Hi all,
There have been many threads recently about Win10 bloatware, and re-installing Windows, etc, so I thought I would community share a script I've knocked up to expedite some of the more common post Win10 deployment tasks.... I've tested it, hard, but there are always things that can be improved, or might be missed by my own set of eyes.
What is it?
It's a User Menu driven PowerShell script for Windows 10 Home/Pro/Enterprise that:
1. Allows you to create Local Admin Users and outputs their random password to a USB Drive
2. Install Drivers from your backup / USB
3. Install Windows 10 v1909 Security Baseline Policies (Pro/Ent only)
4. Install Chocolatey packages and provide notifications to the user after successful installation.
5. Create a new Start Layout for the new users based on your Choco Packages and Microsoft Office (if you install it)
6. Prompt you to rename your PC and Reboot
You can choose what you want to do, or optionally, choose to run the whole script.
Why use it & who is it for?
Entirely offline (with the exception of the Chocolatey Menu Option) script to speed up your post Win10 install with the most common system activities. For Pro and Ent users, you can choose to install the Microsoft security baselines which provide a secure system from most OS vulnerabilities.
What doesn't the script do?
How do I use it?
If you want to test on a running system, do the following:
Chocolatey:
If you're new to chocolatey:
https://chocolatey.org/
The choco option installs packages from the Chocolatey repo. In this script, the following applications are installed:
Edit the script lines in the Install-Choco function with your own package requirements:
Gotchas:
The Win10 Security Baselines mark all USB drives as removable media and write protect them with BitLocker else they remain read-only. This can be reversed post script, by opening gpedit.msc Computer Configuration>Administrative Templates>Windows Components>BitLocker Drive Encryption>Removable Data Drives and set Deny Write Access To Removable Drives as Disabled or Not Configured, then run gpupdate /force to reflect the change (remove, reinsert the USB Drive). Therefore, do not run the Baselines before creating local users, as otherwise the passwords will not be saved to the USB drive.
Changes and Requests:
Please list them in this thread and we'll work out if they're possible and how to do it.
Can I have the script?
Yes, through Trust (although I couldn't log on to Trust the other day), please let me know your email address and I will share with you from OneDrive.
There have been many threads recently about Win10 bloatware, and re-installing Windows, etc, so I thought I would community share a script I've knocked up to expedite some of the more common post Win10 deployment tasks.... I've tested it, hard, but there are always things that can be improved, or might be missed by my own set of eyes.
What is it?
It's a User Menu driven PowerShell script for Windows 10 Home/Pro/Enterprise that:
1. Allows you to create Local Admin Users and outputs their random password to a USB Drive
2. Install Drivers from your backup / USB
3. Install Windows 10 v1909 Security Baseline Policies (Pro/Ent only)
4. Install Chocolatey packages and provide notifications to the user after successful installation.
5. Create a new Start Layout for the new users based on your Choco Packages and Microsoft Office (if you install it)
6. Prompt you to rename your PC and Reboot
You can choose what you want to do, or optionally, choose to run the whole script.
Why use it & who is it for?
Entirely offline (with the exception of the Chocolatey Menu Option) script to speed up your post Win10 install with the most common system activities. For Pro and Ent users, you can choose to install the Microsoft security baselines which provide a secure system from most OS vulnerabilities.
What doesn't the script do?
Remove Apps or bloatware. Create a WIM and remove those first if you want to.
Office (this can be done, but some people don't use it, and not all that do have O365 or licensed for Business Apps / ProPlus)
Install games
Office (this can be done, but some people don't use it, and not all that do have O365 or licensed for Business Apps / ProPlus)
Install games
How do I use it?
If you want to test on a running system, do the following:
1. !IMPORTANT! If this is the same system you are wanting to install drivers to in the future, COPY C:\Windows\System32\DriveStore to your USB drive - the script uses this to import all the current required drivers for your system on a new install.
2. Download the script ZIP and extract it to your USB so that the filepath is USB:\Win10 Provision Script\
3. Open an elevated PowerShell prompt and execute Set-Execution bypass -force
4. Browse to the USB Drive location where the script is stored in the PowerShell prompt and execute Win10_1909_Provision.ps1
2. Download the script ZIP and extract it to your USB so that the filepath is USB:\Win10 Provision Script\
3. Open an elevated PowerShell prompt and execute Set-Execution bypass -force
4. Browse to the USB Drive location where the script is stored in the PowerShell prompt and execute Win10_1909_Provision.ps1
Screenshot:Chocolatey:
If you're new to chocolatey:
https://chocolatey.org/
The choco option installs packages from the Chocolatey repo. In this script, the following applications are installed:
7zip
azure-cli
git
Google Chrome
Azure Storage Explorer
Windows Terminal
Mpc-Be,
Paint.net
Rufus,
Spotify
Terraform
vlc
VSCode
azure-cli
git
Google Chrome
Azure Storage Explorer
Windows Terminal
Mpc-Be,
Paint.net
Rufus,
Spotify
Terraform
vlc
VSCode
Edit the script lines in the Install-Choco function with your own package requirements:
Gotchas:
The Win10 Security Baselines mark all USB drives as removable media and write protect them with BitLocker else they remain read-only. This can be reversed post script, by opening gpedit.msc Computer Configuration>Administrative Templates>Windows Components>BitLocker Drive Encryption>Removable Data Drives and set Deny Write Access To Removable Drives as Disabled or Not Configured, then run gpupdate /force to reflect the change (remove, reinsert the USB Drive). Therefore, do not run the Baselines before creating local users, as otherwise the passwords will not be saved to the USB drive.
Changes and Requests:
Please list them in this thread and we'll work out if they're possible and how to do it.
Can I have the script?
Yes, through Trust (although I couldn't log on to Trust the other day), please let me know your email address and I will share with you from OneDrive.
Last edited: