forked from HCK-CI/HLK-Setup-Scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
173 lines (151 loc) · 6.02 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# HLK-Setup-Scripts
These script will help you configure HLK/HCK setup to be used with AutoHCK.
This guide will help you set up and configure HLK/HCK test environment to be used with AutoHCK
## Compatibility table
------------------------------------
| Studio | Studio OS | Clients |
------------------------------------
| HCK | Win2012 | |
| | | Win7 |
| | | Win8 |
| | | Win8.1 |
| | | Win2012 |
| | | Win2012R2 |
------------------------------------
| HLK1607 | Win2012R2 | |
| | | Win2016 |
------------------------------------
| HLK1703 | Win2012R2 | |
| | | Win10 1703 |
| | | Win10 1607 |
------------------------------------
| HLK1709 | Win2012R2 | |
| | | Win10 1709 |
------------------------------------
| HLK1803 | Win2012R2 | |
| | | Win10 1803 |
------------------------------------
| HLK1809 | Win2012R2 | |
| | | Win10 1809 |
| | | Win2016 |
------------------------------------
| HLK1903 | Win2012R2 | |
| | | Win10 1903 |
------------------------------------
| HLK2004 | Win2016 | |
| | | Win10 2004 |
------------------------------------
## Scripts breakdown
To manual installation or to understand what the ps1 file does, follow this:
### steps for both studio and clients
1. Disable Server manager popup on startup
```
reg add "HKLM\SOFTWARE\Microsoft\ServerManager" /v "DoNotOpenServerManagerAtLogon" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\ServerManager\Oobe" /v "DoNotOpenInitialConfigurationTasksAtLogon" /t REG_DWORD /d "1" /f
```
2. Enable Administrator account
```
net user administrator /active:yes
net user administrator "Qum5net."
```
3. Enable auto logon for Administrator
```
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /t REG_SZ /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /t REG_SZ /d "WORKGROUP" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /t REG_SZ /d "Administrator" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /t REG_SZ /d "Qum5net." /f
```
4. Disable Windows Firewall
```
netsh advfirewall set allprofiles state off
reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v "FirewallDisableNotify" /t REG_DWORD /d "1" /f
```
5. Setting unidentified networks to private
```
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0010000000F0000F0C967A3643C3AD745950DA7859209176EF5B87C875FA20DF21951640E807D7C24" /v "Category" /t REG_DWORD /d "1" /f
```
6. Disabling Windows Update
```
sc config wuauserv start= disabled
sc stop wuauserv
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v "AUOptions" /t REG_DWORD /d "1" /f
```
7. Disablnig screensaver
```
reg add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d "0" /f
reg add "HKCU\Control Panel\Desktop" /v "SCRNSAVE.EXE" /t REG_SZ /d "" /f
```
8. Disabling power saving options
```
powercfg -change -monitor-timeout-ac 0
powercfg -change -disk-timeout-ac 0
powercfg -change -standby-timeout-ac 0
powercfg -hibernate off
```
9. Enable WinRM (PowerShell Remoting)
```
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set winrm/config "@{MaxTimeoutms="14400000"}"
cmd.exe /c winrm set winrm/config/service/auth "@{Basic="true"}"
cmd.exe /c winrm set winrm/config/service "@{AllowUnencrypted="true"}"
```
## Steps only on Studio
1. Rename computer name to "STUDIO"
Restart the machine afterwards for changes to take effect
```
WMIC ComputerSystem where Name="%computername%" call Rename Name="HLK-STUDIO"
shutdown /r /t 0
```
2. Configure Network adapters
rename the device with mac address ending with "DD" to "External"
```
netsh interface set interface name="!name!" newname="External"
```
rename the device with mac address ending with "CC" to "Control" and give it a static ip of 192.168.100.1 and netmask of 255.255.255.0
```
netsh interface ip set address name="!name!" static 192.168.100.1 255.255.255.0
netsh interface set interface name="!name!" newname="Control"
```
3. Port forwarding for Winrm clients
```
netsh interface portproxy add v4tov4 listenport=4002 connectaddress=192.168.100.2 connectport=5985
netsh interface portproxy add v4tov4 listenport=4003 connectaddress=192.168.100.3 connectport=5985
```
4. Install the wanted HLK/HCK-Studio
run the HCKSetup.exe or HLKSetup.exe file provided
5. Disable windows gui (OPTIONAL)
```
powershell "Remove-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra -Restart"
```
6. Update HCKFilters
```
bitsadmin /transfer "Downloading Filters" "%FILTERS%" "%~dp0FilterUpdates.cab"
expand -i "%~dp0FilterUpdates.cab" -f:UpdateFilters.sql "%DTMBIN%\"
del FilterUpdates.cab
pushd "%DTMBIN%\"
"%DTMBIN%\updatefilters.exe" /s
del UpdateFilters.sql
popd
```
## Steps only on clients
1. rename computer name to "CL1" or "CL2"
replace [x] with the client number
Restart the machine afterwards for changes to take effect
```
WMIC ComputerSystem where Name="%computername%" call Rename Name="CL[x]"
shutdown /r /t 0
```
2. Configure Network adapter
rename the device with mac address ending with "CC-CC" to "MessageDevice" and give it a static ip of 192.168.100.[x], netmask of 255.255.255.0 and default gateway to 192.168.100.1 ([x] replace x with the subsequent number of the client number (e.g for client 1 use 2)
```
netsh interface ip set address name="!name!" static 192.168.100.[x] 255.255.255.0 192.168.100.1
netsh interface set interface name="!name!" newname="MessageDevice"
```
3. Enable testsigning
```
bcdedit /set testsigning on
shutdown -r -t 0
```
4. Install HLK-Clients from the Studio smb share
run \\STUDIO\HLKInstall\Client\setup.cmd for HLK
or \\STUDIO\HCKInstall\Client\setup.exe fro HCK