iTecs IT Outsourcing and Support Blog
Sometimes using Windows PowerShell versus the GUI interface saves time and headaches. Below is a preferred list of PowerShell commands we use on Microsoft Windows Server 2019 and 2016 operating systems.
As a Managed IT Services Provider (MSP) we can save hours using PowerShell commands, especially when provisioning tens of servers for our data center or customer infrastructure. As we find more commands that are practical for the more common scenarios we will add them to the list below. Please note that many of our PowerShell commands listed below will also work for Windows 10 operating systems.
Set-ExecutionPolicy Unrestricted
Disable-WindowsErrorReporting
Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 1
1) Open Windows Powershell by right click > run as administrator
2) Type: SCONFIG and hit enter
3) Press 5 (Windows Update Settings)
4) Press D (Download Only mode)
5) Close Powershell
Invoke-Command -ComputerName client01 {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'` -Name "fDenyTSConnections" -Value 0; `Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
Restart-Service <service-name>
restart-service spooler -force
get-service net* | where {$_.Status -eq "Stopped"} | restart-service
Set-NetFirewallProfile -Enabled True
Set-NetFirewallProfile -Enabled False
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -DisableRealtimeMonitoring $true
Uninstall-WindowsFeature -Name Windows-Defender
powercfg -change -monitor-timeout-ac 0
Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.
---------
$ServerName = Read-Host -Prompt 'Input your server name'$Port = Read-Host -Prompt 'Input your server TCP port number (443 is most common)'nmap --script ssl-enum-ciphers -p $Port $ServerName
Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.
---------
function disable-ssl-2.0
{
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
Write-Host 'Disabling SSLv2'
}
function disable-ssl-3.0
{
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
Write-Host 'Disabling SSLv3'
}
function disable-tls-1.0
{
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
Write-Host 'Disabling TLSv1.0'
}
function enable-tls-1.1
{
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
Write-Host 'Enabling TLSv1.1'
}
function enable-tls-1.2
{
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
Write-Host 'Enabling TLSv1.2'
}
function enforce-tls-versions
{
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13' -Name 'TlsVersion' -value 'F00' –PropertyType 'DWORD'
}
disable-ssl-2.0
disable-ssl-3.0
disable-tls-1.0
enable-tls-1.1
enable-tls-1.2
enforce-tls-versions
The thought of doing business solely on a cloud environment can sound overwhelming. From figuring out what it entails and what type of service or hardware will be needed to how to maintain and sustain that type of environment, the task seems daunting. Naturally, the first place to start is with a web search. How do I run my business virtually?
Read MoreThe new way of doing business is electronically. The way we communicate and transact is mostly through a device, and even more so now in the days of Zoom meetings and virtual tours. Most employees cannot be efficient without a computer and a mobile device, and it is the responsibility of the company to ensure that they have all the proper tools to perform their jobs efficiently.
Read MoreTwo of the most common reasons for opting out of owning hardware are maintenance and life span. Technology is constantly evolving and servers can quickly need hardware updates or become obsolete. It is crucial to compare the cost of owning the equipment, maintenance, and upgrades versus the cost of operating in a virtually hosted environment.
Read More