Ответы пользователя по тегу Системное администрирование
  • Перенос локальных групповых политик на множество компьютеров. Как?

    Powershell DSC, сам недавно перенес все.
    Ответ написан
    Комментировать
  • Телеметрия Windows Server 2016. Как сменить тип запуска или выключить?

    Имена меняются в зависимости от пользователя.
    Я решил с помощью Powershell DSC, сохранить как Hardening.ps1 и запустить:

    Configuration Hardening{
    	Node localhost {
    		Script CDPUserSvc {
    			GetScript  = {
    				$Service = Get-Service -Name "CDPUserSvc*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "CDPUserSvc*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "CDPUserSvc*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc -Name Start -Value 4 -Type DWord
    			}
    		}
    		Script OneSyncSvc {
    			GetScript  = {
    				$Service = Get-Service -Name "OneSyncSvc*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "OneSyncSvc*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "OneSyncSvc*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc -Name Start -Value 4 -Type DWord
    			}
    		}
    		Script PimIndexMaintenanceSvc {
    			GetScript  = {
    				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc -Name Start -Value 4 -Type DWord
    			}
    		}
    		Script UserDataSvc {
    			GetScript  = {
    				$Service = Get-Service -Name "UserDataSvc*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "UserDataSvc*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "UserDataSvc*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc -Name Start -Value 4 -Type DWord
    			}
    		}
    		Script UnistoreSvc {
    			GetScript  = {
    				$Service = Get-Service -Name "UnistoreSvc*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "UnistoreSvc*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "UnistoreSvc*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc -Name Start -Value 4 -Type DWord
    			}
    		}
    		Script WpnUserService {
    			GetScript  = {
    				$Service = Get-Service -Name "WpnUserService*"
    				return @{ result = "$( $Service.Name) $( $Service.Status )" }
    			}
    			TestScript = {
    				$Service = Get-Service -Name "WpnUserService*"
    				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
    					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
    					return $false
    				} else {
    					Write-Verbose "Service $( $Service.Name ) is in disable state."
    					return $true
    				}
    			}
    			SetScript  = {
    				$Service = Get-Service -Name "WpnUserService*"
    				Write-Verbose "Applying settings to service $( $Service.Name )."
    				Stop-Service -Name $Service.Name
    				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService -Name Start -Value 4 -Type DWord
    			}
    		}
    	}
    }
    Push-Location $PSScriptRoot
    Enable-PSRemoting -Force -Confirm:$false
    . $PSScriptRoot\Hardening.ps1
    Hardening
    Start-DscConfiguration -Path $PSScriptRoot\Hardening -Verbose -Wait -Force
    Ответ написан
    3 комментария
  • Как заменить символ внутри всех элементов массива после import-csv?

    Сделай импорт Get-Content, удали все символы, потом отправь в ConvertFrom-CSV.
    Ответ написан
    Комментировать
  • Как создать доверительные отношения между клиентом и сервером?

    Вылетел из домена, надо вывести и ввести повторно, под локальным админом.
    Ответ написан
    Комментировать