|
1 | | -## ⚙️ System Configuration and Deployment Tools |
| 1 | +## ⚙️ System Configuration and Deployment Tools |
| 2 | +### Software Deployment · GPO Enforcement · Environment Standardization |
2 | 3 |
|
3 | | -### 📝 Overview |
| 4 | +    |
4 | 5 |
|
5 | | -The **System Configuration and Deployment** folder contains a curated set of **PowerShell scripts** for deploying and configuring software, enforcing GPO policies, and applying consistent system settings. These tools are optimized for scalable, secure, and automated management of workstations and servers in Active Directory (AD) environments. |
| 6 | +--- |
| 7 | + |
| 8 | +## 🧭 Overview |
| 9 | + |
| 10 | +The **System Configuration and Deployment** suite provides a comprehensive set of **PowerShell automation tools** for **software deployment**, **GPO enforcement**, and **system baseline configuration** across **Windows workstations and servers** joined to **Active Directory (AD)**. |
| 11 | + |
| 12 | +These tools are designed to support **large-scale deployments**, **secure configuration enforcement**, and **repeatable operational workflows**, ensuring consistency across environments while reducing manual administrative effort. |
| 13 | + |
| 14 | +All scripts align with the engineering standards used throughout **Windows-SysAdmin-ProSuite**, including **GUI-first usability**, **structured logging**, and **audit-ready outputs**. |
| 15 | + |
| 16 | +--- |
6 | 17 |
|
7 | | -### ✅ Key Features |
| 18 | +## 🌟 Key Features |
8 | 19 |
|
9 | | -- **Graphical Interface**: GUI-based scripts simplify use for administrators and support staff |
10 | | -- **Centralized Logging**: Each execution logs results in structured `.log` files |
11 | | -- **Streamlined Deployment**: Automates software installs, policy updates, and environment standardization |
12 | | -- **Policy Compliance**: Removes unauthorized software and enforces configuration baselines |
| 20 | +- 🖼️ **GUI-First Experience** — Interactive tools suitable for administrators and support teams |
| 21 | +- 📝 **Centralized Logging** — Structured `.log` files generated on every execution |
| 22 | +- 🚀 **Streamlined Deployment** — Automated installation, update, and removal of software via GPO |
| 23 | +- 📐 **Configuration Baselines** — Enforces naming standards, volume labels, policies, and system settings |
| 24 | +- 🔐 **Policy Compliance** — Removes unauthorized software and reapplies domain policies consistently |
13 | 25 |
|
14 | 26 | --- |
15 | 27 |
|
16 | 28 | ## 🛠️ Prerequisites |
17 | 29 |
|
18 | | -1. **⚙️ PowerShell** |
19 | | - - Requires PowerShell version 5.1 or later |
20 | | - - Check version: |
21 | | - ```powershell |
22 | | - $PSVersionTable.PSVersion |
23 | | - ``` |
| 30 | +- **⚙️ PowerShell** — Version **5.1 or later** (PowerShell 7.x supported) |
| 31 | + ```powershell |
| 32 | + $PSVersionTable.PSVersion |
| 33 | + ``` |
24 | 34 |
|
25 | | -2. **🔑 Administrator Privileges** |
26 | | - All scripts require elevated permissions to execute configuration and deployment actions |
| 35 | +- **🔑 Administrative Privileges** — Required for deployment, registry, GPO, and system configuration tasks |
27 | 36 |
|
28 | | -3. **📦 Required Modules** |
29 | | - Ensure modules such as `GroupPolicy` and `PSWindowsUpdate` are available |
| 37 | +- **🖥️ RSAT Tools** — Required for Group Policy administration |
| 38 | + ```powershell |
| 39 | + Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online |
| 40 | + ``` |
| 41 | + |
| 42 | +- **📦 Required Modules** |
| 43 | + - `GroupPolicy` |
| 44 | + - `PSWindowsUpdate` (when applicable) |
| 45 | + |
| 46 | +- **🔧 Execution Policy** — Session-scoped execution |
| 47 | + ```powershell |
| 48 | + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process |
| 49 | + ``` |
30 | 50 |
|
31 | 51 | --- |
32 | 52 |
|
33 | | -## 📜 Script Descriptions (Alphabetical Order) |
34 | | -
|
35 | | -| **Script Name** | **Function** | |
36 | | -|-----------------------------------------------------|---------------------------------------------------------------------------------| |
