– Jan's Cloud – online Gedankenstütze ;)

18. Juli 2018

Unnötige Windows Server 2016 Dienste deaktivieren

Deaktivieren der nicht benötigten Windows Server 2016 Dienste (Manager für heruntergeladene Karten, Xbox Live Authentifizierungs-Manager, Xbox Live-Spiele speicher, usw.)

Kurz und schmerzlos:

$cred = Get-Credential
foreach ($Server in $(Get-ADComputer -SearchBase "OU=Meine OU,DC=Meine Domäne,DC=Meine TLD" -Filter 'OperatingSystem -like "Windows Server 2016*"')) {
    Write-Host "Verbinde mit Server:" $Server.DNSHostName
    Invoke-Command -ComputerName $Server.DNSHostName -Credential $cred -ScriptBlock {
        Write-Host "`tDeaktiviere Dienste..."
        Set-Service -Name "MapsBroker" -StartupType Disabled
        Set-Service -Name "XblAuthManager" -StartupType Disabled
        Set-Service -Name "XblGameSave" -StartupType Disabled

        Write-Host "`tDeaktiviere per User Dienste..."
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }
        Write-Host "`tDeaktiviere geplante Tasks..."
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTaskLogon" | Out-Null
    }
}

Vor einiger Zeit hatte ich über das Citrix Optimizer Tool geschrieben. Das deaktiviert unterm Strich ebenfalls einige Dienste und nimmt weitere Einstellungen vor. Ebenfalls hat Microsoft eine Liste mit Diensten veröffentlicht die deaktiviert werden sollten / können:

Hier einmal das „volle Programm“ an überflüssigen / unnötigen Windows Server 2016 Diensten:

$cred = Get-Credential
foreach ($Server in $(Get-ADComputer -SearchBase "OU=Meine OU,DC=Meine Domäne,DC=Meine TLD" -Filter 'OperatingSystem -like "Windows Server 2016*"')) {
    Write-Host "Verbinde mit Server:" $Server.DNSHostName
    Invoke-Command -ComputerName $Server.DNSHostName -Credential $cred -ScriptBlock {
        Write-Host "`tDeaktiviere Dienste..."
        Set-Service -Name "Audiosrv" -StartupType Disabled
        Set-Service -Name "AudioEndpointBuilder" -StartupType Disabled
        Set-Service -Name "AxInstSV" -StartupType Disabled
        Set-Service -Name "bthserv" -StartupType Disabled
        Set-Service -Name "CDPUserSvc" -StartupType Disabled
        Set-Service -Name "dmwappushservice" -StartupType Disabled
        Set-Service -Name "FrameServer" -StartupType Disabled
        Set-Service -Name "icssvc" -StartupType Disabled
        Set-Service -Name "lltdsvc" -StartupType Disabled
        Set-Service -Name "lfsvc" -StartupType Disabled
        Set-Service -Name "MapsBroker" -StartupType Disabled
        Set-Service -Name "NcbService" -StartupType Disabled
        Set-Service -Name "PcaSvc" -StartupType Disabled
        Set-Service -Name "QWAVE" -StartupType Disabled
        Set-Service -Name "RmSvc" -StartupType Disabled
        Set-Service -Name "SensorDataService" -StartupType Disabled
        Set-Service -Name "SensorService" -StartupType Disabled
        Set-Service -Name "SensrSvc" -StartupType Disabled
        Set-Service -Name "SharedAccess" -StartupType Disabled
        Set-Service -Name "ShellHWDetection" -StartupType Disabled
        Set-Service -Name "SSDPSRV" -StartupType Disabled
        Set-Service -Name "stisvc" -StartupType Disabled
        Set-Service -Name "TabletInputService" -StartupType Disabled
        Set-Service -Name "upnphost" -StartupType Disabled
        Set-Service -Name "WalletService" -StartupType Disabled
        Set-Service -Name "WiaRpc" -StartupType Disabled
        Set-Service -Name "wisvc" -StartupType Disabled
        Set-Service -Name "wlidsvc" -StartupType Disabled
        Set-Service -Name "WpnService" -StartupType Disabled
        Set-Service -Name "XblAuthManager" -StartupType Disabled
        Set-Service -Name "XblGameSave" -StartupType Disabled

        Write-Host "`tDeaktiviere User Dienste..."
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NgcSvc" -Name "Start" -Value 4
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc" -Name "Start" -Value 4
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService" -Name "Start" -Value 4
        if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*) {
	        $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*)
	        foreach ($SVC in $TempSVC) {
		        $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)"
		        Set-ItemProperty -Path $SVC -Name "Start" -Value 4
	        }
        }

        Write-Host "`tDeaktiviere geplante Tasks..."
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "Microsoft Compatibility Appraiser" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "ProgramDataUpdater" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "EDP Policy Manager" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "SmartScreenSpecific" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "CleanupTemporaryState" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "DsSvcCleanup" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Autochk\" -TaskName "Proxy" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Bluetooth\" -TaskName "UninstallDeviceTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\CloudExperienceHost\" -TaskName "CreateObjectTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "Consolidator" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "KernelCeipTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "UsbCeip" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "Scheduled" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "Notifications" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "WindowsActionDialog" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maintenance\" -TaskName "WinSAT" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Mobile Broadband Accounts\" -TaskName "MNO Metadata Parser" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\NetTrace\" -TaskName "GatherNetworkInfo" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Power Efficiency Diagnostics\" -TaskName "AnalyzeSystem" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Ras\" -TaskName "MobilityManager" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceAgentTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceManagerTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Speech\" -TaskName "SpeechModelDownloadTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Storage Tiers Management\" -TaskName "Storage Tiers Management Initialization" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\WDI\" -TaskName "ResolutionHost" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Workplace Join\" -TaskName "Automatic-Device-Join" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTask" | Out-Null
        Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTaskLogon" | Out-Null
    }
}

Hier das Script als Textdatei zum Download: Windows Server 2016 Dienste deaktivieren

Keine Kommentare »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress