Sysprep Windows (incl. Policies)

Aus Wiki-WebPerfect
Version vom 25. Januar 2022, 15:14 Uhr von Admin (Diskussion | Beiträge)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche
Function Reset-WindowsForImage {
    param (
        [Parameter(Mandatory = $true)]
        [string]$ComputerName,
 
        [Parameter(Mandatory = $true)]
        [pscredential]$LocalAdminCreds
    )
 
    Invoke-Command -ComputerName $ComputerName -Credential $LocalAdminCreds -ScriptBlock {
        #Reset Wsus Settings
        Write-Output "[$(Get-Date -Format HH:mm:ss)][$USING:ComputerName] Resetting Wsus configuration" 
        Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\" -Name * | Out-Null
        Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name * | Out-Null
        $regkeyPathAU = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" | Out-Null
        New-ItemProperty -path $regkeyPathAU -Name "AUOptions" -value 3 -PropertyType "DWord" | Out-Null
        New-ItemProperty -path $regkeyPathAU -Name "NoAutoUpdate" -value 1 -PropertyType "DWord" | Out-Null
 
        #Reset local Update Database
        Write-Output "[$(Get-Date -Format HH:mm:ss)][$USING:ComputerName] Resetting local Wsus Database" 
        Stop-Service -Name "BITS"
        Stop-Service -Name "wuauserv"
        $softwareDistributionPath = "$env:windir\SoftwareDistribution"
        Remove-Item -path $softwareDistributionPath -recurse -Force 
 
        #Reset Network settings
        Write-Output "[$(Get-Date -Format HH:mm:ss)][$USING:ComputerName] Resetting Network adapter settings"
        Get-DnsClientServerAddress | Where-Object {$_.InterfaceAlias -eq "Ethernet"} | Set-DnsClientServerAddress -ResetServerAddresses
        Get-DnsClient | Set-DnsClient -ResetConnectionSpecificSuffix
 
        #Reset all local Security Policy settings (for example Password complexity)
        Write-Output "[$(Get-Date -Format HH:mm:ss)][$USING:ComputerName] Resetting all local Security Policy settings"
        SecEdit.exe /configure /cfg C:\Windows\inf\defltbase.inf /db defltbase.sdb /verbose
 
        #Sysprepping the System 
        Write-Output "[$(Get-Date -Format HH:mm:ss)][$USING:ComputerName] Sysprep has been triggered, after this the Computer will shutdown"
        Start-Sleep -Seconds 1
        Invoke-WMIMethod -Class Win32_Process -Name Create -ArgumentList "cmd /c c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /mode:vm /shutdown /quiet" | Out-Null
        Start-Sleep -Seconds 5
    } 
}