37 | | -| **Broadcast-ADUser-LogonMessage-viaGPO.ps1** | Displays custom logon messages via GPO to domain users | |
38 | | -| **Cleanup-WebBrowsers-Tool.ps1** | Clears browser cache, cookies, and session data | |
39 | | -| **Clear-and-ReSyncGPOs-ADComputers.ps1** | Resets and re-applies GPOs across all domain-joined machines | |
40 | | -| **Copy-and-Sync-Folder-to-ADComputers-viaGPO.ps1** | Synchronizes folders via GPO from a network share | |
41 | | -| **Deploy-FortiClientVPN-viaGPO.ps1** | Installs FortiClient VPN across endpoints via GPO | |
42 | | -| **Deploy-FusionInventoryAgent-viaGPO.ps1** | Deploys FusionInventory Agent for inventory tracking | |
43 | | -| **Deploy-GLPI-Agent-viaGPO.ps1** | Installs GLPI Agent for asset management | |
44 | | -| **Deploy-JavaJRE-viaGPO.ps1** | Installs Java Runtime Environment silently via GPO | |
45 | | -| **Deploy-KasperskyAV-viaGPO.ps1** | Deploys Kaspersky Endpoint Security via GPO | |
46 | | -| **Deploy-LibreOfficeFullPackage-viaGPO.ps1** | Installs LibreOffice suite silently on domain machines | |
47 | | -| **Deploy-PowerShell-viaGPO.ps1** | Ensures PowerShell runtime is correctly installed and updated | |
48 | | -| **Deploy-ZoomWorkplace-viaGPO.ps1** | Deploys Zoom app via GPO for enterprise communication | |
49 | | -| **Enhance-BGInfoDisplay-viaGPO.ps1** | Applies BGInfo to show system metadata on desktop | |
50 | | -| **Install-KMSLicensingServer-Tool.ps1** | Sets up a KMS server for centralized licensing | |
51 | | -| **Install-RDSLicensingServer-Tool.ps1** | Configures RDS Licensing Server for CAL management | |
52 | | -| **Install-Winget-on-Windows-Servers-viaGPO.ps1** | Installs `winget` CLI on Windows Server systems | |
53 | | -| **Remove-ReaQtaHive-Services-Tool.ps1** | Removes ReaQta services and related files | |
54 | | -| **Remove-SharedFolders-and-Drives-viaGPO.ps1** | Deletes non-compliant shares and drives via GPO | |
55 | | -| **Remove-Softwares-NonCompliance-Tool.ps1** | Uninstalls specified non-compliant software from local machine | |
56 | | -| **Remove-Softwares-NonCompliance-viaGPO.ps1** | Automates software removal via GPO | |
57 | | -| **Rename-DiskVolumes-viaGPO.ps1** | Applies consistent volume labels across systems | |
58 | | -| **Reset-and-Sync-DomainGPOs-viaGPO.ps1** | Forces reapplication of all domain GPOs | |
59 | | -| **Retrieve-LocalMachine-InstalledSoftwareList.ps1** | Exports a clean list of installed software to `.csv` (ANSI encoded) | |
60 | | -| **Uninstall-SelectedApp-Tool.ps1** | GUI tool for selecting and removing installed applications | |
61 | | -| **Update-ADComputer-Winget-Explicit.ps1** | Updates selected packages via `winget` on local machine | |
62 | | -| **Update-ADComputer-Winget-viaGPO.ps1** | Pushes scheduled `winget` updates via GPO | |
| 53 | +## 📄 Script Catalog (Alphabetical) |
| 54 | + |
| 55 | +| Script Name | Function | |
| 56 | +|------------|----------| |
| 57 | +| **Broadcast-ADUser-LogonMessage-viaGPO.ps1** | Displays customized logon messages to domain users via GPO | |
| 58 | +| **Cleanup-WebBrowsers-Tool.ps1** | Clears browser cache, cookies, and session data | |
| 59 | +| **Clear-and-ReSyncGPOs-ADComputers.ps1** | Resets and reapplies GPOs across all domain-joined machines | |
| 60 | +| **Copy-and-Sync-Folder-to-ADComputers-viaGPO.ps1** | Synchronizes folders from network shares using GPO | |
| 61 | +| **Deploy-FortiClientVPN-viaGPO.ps1** | Deploys FortiClient VPN across endpoints | |
| 62 | +| **Deploy-FusionInventoryAgent-viaGPO.ps1** | Installs FusionInventory Agent for inventory tracking | |
| 63 | +| **Deploy-GLPI-Agent-viaGPO.ps1** | Deploys GLPI Agent for asset and lifecycle management | |
| 64 | +| **Deploy-JavaJRE-viaGPO.ps1** | Installs Java Runtime Environment silently | |
| 65 | +| **Deploy-KasperskyAV-viaGPO.ps1** | Deploys Kaspersky Endpoint Security | |
| 66 | +| **Deploy-LibreOfficeFullPackage-viaGPO.ps1** | Installs LibreOffice suite silently | |
| 67 | +| **Deploy-PowerShell-viaGPO.ps1** | Ensures PowerShell runtime is installed and updated | |
