Задать вопрос

Анатолий

Ответы пользователя по тегу Microsoft

  • Телеметрия Windows Server 2016. Как сменить тип запуска или выключить?

    @rbobot
    Имена меняются в зависимости от пользователя.
    Я решил с помощью Powershell DSC, сохранить как Hardening.ps1 и запустить:

    Configuration Hardening{
	Node localhost {
		Script CDPUserSvc {
			GetScript  = {
				$Service = Get-Service -Name "CDPUserSvc*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "CDPUserSvc*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "CDPUserSvc*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc -Name Start -Value 4 -Type DWord
			}
		}
		Script OneSyncSvc {
			GetScript  = {
				$Service = Get-Service -Name "OneSyncSvc*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "OneSyncSvc*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "OneSyncSvc*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc -Name Start -Value 4 -Type DWord
			}
		}
		Script PimIndexMaintenanceSvc {
			GetScript  = {
				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "PimIndexMaintenanceSvc*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc -Name Start -Value 4 -Type DWord
			}
		}
		Script UserDataSvc {
			GetScript  = {
				$Service = Get-Service -Name "UserDataSvc*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "UserDataSvc*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "UserDataSvc*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc -Name Start -Value 4 -Type DWord
			}
		}
		Script UnistoreSvc {
			GetScript  = {
				$Service = Get-Service -Name "UnistoreSvc*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "UnistoreSvc*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "UnistoreSvc*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc -Name Start -Value 4 -Type DWord
			}
		}
		Script WpnUserService {
			GetScript  = {
				$Service = Get-Service -Name "WpnUserService*"
				return @{ result = "$( $Service.Name) $( $Service.Status )" }
			}
			TestScript = {
				$Service = Get-Service -Name "WpnUserService*"
				if ( $Service -and ( $Service.StartType -ne 'Disabled' )) {
					Write-Verbose "Service $( $Service.Name ) is NOT in disable state."
					return $false
				} else {
					Write-Verbose "Service $( $Service.Name ) is in disable state."
					return $true
				}
			}
			SetScript  = {
				$Service = Get-Service -Name "WpnUserService*"
				Write-Verbose "Applying settings to service $( $Service.Name )."
				Stop-Service -Name $Service.Name
				Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService -Name Start -Value 4 -Type DWord
			}
		}
	}
}
Push-Location $PSScriptRoot
Enable-PSRemoting -Force -Confirm:$false
. $PSScriptRoot\Hardening.ps1
Hardening
Start-DscConfiguration -Path $PSScriptRoot\Hardening -Verbose -Wait -Force
    Ответ написан
    3 комментария
    3 комментария