PS | Initial Configuration for New Windows Server

You are here:
← All Topics
Contents

Refer to the PowerShell Script below on how to perform initial configuration for new Windows Server, like

  • Set Timezone
  • Enabled Remote Desktop
  • Set IPv4 as prefered protocol
  • Firewall Rule – Allow RDP, ICMPv4 (Ping)m and File Sharing
  • Rename Computer
  • Set Static IP & DNS
  • Windows Update
  • Disable Windwos Defender (Optional)
  • Install Chocolatey Package Manager (Optional)

Declare variable

$ComputerName = "LAB-VEEAM10"
$Interface = "ethernet0"
$IPv4 = "192.168.1.201"
$Prefix = "24"
$DefaultGateway = "192.168.1.1"
$DNSServer = "192.168.1.200"
$TimeZone = "Malay Peninsula Standard Time"

Set Time Zone

#Time Zone = Malaysia
Set-TimeZone -Name $TimeZone

Enable Remote Desktop

#Enable Remote Desktop 
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0

Set IPv4 as prefered protocol

#Pefer IPv4 over IPv6
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" -Name DisabledComponents -Value 0x20 -PropertyType Dword

Firewall Rule – Allow RDP, ICMPv4 (Ping)m and File Sharing

#Firewall Rules 
#Allow inbound RDP 
Set-NetFirewallRule -DisplayGroup "Remote Desktop" -Enabled True

#File Sharing - Optional 
Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True

#Allow Ping Response for IPv4 for 192.168.1.0/24 segment only - Optional 
New-NetFirewallRule -DisplayName "Allow inbound ICMPv4" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress 192.168.1.0/24 -Action Allow

Rename Computer and set static IP Address

#Rename Computer
Rename-Computer -NewName $ComputerName

#Change IP Address
New-NetIPAddress -InterfaceAlias $Interface -IPAddress $IPv4 -PrefixLength $Prefix -DefaultGateway $DefaultGateway
#DNS Client
Set-DnsClientServerAddress -InterfaceAlias $Interface -ServerAddresses $DNSServer

Perform Windows Update

#WindowsUpdate
Install-Module PSWindowsUpdate 
Install-WindowsUpdate -AcceptAll -Install -IgnoreReboot | Out-File "c:\Logs\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

Disable Windows Defender – Optional

#Disable Windows Defender -Optional 
Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true `
-DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled `
-EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

Install Chocolatey Package Manager (Optional)

#Package Manager - Chocolatey 
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))