October 11, 2020

Useful PowerShell Commands (CMDs) and Scripts For Windows 2016 & 2019 Server

Default Execution Policy - set to unrestricted

Set-ExecutionPolicy Unrestricted  

Disable Windows Error Reporting

Disable-WindowsErrorReporting

Disable Automatic Windows Updates

Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 1

Disable Windows Reboot Schedule (Active hours)

1) Open Windows Powershell by right click > run as administrator
2) Type: SCONFIG and hit enter
3) Press 5 (Windows Update Settings)
4) Press D (Download Only mode)
5) Close Powershell

Useful and Secure PowerShell Commands (CMDs) For Windows 2016 & 2019 Server
Disabling Windows Server Active Hours for Automatic Reboot Schedule

Enabling Remote Desktop with PowerShell Remotely

Invoke-Command -ComputerName client01 {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'` -Name "fDenyTSConnections" -Value 0; `Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}

Restart Windows Service with PowerShell

Restart-Service <service-name>

EXAMPLES

Restart the spooler (printing) service:

restart-service spooler -force

Find all the network services on the computer (starting with "net...") and restart any that are stopped:

get-service net* | where {$_.Status -eq "Stopped"} | restart-service

Enable and Disable Windows Defender Firewall with PowerShell

To enable Windows Defender Firewall for all network profiles:

Set-NetFirewallProfile -Enabled True

To disable it for all, use:

Set-NetFirewallProfile -Enabled False

Enable and Disable Windows Defender Antivirus with PowerShell

Enable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $false

Disable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $true

Uninstall Windows Defender Antivirus:

Uninstall-WindowsFeature -Name Windows-Defender

Disable Windows Display, Monitor Timeout to Never

powercfg -change -monitor-timeout-ac 0


Script to disable old TLS versions

function disable-ssl-2.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv2'
}
function disable-ssl-3.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv3'
}
function disable-tls-1.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling TLSv1.0'
}
function enable-tls-1.1
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.1'
}
function enable-tls-1.2
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.2'
}
function enforce-tls-versions
{
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13' -Name 'TlsVersion'  -value 'F00' –PropertyType 'DWORD'
}

disable-ssl-2.0
disable-ssl-3.0
disable-tls-1.0
enable-tls-1.1
enable-tls-1.2
enforce-tls-versions

Latest Posts

January 7, 2021

Protecting Your Company Against Ransomware

Ransomware is becoming more common due to the success the creators are enjoying due to the improvement of their methods. What were once simple text-based phishing emails are becoming very realistic looking “corporate” fakes.

Read More
December 28, 2020

G Suite VS Office 365

G-Suite or Office 365 this is the question that has stumped small to medium-sized business owners for years. Now businesses are looking to move into the cloud and need to know where to start and who to use. Some of the most important factors to consider are security, integration, functionality, and usability.

Read More
November 12, 2020

Why You Should Use a Password Manager, and How to Get Started

The majority of people use weak or reuse passwords on different websites. How can someone use a complex, unique password on all of the websites and applications you use? The answer is a password manager.

Read More

You have questions, we have answers

What can we help you with?