Windows update disable active hours

Useful PowerShell Commands and Scripts For Windows Server

October 11, 2020

Find some of the most useful PowerShell commands and scripts for Windows Server 2016 and 2019

Sometimes using Windows PowerShell versus the GUI interface saves time and headaches. Below is a preferred list of PowerShell commands we use on Microsoft Windows Server 2019 and 2016 operating systems.

As a Managed IT Services Provider (MSP) we can save hours using PowerShell commands, especially when provisioning tens of servers for our data center or customer infrastructure. As we find more commands that are practical for the more common scenarios we will add them to the list below. Please note that many of our PowerShell commands listed below will also work for Windows 10 operating systems.

Obtain your Active Direcotry Globally Unique Identifier (GUID) for your Office 365 domain

Get-ADDomain

# Look for your ObjectGUID in the results. You can also run Get-ADDomain on a locally joined workstation.

Default Execution Policy - set to unrestricted

Set-ExecutionPolicy Unrestricted  

Disable Windows Error Reporting

Disable-WindowsErrorReporting

Disable Automatic Windows Updates

Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 1

Disable Windows Reboot Schedule (Active hours)

1) Open Windows Powershell by right click > run as administrator
2) Type: SCONFIG and hit enter
3) Press 5 (Windows Update Settings)
4) Press D (Download Only mode)
5) Close Powershell

Useful and Secure PowerShell Commands (CMDs) For Windows 2016 & 2019 Server
Disabling Windows Server Active Hours for Automatic Reboot Schedule

Enabling Remote Desktop with PowerShell Remotely

Invoke-Command -ComputerName client01 {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'` -Name "fDenyTSConnections" -Value 0; `Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}

Restart Windows Service with PowerShell

Restart-Service <service-name>

EXAMPLES

Restart the spooler (printing) service:

restart-service spooler -force

Find all the network services on the computer (starting with "net...") and restart any that are stopped:

get-service net* | where {$_.Status -eq "Stopped"} | restart-service

Enable and Disable Windows Defender Firewall with PowerShell

To enable Windows Defender Firewall for all network profiles:

Set-NetFirewallProfile -Enabled True

To disable it for all, use:

Set-NetFirewallProfile -Enabled False

Enable and Disable Windows Defender Antivirus with PowerShell

Enable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $false

Disable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $true

Uninstall Windows Defender Antivirus:

Uninstall-WindowsFeature -Name Windows-Defender

Disable Windows Display, Monitor Timeout to Never

powercfg -change -monitor-timeout-ac 0


PowerShell Command to Check TLS Version in Windows

Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.

---------

$ServerName = Read-Host -Prompt 'Input your server  name'$Port = Read-Host -Prompt 'Input your server TCP port number (443 is most common)'nmap --script ssl-enum-ciphers -p $Port $ServerName

Script to disable old TLS versions

Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.

---------

function disable-ssl-2.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv2'
}
function disable-ssl-3.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv3'
}
function disable-tls-1.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling TLSv1.0'
}
function enable-tls-1.1
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.1'
}
function enable-tls-1.2
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.2'
}
function enforce-tls-versions
{
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13' -Name 'TlsVersion'  -value 'F00' –PropertyType 'DWORD'
}

disable-ssl-2.0
disable-ssl-3.0
disable-tls-1.0
enable-tls-1.1
enable-tls-1.2
enforce-tls-versions

Latest Posts

Image from VMWare vSphere 7.0
March 23, 2023

Differences between vSphere 6.7 and 7.0 and how to upgrade

VMware ESXi is a hypervisor that enables the creation and management of virtual machines (VMs) on a physical server. ESXi 6.7 and 7.0 are two major releases with various improvements and new features. Here are some of the key differences between ESXi 6.7 and 7.0:

Read More
Image of a chair in a data center
March 22, 2023

The Importance of Preparing and Identifying Risks

Once upon a time, there lived a talented but somewhat lackadaisical IT support specialist named Jack in a land not so far away. Jack was known for his quick wit and lightning-fast troubleshooting skills, yet he had an Achilles heel - he seldom prepared for his tasks.

Read More
Image showing an office working talking to ChatGPT on Microsoft Teams
March 11, 2023

How to add ChatGPT to Microsoft Teams

ChatGPT is a language model developed by OpenAI that can generate human-like responses to a wide range of questions. By integrating ChatGPT with Microsoft Teams, you can provide your team members with instant access to this powerful AI tool.

Read More