Skip to content

Install and remove stuff.

Instalation

  • shift + F10 - Launch CMD

Basic

Enable administrator account

net user administrator /active:yes

You can also remove the created user from the group "Administrators" and add it to "Users".

Change the name of the computer

Rename-Computer -NewName "computername" -Restart

Enable RDP

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Enable-NetFirewallRule -DisplayGroup "Escritorio Remoto" # Spanish

Or in Start > Settings > System > Remote Desktop, and turn on Enable Remote Desktop.

Allow current user

Add-LocalGroupMember -Group "Remote Desktop Users" -Member $env:USERNAME
Add-LocalGroupMember -Group "Usuarios de escritorio remoto" -Member UserNameGoesHere

Enable SSH

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
Set-Service -Name sshd -Status Running -PassThru
Get-NetFirewallRule -Name *ssh*
:New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

/etc/ssh/ is at C:\ProgramData\ssh\

Keys fingerprint

PS C:\Users\Administrator> ssh-keygen -lf C:\ProgramData\ssh\ssh_host_ed25519_key.pub
256 SHA256:hTXki9gTP1xdLVtwhfIz3BoeICbRMbjp4T13B4gXDCA nt authority\system@WIN-DK1HACEJIQ3 (ED25519)

Basic config.

notepad C:\ProgramData\ssh\sshd_config
---
PubkeyAuthentication yes
PasswordAuthentication no

Restart the service

Restart-Service sshd

Add a public key for a normal user

md C:\Users\Administrator\.ssh\
New-Item -Path 'C:\Users\Administrator\.ssh\authorized_keys' -ItemType File
notepad C:\Users\Administrator\.ssh\authorized_keys
---
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMos4v3Xo9YyhBHn4W428P7ra6Zxs+wpzteTF1TFiJnY yu

Add a public key for an admin user.

md %programdata%/ssh
New-Item -Path "C:\ProgramData\ssh\administrators_authorized_keys" -ItemType File
notepad C:\ProgramData\ssh\administrators_authorized_keys
---
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMos4v3Xo9YyhBHn4W428P7ra6Zxs+wpzteTF1TFiJnY yu
---
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

Repair permissions of the new file

$ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission C:\Users\Administrator\.ssh\authorized_keys

You can also do something like this: scp ~/.ssh/id_ed25519.pub user1@domain1@contoso.com:C:\Users\user1\.ssh\authorized_keys

Connect

ssh Administrator@10.0.15.64 -i ~/.ssh/koalemos

Disable updates

Disable the service

Set-Service -Name wuauserv -StartupType Disabled
Stop-Service wuauserv

To install some features, it is necessary.

set-service wuauserv -StartupType manual
#set-service wuauserv -status running
Start-Service wuauserv

Remove the tasks

https://docs.microsoft.com/en-us/powershell/module/scheduledtasks/?view=windowsserver2019-ps

Install software

Chocolatey

Install chocolatey. PS as Admin.

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Search and install packages.

choco search firefox
choco install -y firefox

Update all.

choco upgrade -y all

Remove a package.

choco uninstall -y firefox

Create shortcuts to chocolatey installed binaries in CMD.

mklink /D %HOMEPATH%\Desktop\chocolib C:\ProgramData\chocolatey\lib
mklink /D %HOMEPATH%\Desktop\chocobin C:\ProgramData\chocolatey\bin

Add and remove Windows features

List all features and show the status.

Get-WindowsOptionalFeature -Online

Search for Windows features.

Get-WindowsOptionalFeature -Online -FeatureName Containers
Get-WindowsOptionalFeature -Online -FeatureName Containers-DisposableClientVM

Sometimes the name does not match like in Windows Sandbox which is named Containers-DisposableClientVM.

Add a Windows feature. Needs a reboot.

Enable-WindowsOptionalFeature -Online -FeatureName Containers

Remove a Windows Feature. Needs a reboot.

Disable-WindowsOptionalFeature -Online -FeatureName Containers

Uninstall software

Remove installed "Apps".

Get-AppxPackage | Select Name, PackageFullName
Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage

Disable services.

Get-Service
Set-Service MapsBroker -StartupType Disabled
Stop-Service MapsBroker

Remove bloat

Windows updates

Set-Service wuauserv -StartupType Disabled
Stop-Service wuauserv

Enable Administrator account

net user Administrator /active:yes
net user Administrator P@s$w0rD
net localgroup administrators John /delete
net localgroup users John /add
net localgroup "Remote desktop users" John /add