Update README.md

brazilianscriptguy · web-flow · commit b4c95c0495c7 · 2026-02-06T22:19:20.000-03:00
Signed-off-by: LUIZ HAMILTON ROBERTO DA SILVA &lt;luizhamilton.lhr@gmail.com&gt;
diff --git a/ITSM-Templates-SVR/README.md b/ITSM-Templates-SVR/README.md
@@ -1,104 +1,120 @@
-## 🖥️ ITSM-Templates-SVR Suite — Windows Server Management & Compliance
+## 🖥️ ITSM-Templates-SVR Suite  
+### Windows Server Standardization · Domain Compliance · ITSM Automation
 
-### 📝 Overview
+![Suite](https://img.shields.io/badge/Suite-ITSM%20Templates%20SVR-0A66C2?style=for-the-badge&logo=windowsserver&logoColor=white)
+![Platform](https://img.shields.io/badge/Platform-Windows%20Server-0078D6?style=for-the-badge&logo=windows&logoColor=white)
+![Automation](https://img.shields.io/badge/Automation-PowerShell%20%7C%20VBScript-success?style=for-the-badge)
+![Ops](https://img.shields.io/badge/Target-L2%20%7C%20L3%20Infrastructure-informational?style=for-the-badge)
+![Compliance](https://img.shields.io/badge/Focus-ITSM%20%7C%20Security-critical?style=for-the-badge)
 
-The **ITSM-Templates-SVR** folder provides a suite of **PowerShell** and **VBScript** tools for Windows Server operations. These scripts automate provisioning, enforce IT compliance, and streamline routine administrative tasks in enterprise server environments.
+---
+
+## 🧭 Overview
+
+Welcome to **ITSM-Templates-SVR** — a standardized automation framework built with **PowerShell and VBScript** to enforce **baseline configuration, security hardening, and operational compliance** across **Windows Server environments**.
 
-- 🔧 **Server Hardening & Setup:** Automate secure baseline configurations and domain-ready deployments.  
-- ⚙️ **Registry & DNS Fixes:** Correct registry entries and enforce DNS re-registration.  
-- 📊 **Logging & Reports:** Scripts generate `.log` files and export `.csv` audit reports.  
-- 📦 **Reusable Templates:** Easily adaptable for new roles, time sync, and GPO resets.
+This suite mirrors the structure and governance model of **ITSM-Templates-WKS**, adapted for **server-class workloads**, including **member servers, infrastructure roles, and domain services**.
 
 ---
 
-## 🛠️ Prerequisites
+## 🌟 Key Features
 
-1. ⚙️ **PowerShell Version:** PowerShell 5.1 or later  
-   ```powershell
-   $PSVersionTable.PSVersion
-   ```
+- 🖼️ **Admin-Friendly Execution** — Scripts designed for Infrastructure and Server teams (L2/L3)  
+- 📝 **Structured Logging** — Logs saved to `C:\ITSM-Logs-SVR\`  
+- 📊 **CSV & Audit Reports** — Inventories and compliance outputs  
+- 🔒 **Security & Baseline Enforcement** — Hardened defaults aligned with enterprise policy  
+- 📦 **Role-Oriented Templates** — Ready for File Servers, Application Servers, and Infrastructure roles  
 
-2. 🔑 **Administrator Privileges:** Required for domain changes, registry editing, and service control.
+---
 
-3. 🖥️ **RSAT Tools:** Remote Server Administration Tools are required  
-   ```powershell
-   Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
-   ```
+## 📄 Script Overview
 
-4. 🔧 **Execution Policy:**  
-   ```powershell
-   Set-ExecutionPolicy RemoteSigned -Scope Process
-   ```
+### Folder: `/BeforeJoinDomain/`
 
-5. 📦 **Dependencies:** Ensure modules such as `ActiveDirectory` and `DHCPServer` are installed.
+| Script Name | Purpose |
+|------------|---------|
+| **ITSM-BeforeJoinDomain-SVR.ps1** | Pre-join server preparation: hostname, time sync, firewall baseline, WSUS, registry and role prerequisites. |
 
----
+### Folder: `/AfterJoinDomain/`
+
+| Script Name | Purpose |
+|------------|---------|
+| **ITSM-AfterJoinDomain-SVR.ps1** | Post-join automation: DNS registration, GPO refresh, service validation, and domain alignment. |
 
-## 📄 Script Descriptions (Alphabetical Order)
+### Folder: `/Assets/AdditionalSupportScripts/`
 
