Misc Scripted OS install tweaks

As part of our standard scripted install I have a number of simple scripts to help with tasks such as patching and hardening the image.

Quite a few of you will have your images subject to Security scans - I now run these scripts to close minor security holes:

REM Set local passwords to expire after 30 days
REM This may not survive sysprep

net accounts /MAXPWAGE:30

REM Rename Local Administrator and Guest accounts
REM This may not survive sysprep
set admin=mooney
set guest=hunt

wmic UserAccount where name="Administrator" call Rename Name="%admin%"
wmic UserAccount where name="Guest" call Rename Name="%guest%"

REM Turn off CDROM Autorun

reg add HKLM\SYSTEM\CurrentControlSet\services\cdrom /v AutoRun /t REG_DWORD /d 0 /f

REM Disable saving Dial up passwords

reg add HKLM\System\CurrentControlSet\Services\Rasman\Parameters /v DisableSavePassword /t REG_DWORD /d 1 /f

Then there's odd other settings you may want:

REM powercfg.exe High power no hibernate

powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg.exe /hibernate off

REM Disable Windows Media Player Update

Reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer /v DisableAutoUpdate /t REG_DWORD /d 00000001

You might have a variety of OS and core app updates to install, CAB, EXE and MSU files:

REM To install exe updates
REM Copy executable patches locally to c:\support\Patches\exe first

FOR /F "delims=" %%A IN ('dir c:\support\patches\exe\*.exe /s /b') DO (%%A /quiet /norestart)

REM To DISM Windows updates from CAB
REM Copy cab files locally to c:\support\Patches\cab first

FOR /F "delims=" %%A IN ('dir c:\support\patches\cab1\*.cab /s /b') DO (dism.exe /online /Add-Package /PackagePath:%%A /NoRestart /quiet)

REM To WUSA Windows updates from MSU
REM Copy msu files locally to c:\support\Patches\msu first

FOR /F "delims=" %%A IN ('dir c:\support\patches\msu\*.msu /s /b') DO (wusa.exe %%A /NoRestart /quiet)

And for Windows 7 I like to get rid of the Event ID 10 errors:

'KB2545227 Event ID 10 error fix
'vbscript

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.ExecQuery("select * from __eventfilter where name='BVTFilter' and query='SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99'")
For Each obj1elem in obj1
set obj2set = obj1elem.Associators_("__FilterToConsumerBinding")
set obj3set = obj1elem.References_("__FilterToConsumerBinding")

For each obj2 in obj2set
WScript.echo "Deleting the object"
WScript.echo obj2.GetObjectText_
obj2.Delete_

next

For each obj3 in obj3set
WScript.echo "Deleting the object"
WScript.echo obj3.GetObjectText_
obj3.Delete_

next
WScript.echo "Deleting the object"
WScript.echo obj1elem.GetObjectText_
obj1elem.Delete_

Next