| 68 | +| **Deploy-ZoomWorkplace-viaGPO.ps1** | Deploys Zoom Workplace for enterprise communication | |
| 69 | +| **Enhance-BGInfoDisplay-viaGPO.ps1** | Applies BGInfo overlays with system metadata | |
| 70 | +| **Install-KMSLicensingServer-Tool.ps1** | Installs and configures a KMS licensing server | |
| 71 | +| **Install-RDSLicensingServer-Tool.ps1** | Configures RDS Licensing Server and CAL management | |
| 72 | +| **Install-Winget-on-Windows-Servers-viaGPO.ps1** | Installs `winget` CLI on Windows Server systems | |
| 73 | +| **Remove-ReaQtaHive-Services-Tool.ps1** | Removes ReaQta services and residual components | |
| 74 | +| **Remove-SharedFolders-and-Drives-viaGPO.ps1** | Removes non-compliant shared folders and mapped drives | |
| 75 | +| **Remove-Softwares-NonCompliance-Tool.ps1** | Uninstalls specified non-compliant software locally | |
| 76 | +| **Remove-Softwares-NonCompliance-viaGPO.ps1** | Automates software removal across domain machines | |
| 77 | +| **Rename-DiskVolumes-viaGPO.ps1** | Enforces standardized disk volume labels | |
| 78 | +| **Reset-and-Sync-DomainGPOs-viaGPO.ps1** | Forces full reapplication of all domain GPOs | |
| 79 | +| **Retrieve-LocalMachine-InstalledSoftwareList.ps1** | Exports installed software list to `.csv` (ANSI encoded) | |
| 80 | +| **Uninstall-SelectedApp-Tool.ps1** | GUI tool for selecting and removing applications | |
| 81 | +| **Update-ADComputer-Winget-Explicit.ps1** | Updates selected packages via `winget` locally | |
| 82 | +| **Update-ADComputer-Winget-viaGPO.ps1** | Pushes scheduled `winget` updates via GPO | |
63 | 83 |
|
64 | 84 | --- |
65 | 85 |
|
66 | 86 | ## 🚀 Usage Instructions |
67 | 87 |
|
68 | | -1. **Run the Script**: Right-click on the `.ps1` file and choose _Run with PowerShell_ |
69 | | -2. **Input Parameters**: Follow GUI prompts or set variables in the script |
70 | | -3. **Check Results**: Logs saved to `C:\Logs-TEMP\` or custom path; `.csv` reports may be generated |
| 88 | +1. Run scripts using **Run with PowerShell** or from an **elevated PowerShell console** |
| 89 | +2. Provide required parameters or interact via GUI (script-dependent) |
| 90 | +3. Review generated logs and reports |
| 91 | + |
| 92 | +### 📂 Logs and Reports Locations |
| 93 | + |
| 94 | +| Path | Purpose | |
| 95 | +|------|---------| |
| 96 | +| `C:\Logs-TEMP\` | General-purpose deployment and execution logs | |
| 97 | +| `C:\Scripts-LOGS\` | GPO synchronization and automation logs | |
| 98 | +| `%USERPROFILE%\Documents\` | CSV and exported compliance reports | |
71 | 99 |
|
72 | 100 | --- |
73 | 101 |
|
74 | 102 | ## 📁 Complementary Files |
75 | 103 |
|
76 | | -- **Broadcast-ADUser-LogonMessage-viaGPO.hta**: GUI editor for customizing domain logon messages |
77 | | -- **Enhance-BGInfoDisplay-viaGPO.bgi**: BGInfo template to overlay system metadata |
78 | | -- **Remove-Softwares-NonCompliance-Tool.txt**: Config file listing software names to remove |
| 104 | +- **Broadcast-ADUser-LogonMessage-viaGPO.hta** — GUI editor for domain logon messages |
| 105 | +- **Enhance-BGInfoDisplay-viaGPO.bgi** — BGInfo template for system metadata overlay |
| 106 | +- **Remove-Softwares-NonCompliance-Tool.txt** — Software removal definition list |
79 | 107 |
|
80 | 108 | --- |
81 | 109 |
|
82 | 110 | ## 💡 Optimization Tips |
83 | 111 |
|
84 | | -- **Leverage GPO Scheduling**: Use GPO scripts during system startup |
85 | | -- **Use Task Scheduler**: Automate periodic maintenance tasks |
86 | | -- **Centralize Logs**: Store logs on a shared path for unified auditing |
87 | | -- **Parameterize for Reuse**: Adjust arguments and variables for different deployment needs |
| 112 | +- 🔁 Use **GPO startup scripts** for consistent deployment timing |
| 113 | +- 🗓️ Schedule maintenance with **Task Scheduler** where appropriate |
| 114 | +- 🗂️ Centralize logs for auditing and compliance review |
| 115 | +- 🧩 Parameterize scripts for reuse across environments |
| 116 | + |
| 117 | +--- |
| 118 | + |
| 119 | +© 2026 Luiz Hamilton Silva. All rights reserved. |
0 commit comments