p4yl0ad · August 18, 2024 13:41
diff --git a/Lab-Defaults.ps1 b/Lab-Defaults.ps1
 Write-Host '# UTC Always'
 Set-TimeZone -Id "UTC"

 Write-Host '# Power Plan Settings'
 Write-Host '# Ultimate Power Plan'
 powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61

 Write-Host '# Set standby / timeout / hibernate'
 powercfg -change -monitor-timeout-ac 0
 powercfg -change -monitor-timeout-dc 0
 powercfg -change -disk-timeout-ac 0
 powercfg -change -disk-timeout-dc 0
 powercfg -change -standby-timeout-ac 0
 powercfg -change -standby-timeout-dc 0
 powercfg -change -hibernate-timeout-ac 0
 powercfg -change -hibernate-timeout-dc 0

 Write-Host '# Disable QuickEdit and InsertMode'
 Set-ItemProperty -Path 'HKCU:\Console' -Name 'QuickEdit' -Value 0
 Set-ItemProperty -Path 'HKCU:\Console' -Name 'InsertMode' -Value 0

 Write-Host '# Set the new duplicated Ultimate Performance mode'
 $p = Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan -Filter "ElementName = 'Ultimate Performance'"      
 powercfg /setactive ([string]$p.InstanceID).Replace("Microsoft:PowerPlan\{","").Replace("}","")

 Write-Host '# Disable Windows Update'
 New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "AutoDownload" -PropertyType DWord -Value 2 -ErrorAction Stop -Force | Out-Null
 sc.exe config wuauserv start= disabled
 sc.exe query wuauserv
 sc.exe stop wuauserv
 sc.exe query wuauserv
 REG.exe QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv /v Start 
 $AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
 $AUSettings.NotificationLevel = 1
 $AUSettings.Save

 Write-Host '# AV Things'
 Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
 Set-MpPreference -DisableRealtimeMonitoring $true
 Add-MpPreference -ExclusionPath "C:\"
 reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" /v ForceDefenderPassiveMode /t REG_DWORD /d 1 /f 
 Uninstall-WindowsFeature -Name Windows-Defender

 Write-Host '# Enable Network Discovery'
 netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes 
 # Disable discovery: 
 ##netsh advfirewall firewall set rule group="Network Discovery" new enable=No

 Write-Host '# No WER Please'
 Disable-WindowsErrorReporting

 Write-Host '# Disable IPv6'
 Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6

 Write-Host '# Disable Firewall'
 Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
 netsh advfirewall set allprofiles state off

 Restart-Computer -Force
	Write-Host '# UTC Always'
	Set-TimeZone -Id "UTC"

	Write-Host '# Power Plan Settings'
	Write-Host '# Ultimate Power Plan'
	powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61

	Write-Host '# Set standby / timeout / hibernate'
	powercfg -change -monitor-timeout-ac 0
	powercfg -change -monitor-timeout-dc 0
	powercfg -change -disk-timeout-ac 0
	powercfg -change -disk-timeout-dc 0
	powercfg -change -standby-timeout-ac 0
	powercfg -change -standby-timeout-dc 0
	powercfg -change -hibernate-timeout-ac 0
	powercfg -change -hibernate-timeout-dc 0

	Write-Host '# Disable QuickEdit and InsertMode'
	Set-ItemProperty -Path 'HKCU:\Console' -Name 'QuickEdit' -Value 0
	Set-ItemProperty -Path 'HKCU:\Console' -Name 'InsertMode' -Value 0

	Write-Host '# Set the new duplicated Ultimate Performance mode'
	$p = Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan -Filter "ElementName = 'Ultimate Performance'"
	powercfg /setactive ([string]$p.InstanceID).Replace("Microsoft:PowerPlan\{","").Replace("}","")

	Write-Host '# Disable Windows Update'
	New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "AutoDownload" -PropertyType DWord -Value 2 -ErrorAction Stop -Force \| Out-Null
	sc.exe config wuauserv start= disabled
	sc.exe query wuauserv
	sc.exe stop wuauserv
	sc.exe query wuauserv
	REG.exe QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv /v Start
	$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
	$AUSettings.NotificationLevel = 1
	$AUSettings.Save

	Write-Host '# AV Things'
	Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
	Set-MpPreference -DisableRealtimeMonitoring $true
	Add-MpPreference -ExclusionPath "C:\"
	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" /v ForceDefenderPassiveMode /t REG_DWORD /d 1 /f
	Uninstall-WindowsFeature -Name Windows-Defender

	Write-Host '# Enable Network Discovery'
	netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
	# Disable discovery:
	##netsh advfirewall firewall set rule group="Network Discovery" new enable=No

	Write-Host '# No WER Please'
	Disable-WindowsErrorReporting

	Write-Host '# Disable IPv6'
	Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6

	Write-Host '# Disable Firewall'
	Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
	netsh advfirewall set allprofiles state off

	Restart-Computer -Force