Tasks to be done
1)customzied installation of antivirus symantec Virus and Spyware Protection
2)2.Startup and Recovery: Time to display list: 5 seconds, Auto restart, Kernel Memory Dump, overwrite
for this bcdedit /timeout ### can work but how to set time to display recovery option when needed
3) Based on the memory size we need to create the page file 1.5 times
4.change the setting of firewall off and stop service of firewall and make it manual
6 windows update never install
7.RDP encryption level is set to FIPS Compliant and negotiate
8)Sysback configuration procedure:thru task schduler(batch file already there)
9)install IIS, telnet client
10)check for software installed
11)NIC setting disable power setting change
12)Add static routes
13) add entries to host file
14)add to domain
15)activate windows
16)SSL v2 not disabled from registry (All keys should be added):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
Create a new REG_DWORD called “DisabledByDefault” and set the value to 1
Create a new REG_DWORD called “Enabled” and set the value to 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client
Create a new REG_DWORD called “DisabledByDefault” and set the value to 1
Create a new REG_DWORD called “Enabled” and set the value to 0
Working with the registry is fairly easy you have the PSProvider that let’s you treat the registry just like a file system. However adding keys is a bit more tricky.
[blockquote]Set-Location HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client
New-ItemProperty -Path . -Name DisabledByDefault -Value 1[/blockquote]
However at this stage in the game rather then trying to automate by script you may want to take the oportunity to learn PowerShell Desired State Configuration it makes stuff like this easier to repeat and more industry standard.
-VERN
As for the installation of your AV you will have to figure out the command line parameters the installer EXE has and call that from PowerShell. You can look to their documentation for information on that.
PageFile # You’ll have to use WMI for that
Get-WmiObject Win32_PageFileSetting
Setting things with WMI will take some practice however can be easily done in PowerShell DSC
6 I totally disagree with # 6 and have no help to offer there plus I would never want to do that unless the machine is never going to touch a network!!!
Install IIS
Import-Module ServerManager
Add-WindowsFeature Web-Server -IncludeAllSubFeature
You may want to experiment with the “IncludeAllSubfeatures”
Add to the domain I don’t have an example however there are tons of examples out there but again this is easier with DSC
-VERN
I have several questions\statements:
[ol]
[li] How are you deploying the OS? SCCM OSD? Disk Cloning? Cloning is a deprecated way to deploy and OS, you should really look into Microsoft Deployment Toolkit to capture and deploy an image if it’s a small shop. Another important cloning step you have not mentioned is SYSPREP, so make sure you are doing that or you will run into issues with system having duplicate GUIDs.[/li]
[li]Most of the items you are configuring are typically managed by Group Policy (e.g. firewall, startup and recovery,IE settings, etc. )[/li]
[li]Setting the memory to 1.5 times the installed memory is a deprecated ideology from Window NT 4.0. Windows has gotten better at managing memory and it’s recommended to let Windows manage memory. Do you really need to make that modification?
[li]Windows is typically activated with a KMS server. If a client isn’t activating, then you can reset the client KMS components with slmgr.vbs (see: http://technet.microsoft.com/en-us/library/ff793406.aspx)[/li]
[/ol]
I’ve deployed OS’s at a lot of companies and I think you should really look into MDT or other deployment technologies and group policy management. 90-95% of your item list would not be managed with a script when deploying an OS with a typical Operating System Deployment (OSD) infrastructure in place. MDT requires no licensing if cost is a consideration.