Jans Cloud

Unnötige Windows Server 2016 Dienste deaktivieren

Deaktivieren der nicht benötigten Windows Server 2016 Dienste (Manager für heruntergeladene Karten, Xbox Live Authentifizierungs-Manager, Xbox Live-Spiele speicher, usw.).

Kurz und schmerzlos: 

$cred = Get-Credential
foreach ($Server in $(Get-ADComputer -SearchBase "OU=Meine OU,DC=Meine Domäne,DC=Meine TLD" -Filter 'OperatingSystem -like "Windows Server 2016*"')) {
    Write-Host "Verbinde mit Server:" $Server.DNSHostName
    Invoke-Command -ComputerName $Server.DNSHostName -Credential $cred -ScriptBlock {
        Write-Host "`tDeaktiviere Dienste..."
        Set-Service -Name "MapsBroker" -StartupType Disabled
        Set-Service -Name "XblAuthManager" -StartupType Disabled
        Set-Service -Name "XblGameSave" -StartupType Disabled
 
        Write-Host "`tDeaktiviere per User Dienste..."
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
        Write-Host "`tDeaktiviere geplante Tasks..."
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTaskLogon" | Out-Null
    }
}

Vor einiger Zeit hatte ich über das Citrix Optimizer Tool geschrieben. Das deaktiviert unterm Strich ebenfalls einige Dienste und nimmt weitere Einstellungen vor. Ebenfalls hat Microsoft eine Liste mit Diensten veröffentlicht die deaktiviert werden sollten / können:

Hier einmal das „volle Programm“ an überflüssigen / unnötigen Windows Server 2016 Diensten:

$cred = Get-Credential
foreach ($Server in $(Get-ADComputer -SearchBase "OU=Meine OU,DC=Meine Domäne,DC=Meine TLD" -Filter 'OperatingSystem -like "Windows Server 2016*"')) {
    Write-Host "Verbinde mit Server:" $Server.DNSHostName
    Invoke-Command -ComputerName $Server.DNSHostName -Credential $cred -ScriptBlock {
        Write-Host "`tDeaktiviere Dienste..."
        Set-Service -Name "Audiosrv" -StartupType Disabled
        Set-Service -Name "AudioEndpointBuilder" -StartupType Disabled
        Set-Service -Name "AxInstSV" -StartupType Disabled
        Set-Service -Name "bthserv" -StartupType Disabled
        Set-Service -Name "CDPUserSvc" -StartupType Disabled
        Set-Service -Name "dmwappushservice" -StartupType Disabled
        Set-Service -Name "FrameServer" -StartupType Disabled
        Set-Service -Name "icssvc" -StartupType Disabled
        Set-Service -Name "lltdsvc" -StartupType Disabled
        Set-Service -Name "lfsvc" -StartupType Disabled
        Set-Service -Name "MapsBroker" -StartupType Disabled
        Set-Service -Name "NcbService" -StartupType Disabled
        Set-Service -Name "PcaSvc" -StartupType Disabled
        Set-Service -Name "QWAVE" -StartupType Disabled
        Set-Service -Name "RmSvc" -StartupType Disabled
        Set-Service -Name "SensorDataService" -StartupType Disabled
        Set-Service -Name "SensorService" -StartupType Disabled
        Set-Service -Name "SensrSvc" -StartupType Disabled
        Set-Service -Name "SharedAccess" -StartupType Disabled
        Set-Service -Name "ShellHWDetection" -StartupType Disabled
        Set-Service -Name "SSDPSRV" -StartupType Disabled
        Set-Service -Name "stisvc" -StartupType Disabled
        Set-Service -Name "TabletInputService" -StartupType Disabled
        Set-Service -Name "upnphost" -StartupType Disabled
        Set-Service -Name "WalletService" -StartupType Disabled
        Set-Service -Name "WiaRpc" -StartupType Disabled
        Set-Service -Name "wisvc" -StartupType Disabled
        Set-Service -Name "wlidsvc" -StartupType Disabled
        Set-Service -Name "WpnService" -StartupType Disabled
        Set-Service -Name "XblAuthManager" -StartupType Disabled
        Set-Service -Name "XblGameSave" -StartupType Disabled
 
        Write-Host "`tDeaktiviere User Dienste..."
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NgcSvc" -Name "Start" -Value 4
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc" -Name "Start" -Value 4
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*) {
            $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*)
            foreach ($SVC in $TempSVC) {
                $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
                Set-ItemProperty -Path $SVC -Name "Start" -Value 4
            }
        }
 
        Write-Host "`tDeaktiviere geplante Tasks..."
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "Microsoft Compatibility Appraiser" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "ProgramDataUpdater" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "EDP Policy Manager" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "SmartScreenSpecific" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "CleanupTemporaryState" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "DsSvcCleanup" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Autochk\" -TaskName "Proxy" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Bluetooth\" -TaskName "UninstallDeviceTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\CloudExperienceHost\" -TaskName "CreateObjectTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "Consolidator" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "KernelCeipTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "UsbCeip" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "Scheduled" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "Notifications" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "WindowsActionDialog" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maintenance\" -TaskName "WinSAT" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Mobile Broadband Accounts\" -TaskName "MNO Metadata Parser" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\NetTrace\" -TaskName "GatherNetworkInfo" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Power Efficiency Diagnostics\" -TaskName "AnalyzeSystem" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Ras\" -TaskName "MobilityManager" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceAgentTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceManagerTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Speech\" -TaskName "SpeechModelDownloadTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Storage Tiers Management\" -TaskName "Storage Tiers Management Initialization" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\WDI\" -TaskName "ResolutionHost" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Workplace Join\" -TaskName "Automatic-Device-Join" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTaskLogon" | Out-Null
    }
}

Hier das Script als Textdatei zum Download: Windows Server 2016 Dienste deaktivieren

Die gesuchte Lösung noch nicht gefunden oder benötigen Sie Hilfe bei anderen Themen aus meinem Blog? Nehmen Sie gerne Kontakt mit mir bzw. meinem Unternehmen Jan Mischo IT auf. Ich freue mich auf Ihre Anfrage: https://janmischo.it/kontakt/


+49 2801 7004300

info@janmischo.it

Beitrag veröffentlicht

in

,

von

Jan Mischo

Schlagwörter:

, , , , , , ,

Kommentare

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.