-| Script Name | Description |
-|-------------|-------------|
+| Script Name | Purpose |
+|------------|---------|
 | **CheckServerRoles.ps1** | Lists installed roles/features for validation. |
-| **ExportServerConfig.ps1** | Exports server config to `.csv` for documentation. |
+| **ExportServerConfig.ps1** | Exports server configuration to CSV. |
 | **FixNTFSPermissions.ps1** | Repairs NTFS permission inconsistencies. |
 | **InventoryServerSoftware.ps1** | Generates inventory of installed software. |
-| **ITSM-DefaultServerConfig.ps1** | Applies secure standard configs (e.g., NTP, firewall). |
-| **ITSM-DNSRegistration.ps1** | Forces DNS re-registration for AD. |
-| **ITSM-HardenServer.ps1** | Hardens server post-domain join (SMBv1, local accounts, lockout). |
-| **ITSM-ModifyServerRegistry.ps1** | Adjusts registry for compliance/security. |
-| **ResetGPOSettings.ps1** | Restores default GPO-controlled settings. |
-| **ServerTimeSync.ps1** | Syncs server time with DCs to prevent replication/auth issues. |
+| **ITSM-HardenServer.ps1** | Applies security hardening (SMB, accounts, protocols). |
+| **ResetGPOSettings.ps1** | Forces reapplication of domain GPOs. |
+| **ServerTimeSync.ps1** | Syncs server time with domain controllers. |
+| **UnjoinADServer-and-Cleanup.ps1** | Safely removes server from domain and cleans metadata. |
 
 ---
 
-## 🚀 Getting Started
+## 🧭 Execution Order Summary
 
-```bash
-git clone https://github.com/brazilianscriptguy/Windows-SysAdmin-ProSuite.git
-```
+1. Prepare OS and patch baseline  
+2. Execute **ITSM-BeforeJoinDomain-SVR.ps1**  
+3. Rename disks and validate storage layout  
+4. Join domain using delegated account  
+5. Execute **ITSM-AfterJoinDomain-SVR.ps1**  
+6. Validate logs and compliance reports  
 
-1. **Navigate to:**  
-   `Windows-SysAdmin-ProSuite/ITSM-Templates-SVR/`
+---
 
-2. **Read the Docs:**  
-   Each script has usage notes in comments or a `README.md`.
+## 🏷️ Hostname Format (Servers)
 
-3. **Run the Script:**  
-   ```powershell
-   .\ScriptName.ps1
-   ```
+```text
+<LOC><ROLE><UNIT><ASSET>
+Example: MIASRVFILEO23017
+```
 
-4. **Review Logs and Reports:**  
-   Output files include `.log` and `.csv` formats for auditing and tracking.
+| Component | Meaning |
+|----------|---------|
+| LOC | Location code (e.g., MIA, BOS) |
+| ROLE | SRVFILE, SRVAPP, SRVDC |
+| UNIT | Organizational unit |
+| ASSET | Asset ID |
 
 ---
 
-## 📝 Logging and Output
+## 🚀 Getting Started
 
-- 📄 **Logs:**  
-  Each script outputs structured `.log` files for traceability and troubleshooting.
+```bash
+git clone https://github.com/brazilianscriptguy/Windows-SysAdmin-ProSuite.git
+```
 
-- 📊 **Reports:**  
-  Configuration states and inventories are exported to `.csv`.
+```powershell
+cd Windows-SysAdmin-ProSuite/ITSM-Templates-SVR/
+.\ScriptName.ps1
+```
 
 ---
 
-## 💡 Optimization Tips
+## 📝 Logging & Reporting
 
-- ⏱️ **Automate with Task Scheduler:** Schedule script execution to enforce drift remediation.  
-- 🗂️ **Centralize Output:** Redirect logs and `.csv` reports to shared storage for compliance auditing.  
-- 🧩 **Customize Templates:** Modify hardening profiles per role (e.g., file server, domain controller).
+- **Logs:** `C:\ITSM-Logs-SVR\`  
+- **Reports:** CSV exports per execution  
 
 ---
 
-## ❓ Additional Assistance
+## 💡 Optimization Tips
 
-These scripts are highly adaptable for custom infrastructures. Check embedded script headers and comments for configurable variables and behavior explanations.
+- 🔁 Schedule enforcement via Task Scheduler or GPO  
+- 🗂️ Centralize logs to secured network share  
+- 🧩 Clone templates per server role  
 
 ---
 
-## 📂 Document Classification
+## 📌 Document Classification
 
-**RESTRICTED:** For internal use within the organization's network only.
+**RESTRICTED:** Internal use only. Confidential to Infrastructure and Security teams.
+
+---
 
 © 2026 Luiz Hamilton Silva. All rights reserved.
