18 May 2016

Home » » Configure PowerShell Settings

Configure PowerShell Settings

  Wednesday, May 18, 2016    No comments
Recently, we needed to start building select machines off of our domain for special projects. This meant that group policies would not be applied. I use GPOs to set PowerShell settings on all of the machines. With these machines no longer getting GPOs applied, PowerShell scripts would no longer execute correctly because some of my scripts also use a module I push via GPO and the execution policy was not updated. This lead me to write, with the help and ease of Sapien's PowerShell Studio, the script below that will set the execution policy, configure the RunAs Administrator, configure additional paths for PowerShell modules, and copies PowerShell modules over. This gets executed after the first windows updates are applied in the task sequencing. If the script is executed manually, there is an output screen that shows if each setting is a success or failure.

To use this script, you will need to update/verify lines 212, 217, 224, and 225. Of course, if you don't want all of those things to change, you can comment some of them out.

You can download the script from here.


1:  <#  
2:       .SYNOPSIS  
3:            Configure PowerShell  
4:         
5:       .DESCRIPTION  
6:            Configure PowerShell execution policy and install PowerShell modules.  
7:         
8:       .DESCRIPTION  
9:            A description of the file.  
10:         
11:       .PARAMETER PSConsoleTitle  
12:            Title of the PowerShell Console  
13:         
14:       .EXAMPLE  
15:            powershell.exe -executionpolicy bypass -file ConfigurePowerShell.ps1  
16:         
17:       .NOTES  
18:            ===========================================================================  
19:            Created with:     SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.122  
20:            Created on:       5/18/2016 12:12 PM  
21:            Created by:       Mick Pletcher  
22:            Organization:  
23:            Filename:         ConfigurePowerShell.ps1  
24:            ===========================================================================  
25:  #>  
26:  [CmdletBinding()]  
27:  param  
28:  (  
29:            [string]$PSConsoleTitle = 'PowerShell Configuration'  
30:  )  
31:    
32:  function Set-ConsoleTitle {  
33:  <#  
34:       .SYNOPSIS  
35:            Console Title  
36:         
37:       .DESCRIPTION  
38:            Sets the title of the PowerShell Console  
39:         
40:       .PARAMETER ConsoleTitle  
41:            Title of the PowerShell Console  
42:         
43:       .NOTES  
44:            Additional information about the function.  
45:  #>  
46:         
47:       [CmdletBinding()]  
48:       param  
49:       (  
50:                 [Parameter(Mandatory = $true)][String]$ConsoleTitle  
51:       )  
52:         
53:       $host.ui.RawUI.WindowTitle = $ConsoleTitle  
54:  }  
55:    
56:  function Get-RelativePath {  
57:  <#  
58:       .SYNOPSIS  
59:            Get the relative path  
60:         
61:       .DESCRIPTION  
62:            Returns the location of the currently running PowerShell script  
63:         
64:       .NOTES  
65:            Additional information about the function.  
66:  #>  
67:         
68:       [CmdletBinding()][OutputType([string])]  
69:       param ()  
70:         
71:       $Path = (split-path $SCRIPT:MyInvocation.MyCommand.Path -parent) + "\"  
72:       Return $Path  
73:  }  
74:    
75:  function Set-RegistryKeyValue {  
76:  <#  
77:       .SYNOPSIS  
78:            Test if a registry value exists  
79:         
80:       .DESCRIPTION  
81:            This tests to see if a registry value exists by using the get-itemproperty and therefore returning a boolean value if the cmdlet executes successfully.  
82:         
83:       .PARAMETER RegKeyName  
84:            Registry key name  
85:         
86:       .PARAMETER RegKeyValue  
87:            Value within the registry key  
88:         
89:       .PARAMETER RegKeyData  
90:            The data pertaining to the registry key value  
91:         
92:       .PARAMETER DisplayName  
93:            Name to be used to display on the status window  
94:         
95:  #>  
96:         
97:       [CmdletBinding()]  
98:       param  
99:       (  
100:                 [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]$RegKeyName,  
101:                 [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]$RegKeyValue,  
102:                 [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]$RegKeyData,  
103:                 [string]$DisplayName = $null  
104:       )  
105:         
106:       If ($DisplayName -ne $null) {  
107:            Write-Host "Setting"$DisplayName"....." -NoNewline  
108:       }  
109:       $NoOutput = New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT  
110:       $Key = Get-Item -LiteralPath $RegKeyName -ErrorAction SilentlyContinue  
111:       If ($Key -ne $null) {  
112:            If ($RegKeyValue -eq '(Default)') {  
113:                 $Value = Get-ItemProperty $RegKey '(Default)' | Select-Object -ExpandProperty '(Default)'  
114:            } else {  
115:                 $Value = $Key.GetValue($RegKeyValue, $null)  
116:            }  
117:            If ($Value -ne $RegKeyData) {  
118:                 Set-ItemProperty -Path $RegKeyName -Name $RegKeyValue -Value $RegKeyData -Force  
119:            }  
120:              
121:       } else {  
122:            $NoOutput = New-Item -Path $RegKeyName -Force  
123:            $NoOutput = New-ItemProperty -Path $RegKeyName -Name $RegKeyValue -Value $RegKeyData -Force  
124:       }  
125:       If ($RegKeyValue -eq '(Default)') {  
126:            $Value = Get-ItemProperty $RegKey '(Default)' | Select-Object -ExpandProperty '(Default)'  
127:       } else {  
128:            $Value = $Key.GetValue($RegKeyValue, $null)  
129:       }  
