catch
27                 {
28                     continue;
29                 }
30                 $Path = "HKLM:\\SYSTEM\\" + $ControlSet + "\\Control\\Video\\" + $Guid + "\\Video";
31                 $Service = (Get-Item -Path $Path).GetValue("Service");
32                 $Path = "HKLM:\\SYSTEM\\" + $ControlSet + "\\Services\\" + $Service;
33                 $ChildItems = Get-ChildItem -Path $Path;
34                 foreach($ChildItem in $ChildItems)
35                 {
36                     if($ChildItem.PSChildName.StartsWith("Device"))
37                     {
38                         $Key = "[" + $ChildItem.Name + "]";
39                         WriteKey $File $Key;
40                     }
41                 }
42                 $Key = "[HKEY_LOCAL_MACHINE\\SYSTEM\\" + $ControlSet + "\\Control\\Video\\" + $Guid + "\\" + $ObjectNumber + "]";
43                 WriteKey $File $Key;
44                 $Key = "[HKEY_LOCAL_MACHINE\\SYSTEM\\" + $ControlSet + "\\Control\\Video\\" + $Guid + "\\" + $ObjectNumber + "\\Settings]";
45                 WriteKey $File $Key;
46             }
47         }
48     }
49     $VideoControllers = Get-WmiObject -Class Win32_VideoController;
50     foreach($VideoController in $VideoControllers)
51     {
52         $PnPEntities = Get-WmiObject -Class Win32_PnPEntity;
53         foreach($PnPEntity in $PnPEntities)
54         {
55             if($PnPEntity.PNPDeviceID -eq $VideoController.PNPDeviceID)
56             {
57                 $Path = "HKLM:\\SYSTEM\\" + $ControlSet + "\\Control\\Class\\" + $PnPEntity.ClassGuid;
58                 $ChildItems = Get-ChildItem -Path $Path;
59                 foreach($ChildItem in $ChildItems)
60                 {
61                     try
62                     {
63                         [System.Int32]::Parse($ChildItem.PSChildName);
64                     }
65                     catch
66                     {
67                         continue;
68                     }
69                     $Key = "[" + $ChildItem.Name + "]";
70                     WriteKey $File $Key;
71                     $Key = "[" + $ChildItem.Name + "\\Settings]";
72                     WriteKey $File $Key;
73                 }
74             }
75         }
76     }
77 }
78 
79 $File = "Acceleration.Level.reg";
80 New-Item $File -Type File -Force;
81 ECHO "Windows Registry Editor Version 5.00" > $File;
82 ECHO "" >> $File;
83 Generate $File "ControlSet001";
84 Generate $File "ControlSet002";
85 Generate $File "CurrentControlSet";
86 TYPE $File;
87 regedit.exe /s $File;

 

以上是关于Windows Server 2016 桌面环境的自动配置脚本的主要内容,如果未能解决你的问题,请参考以下文章

VMware虚拟机安装windows server 2016

windows server 2016 远程桌面服务在哪

Windows Server 2016-活动目录NTP时间同步

为啥我的Windows server 2016 一开机就不显示桌面,只显示cmd?

windows server2016有几个版本

Windows Server 2016之RDS部署