Pitted Knowledge of the Almighty Olive: Configure Windows via a batch script

While I primarily use *nix based systems at home and work, I am sometimes called upon to administer Windows boxes. I have finally decided to do some basic research to figure out how to automate these tasks; behold, my Windows configuration batch script!!!

Note: This script must be executed with Administrator privileges.

@ECHO OFF


net user Guard /add


sc config "CertPropSvc" start= disabled


sc config "Browser" " start= disabled


sc config "UxSms" start= disabled


sc config "DPS" start= disabled


sc config "TrkWks" start= disabled


sc config "IKEEXT" start= disabled


sc config "PcaSvc" start= disabled


sc config "EMDMgmt" start= disabled


sc config "RasAuto" start= disabled


sc config "RasMan" start= disabled


sc config "RemoteRegistry" start= disabled


sc config "SCardSvr" start= disabled


sc config "SCPolicySvc" start= disabled


sc config "LanmanServer" start= disabled


sc config "TabletInputService" start= disabled


sc config "TermService" start= disabled


sc config "WebClient" start= disabled


sc config "idsvc" start= disabled


sc config "wcncsvc" start= disabled


sc config "WMPNetworkSvc" start= disabled


sc config "WinRM" start= disabled


sc config "WinHttpAutoProxySvc" start= disabled


sc config "AppMgmt" start= disabled


sc config "WdiServiceHost" start= disabled


sc config "WdiSystemHost" start= disabled


netsh advfirewall firewall add rule name="Rule1" dir=out action=allow protocol=tcp remoteport=80,8080,8443,443 remoteip=10.0.0.60 profile=any


netsh advfirewall firewall add rule name="MAIL" dir=out action=allow protocol=tcp remoteport=110,143,993,995,25,587,465 remoteip=any profile=any


netsh advfirewall firewall add rule name="LOCAL" dir=out action=allow protocol=tcp remoteport=any remoteip=localsubnet profile=any


netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound


netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound


netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound


netsh advfirewall set domainprofile state on


netsh advfirewall set privateprofile state on


netsh advfirewall set publicprofile state on

A quick rundown of what this code actually does:

The program sc is a program that interacts with windows services. I use the config keyword to disable some services from starting.
The netsh program does multiple things, one of which is to configure the windows firewall. In this script I add a couple of rules and apply them to the domain.
The second line of the batch script creates a new user.

References:

Windows Knowledge Base article about how to use 'netsh advfirewall' instead of 'netsh firewall'
Grand Stream Dreams blog post about how to interact with windows firewall via batch scripts
Stack overflow Q&A about creating users from the command line
Paradineshift article about how to disable services via a batch script

Pitted Knowledge of the Almighty Olive

Jan 30, 2012

Configure Windows via a batch script

No comments:

Post a Comment