130:       If ($DisplayName -ne $null) {  
131:            If ($Value -eq $RegKeyData) {  
132:                 Write-Host "Success" -ForegroundColor Yellow  
133:            } else {  
134:                 Write-Host "Failed" -ForegroundColor Red  
135:                 Write-Host $Value  
136:                 Write-Host $RegKeyData  
137:            }  
138:       }  
139:  }  
140:    
141:  function Copy-Files {  
142:  <#  
143:       .SYNOPSIS  
144:            Copy-Files  
145:         
146:       .DESCRIPTION  
147:            This will copy specified file(s)  
148:         
149:       .PARAMETER SourceDirectory  
150:            Directory containing the source file(s)  
151:         
152:       .PARAMETER DestinationDirectory  
153:            Directory where the source file(s) will be copied to  
154:         
155:       .PARAMETER FileFilter  
156:            Either a specific filename or a wildcard specifying what to copy  
157:         
158:       .EXAMPLE  
159:            Copy-Files -SourceDirectory 'c:\windows' -DestinationDirectory 'd:\windows' -FileFilter '*.exe'  
160:            Copy-Files -SourceDirectory 'c:\windows' -DestinationDirectory 'd:\windows' -FileFilter 'INSTALL.LOG'  
161:         
162:       .NOTES  
163:            Additional information about the function.  
164:  #>  
165:         
166:       [CmdletBinding()]  
167:       param  
168:       (  
169:                 [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()][String]$SourceDirectory,  
170:                 [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()][String]$DestinationDirectory,  
171:                 [ValidateNotNullOrEmpty()][String]$FileFilter  
172:       )  
173:         
174:       $Dest = $DestinationDirectory  
175:       If ((Test-Path $DestinationDirectory) -eq $false) {  
176:            $NoOutput = New-Item -Path $DestinationDirectory -ItemType Directory -Force  
177:       }  
178:       $Files = Get-ChildItem $SourceDirectory -Filter $FileFilter  
179:       If ($Files.Count -eq $null) {  
180:            Write-Host "Copy"$Files.Name"....." -NoNewline  
181:            Copy-Item $Files.FullName -Destination $Dest -Force  
182:            $Test = $Dest + "\" + $Files.Name  
183:            If (Test-Path $Test) {  
184:                 Write-Host "Success" -ForegroundColor Yellow  
185:            } else {  
186:                 Write-Host "Failed" -ForegroundColor Red  
187:            }  
188:       } else {  
189:            For ($i = 0; $i -lt $Files.Count; $i++) {  
190:                 $File = $Files[$i].FullName  
191:                 Write-Host "Copy"$Files[$i].Name"....." -NoNewline  
192:                 Copy-Item $File -Destination $Dest -Force  
193:                 $Test = $Dest + "\" + $Files[$i].Name  
194:                 If (Test-Path $Test) {  
195:                      Write-Host "Success" -ForegroundColor Yellow  
196:                 } else {  
197:                      Write-Host "Failed" -ForegroundColor Red  
198:                 }  
199:            }  
200:       }  
201:  }  
202:    
203:  Clear-Host  
204:  #Set the title of the PowerShell console  
205:  Set-ConsoleTitle -ConsoleTitle $PSConsoleTitle  
206:    
207:  #Define the relative path   
208:  $RelativePath = Get-RelativePath  
209:    
210:  #Configure additional paths for PowerShell modules  
211:  $RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'  
212:  $RegValue = $env:SystemRoot + '\system32\WindowsPowerShell\v1.0\Modules\;' + $env:ProgramFiles + '\windowspowershell\modules'  
213:  Set-RegistryKeyValue -DisplayName "PSModulePath" -RegKeyName $RegKey -RegKeyValue 'PSModulePath' -RegKeyData $RegValue  
214:    
215:  #Set the PowerShell execution policy  
216:  $RegKey = 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell'  
217:  Set-RegistryKeyValue -DisplayName "ExecutionPolicy" -RegKeyName $RegKey -RegKeyValue 'ExecutionPolicy' -RegKeyData 'RemoteSigned'  
218:    
219:  #Configure PowerShell RunAs Administrator  
220:  $RegKey = 'HKCR:\Microsoft.PowerShellScript.1\Shell\runas\command'  
221:  Set-RegistryKeyValue -DisplayName "RunAs Administrator" -RegKeyName $RegKey -RegKeyValue '(Default)' -RegKeyData '"c:\windows\system32\windowspowershell\v1.0\powershell.exe" -noexit "%1"'  
222:    
223:  #Copy PowerShell Modules  
224:  $ModuleFolder = $env:ProgramFiles + "\WindowsPowerShell\Modules\Deployment"  
225:  Copy-Files -SourceDirectory $RelativePath -DestinationDirectory $ModuleFolder -FileFilter "Deployment.psm1"  
226:

Related Posts:

  • Automating the Creation of Software Update Groups in SCCM I have been working on automating the tasks of deploying Windows updates each month. You may think why is there a need for this when SCCM has the Automatic Deployment Rules. Some companies have to review the updates be… Read More
  • Installing Microsoft Updates in the Build Post-OS There are updates that have to be installed after the OS has been installed. .Net Framework is an example. When I am building a reference image, I cannot inject the updates as packages to .Net Framework as it is not install… Read More
  • Automating Microsoft Endpoint Full System Scan upon Infection While helping to manage Microsoft Endpoint, a former colleague suggested that I setup Endpoint to automatically run a full system scan each time an infection is detected. I googled the blog posting on it and although it is… Read More
  • Local Administrator Report The firm I work at does not give users local administrator access for several reasons. We did an audit of our systems and found out several users had local administrator privileges that should not have. In order to keep tr… Read More
  • Windows Updates List There is a newer tool located here.  I have been working on writing a new script for SCCM and decided while writing it, I would take one of the functions and make it into a separate script for just retrieving windows… Read More

0 comments:

Post a Comment