5.Normal Setting

####1.create account
#Add admin user
salt '*' cmd.run 'net user /ADD admin1 password /y & net localgroup administrators admin1 /ADD'
#Add normal user
salt '*' cmd.run 'net user /ADD user1 password /y & net localgroup "Remote Desktop Users" user1 /ADD'
#Query
salt '*' cmd.run 'net user user1 | find "Local Group Memberships" '

#add batch
newusers=("user1" "user2" "user3")
for i in ${newusers[@]}
do
    echo $i
    adduser $i
    echo  $i:"Password123" | chpasswd
    sed -i "/## Allow root to run any commands anywhere/a"$i" ALL=(ALL)  ALL" /etc/sudoers
done

####2.check telnet & install it
salt '*' cmd.run 'telnet' ##return with nothing means success

#2008
salt '*' cmd.run 'start /w ocsetup TelnetClient'
#2012
salt '*' cmd.run 'dism /online /Enable-Feature /FeatureName:TelnetClient'

####3.check & change port 
#check
salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber '
salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber '

#enable firewall VPN-Pool for new port, if done in firewall_initial, do not do it again
#salt '*' cmd.run 'netsh advfirewall firewall add rule name="VPN-Pool" dir=in action=allow protocol=TCP localport=3310,3389 remoteip="xx.xx.89.192-xx.xx.89.250"'

#change port to 3310,need reboot to apply
salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3310 /f'
salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3310 /f'

####4. instal 7z & notepad++ & beyong compare & vcredist
#check
salt '*' cmd.run '7z | find "Copyright"'
salt '*' cmd.run 'pushd D:\software\' 
#install
#config 7z to env, need logoff to apply
salt '*' cmd.run 'setx Path "%PATH%;D:\software\7-Zip;D:\software\sed" /M'
#logoff to apply
salt '*' cmd.run 'query session'
salt '*' cmd.run 'logoff [session number]'

####5.check disk letter and path
salt '*' cmd.run 'wmic logicaldisk get size,caption'

####6.set high performance
#check
salt '*' cmd.run 'powercfg /GETACTIVESCHEME'
#change to high performance
salt '*' cmd.run 'powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'

####7.check & set virtual memory
#check
salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles '
#set
salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "C:\pagefile.sys 8192 16384" /f '

Previous4.Windows_firewall_initial Next6.NTP

Last updated 6 years ago

####1.create account #Add admin user salt '*' cmd.run 'net user /ADD admin1 password /y & net localgroup administrators admin1 /ADD' #Add normal user salt '*' cmd.run 'net user /ADD user1 password /y & net localgroup "Remote Desktop Users" user1 /ADD' #Query salt '*' cmd.run 'net user user1 | find "Local Group Memberships" ' #add batch newusers=("user1" "user2" "user3") for i in ${newusers[@]} do echo $i adduser $i echo $i:"Password123" | chpasswd sed -i "/## Allow root to run any commands anywhere/a"$i" ALL=(ALL) ALL" /etc/sudoers done ####2.check telnet & install it salt '*' cmd.run 'telnet' ##return with nothing means success #2008 salt '*' cmd.run 'start /w ocsetup TelnetClient' #2012 salt '*' cmd.run 'dism /online /Enable-Feature /FeatureName:TelnetClient' ####3.check & change port #check salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber ' salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber ' #enable firewall VPN-Pool for new port, if done in firewall_initial, do not do it again #salt '*' cmd.run 'netsh advfirewall firewall add rule name="VPN-Pool" dir=in action=allow protocol=TCP localport=3310,3389 remoteip="xx.xx.89.192-xx.xx.89.250"' #change port to 3310,need reboot to apply salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3310 /f' salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3310 /f' ####4. instal 7z & notepad++ & beyong compare & vcredist #check salt '*' cmd.run '7z | find "Copyright"' salt '*' cmd.run 'pushd D:\software\' #install #config 7z to env, need logoff to apply salt '*' cmd.run 'setx Path "%PATH%;D:\software\7-Zip;D:\software\sed" /M' #logoff to apply salt '*' cmd.run 'query session' salt '*' cmd.run 'logoff [session number]' ####5.check disk letter and path salt '*' cmd.run 'wmic logicaldisk get size,caption' ####6.set high performance #check salt '*' cmd.run 'powercfg /GETACTIVESCHEME' #change to high performance salt '*' cmd.run 'powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c' ####7.check & set virtual memory #check salt '*' cmd.run 'reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles ' #set salt '*' cmd.run 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "C:\pagefile.sys 8192 16384" /f '