bobban/scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
20adbc7978d53f3955e4bd5e6d7289af3c95139f
scripts/Active directory/Setup-GroupPolicy.ps1
Tobias Rydh 6e544a16d2 Added scripts
2023-05-23 17:02:39 +02:00

135 lines
9.4 KiB
PowerShell
Raw Blame History

#
#Install needed Administrative tools
Install-WindowsFeature -Name "GPMC"
Install-WindowsFeature -Name RSAT-AD-Tools -IncludeAllSubFeature
Install-WindowsFeature -Name "RSAT-DNS-Server"
#Creating needed Active Directory Struckture, (OU, Groups).
$ADName = (Get-ADDomain).DistinguishedName
New-ADOrganizationalUnit -Name "Servers" -Path "$ADName"
$ServersOUPath = (Get-ADOrganizationalUnit -Identity "OU=Servers,$ADName").DistinguishedName
New-ADOrganizationalUnit -Name "Avd" -Path "$ServersOUPath"
$AvdOUPath = (Get-ADOrganizationalUnit -Identity "OU=Avd,ServersOUPath").DistinguishedName
New-ADGroup -Name "AVD-Hosts" -DisplayName "AVD-Hosts" -SamAccountName "AVD-Hosts" -GroupCategory Security -GroupScope Global -Path "$AvdOUPath"
#
New-GPO -name "AVD-GPO-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-GPO-C" -Path ./AVD-GPO-C/
new-gpo -name "AVD-Customization-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Customization-C" -Path ./
new-gpo -name "AVD-Customization-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Customization-U" -Path ./
new-gpo -name "FSlogix-Profiles-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "FSlogix-Profiles-C" -Path ./
new-gpo -name "FSlogix-Conteiners-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "FSlogix-Conteiners-C" -Path ./
new-gpo -name "AVD-Lockdown-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Lockdown-C" -Path ./
new-gpo -name "AVD-Lockdown-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Lockdown-U" -Path ./
new-gpo -name "AVD-Office-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Office-C" -Path ./
new-gpo -name "AVD-Office-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Office-U" -Path ./
new-gpo -name "AVD-Redirect-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Redirect-U" -Path ./
new-gpo -name "AVD-RegionalSettings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-RegionalSettings-U" -Path ./
new-gpo -name "AVD-Sessions-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Sessions-U" -Path ./
new-gpo -name "AVD-Sessions-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Sessions-C" -Path ./
new-gpo -name "AVD-Shadow-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "AVD-Shadow-C" -Path ./
new-gpo -name "Edge-Settings-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "Edge-Settings-C" -Path ./
new-gpo -name "Edge-Settings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "Edge-Settings-U" -Path ./
new-gpo -name "TenentShortName-Shares-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group
Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group
Import-GPO -TargetName "TenentShortName-Shares-U" -Path ./
#Creating folderstructure for drift
mkdir "Drift"
mkdir "Drift\Install"
mkdir "Drift\RDP"
#Creating folderstructure for Customizations
mkdir "Customizations"
mkdir "Customizations\Backgrounds"
mkdir "Customizations\DefaultApps"
mkdir "Customizations\Layout"
mkdir "Customizations\Start Menu"
Reference in New Issue View Git Blame Copy Permalink