-
Notifications
You must be signed in to change notification settings - Fork 0
/
AvDDeploy.ps1
179 lines (156 loc) · 8.12 KB
/
AvDDeploy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# A script which installs multiple components on a Windows machine
# Current installable components
# - FSLogix
# - Tailscale (optional)
#
# Parameters for FslLogix installation are:
# - fileServer: The name of the file server
# - profileShare: The connection string to the profile share
# - user: The user name to access the file server
# - secret: The password to access the file server
#
# Parameters for Tailscale installation are:
# - tailscaleKey: The key to access the Tailscale network
#
# The tailscale installation is optional. If the tailscaleKey parameter is not provided, the installation will be skipped.
#
param(
[Parameter(Mandatory=$true)]
[string]$fileServer,
[Parameter(Mandatory=$true)]
[string]$profileShare,
[Parameter(Mandatory=$true)]
[string]$user,
[Parameter(Mandatory=$true)]
[string]$secret,
[Parameter(Mandatory=$true)]
[string]$sharename,
[Parameter(Mandatory=$false)]
[string]$fsLogixPath = "D:\FSLogix",
[Parameter(Mandatory=$false)]
[string]$tailscaleAuthkey
)
# check all mandatory parameters
if (-not $fileServer) {
Write-Error "fileServer parameter is missing."
Exit 1
}
if (-not $profileShare) {
Write-Error "profileShare parameter is missing."
Exit 1
}
if (-not $user) {
Write-Error "user parameter is missing."
Exit 1
}
if (-not $secret -and $secret.Length -lt 2) {
Write-Error "secret parameter is missing."
Exit 1
}
# Install FSLogix
Write-Host "Installing FSLogix"
New-Item -Path "HKLM:\SOFTWARE" -Name "FSLogix" -ErrorAction Ignore
New-Item -Path "HKLM:\SOFTWARE\FSLogix" -Name "Profiles" -ErrorAction Ignore
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "AccessNetworkAsComputerObject" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "CCDLocations" -Value $profileshare -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "DeleteLocalProfileWhenVHDShouldApply" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "Enabled" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "FlipFlopProfileDirectoryName" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "HealthyProvidersRequiredForRegister" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "IsDynamic" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "KeepLocalDir" -Value 0 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "SizeInMBs" -Value 40000 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "VolumeType" -Value "VHDX" -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithFailure" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithTempProfile" -Value 1 -force
New-Item -Path "HKLM:\SOFTWARE\Policies" -Name "FSLogix" -ErrorAction Ignore
New-Item -Path "HKLM:\SOFTWARE\Policies\FSLogix" -Name "ODFC" -ErrorAction Ignore
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "AccessNetworkAsComputerObject" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "CCDLocations" -Value $profileshare -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "Enabled" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "FlipFlopProfileDirectoryName" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "HealthyProvidersRequiredForRegister" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "IncludeOfficeActivation" -Value 0 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "IncludeOutlook" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "IncludeOutlookPersonalization" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "IsDynamic" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "PreventLoginWithFailure" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "IncludeTeams" -Value 1 -force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\FSLogix\ODFC" -Name "VolumeType" -Value "VHDX" -force
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\frxccds\Parameters" -Name "ProxyDirectory" -Value "D:\FSLogix\Proxy" -force
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\frxccds\Parameters" -Name "WriteCacheDirectory" -Value "D:\FSLogix\Cache" -force
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\frxccd\Parameters" -Name "ProxyDirectory" -Value "D:\FSLogix\Proxy" -force
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\frxccd\Parameters" -Name "WriteCacheDirectory" -Value "D:\FSLogix\Cache" -force
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\frxccd\Parameters" -Name "CacheDirectory" -Value "D:\FSLogix\Cache" -force
# Disable Windows Defender Credential Guard (only needed for Windows 11 22H2)
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LsaCfgFlags" -Value 0 -force
Add-LocalGroupMember -Group "FSLogix ODFC Exclude List" -Member "azure"
Add-LocalGroupMember -Group "FSLogix Profile Exclude List" -Member "azure"
Add-LocalGroupMember -Group "FSLogix ODFC Exclude List" -Member "defaultuser100000"
Add-LocalGroupMember -Group "FSLogix Profile Exclude List" -Member "defaultuser100000"
# Store credentials to access the storage account
cmdkey.exe /add:`"$fileserver`" /user:`"$($user)`" /pass:`"$($secret)`"
# Defender Exclusions for FSLogix
$Cloudcache = $true # Set for true if using cloud cache
$filelist = `
"%ProgramFiles%\FSLogix\Apps\frxdrv.sys", `
"%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys", `
"%ProgramFiles%\FSLogix\Apps\frxccd.sys", `
"%TEMP%\*.VHD", `
"%TEMP%\*.VHDX", `
"%Windir%\TEMP\*.VHD", `
"%Windir%\TEMP\*.VHDX", `
"\\$fileserver\$sharename\*.VHD", `
"\\$fileserver\$sharename\*.VHDX"
$processlist = `
"%ProgramFiles%\FSLogix\Apps\frxccd.exe", `
"%ProgramFiles%\FSLogix\Apps\frxccds.exe", `
"%ProgramFiles%\FSLogix\Apps\frxsvc.exe"
Foreach($item in $filelist){
Add-MpPreference -ExclusionPath $item
}
Foreach($item in $processlist){
Add-MpPreference -ExclusionProcess $item
}
If ($Cloudcache){
Add-MpPreference -ExclusionPath "%ProgramData%\FSLogix\Cache\*.VHD"
Add-MpPreference -ExclusionPath "%ProgramData%\FSLogix\Cache\*.VHDX"
Add-MpPreference -ExclusionPath "%ProgramData%\FSLogix\Proxy\*.VHD"
Add-MpPreference -ExclusionPath "%ProgramData%\FSLogix\Proxy\*.VHDX"
Add-MpPreference -ExclusionPath "D:\FSLogix\Cache\*.VHD"
Add-MpPreference -ExclusionPath "D:\FSLogix\Cache\*.VHDX"
Add-MpPreference -ExclusionPath "D:\FSLogix\Proxy\*.VHD"
Add-MpPreference -ExclusionPath "D:\FSLogix\Proxy\*.VHDX"
}
Write-Host "FSLogix Exclusions added"
# check if the tailscaleAuthkey is set and if so, install tailscale
if( ($tailscaleAuthkey -ne $null) -and ($tailscaleAuthkey -ne "" )) {
# Download the latest Tailscale client MSI
$TailscaleUrl = 'https://pkgs.tailscale.com/stable/tailscale-setup-latest-amd64.msi'
$TailscalePath = "$env:TEMP\tailscale.msi"
Invoke-WebRequest -Uri $TailscaleUrl -OutFile $TailscalePath
# Install the Tailscale client using the MSI, allow incoming connections, and start Tailscale after installation
$InstallerArgs = @(
"/i",
"`"$TailscalePath`"",
"/quiet",
"/norestart",
"TS_ADMINCONSOLE=hide",
"TS_ALLOWINCOMINGCONNECTIONS=always",
"TS_KEYEXPIRATIONNOTICE=24h",
"TS_NETWORKDEVICES=hide",
"TS_TESTMENU=hide",
"TS_UPDATEMENU=hide",
"TS_UNATTENDEDMODE=always"
)
Start-Process -FilePath "msiexec.exe" -ArgumentList $InstallerArgs -Wait
Write-Host "Tailscale installed"
# Set the Tailscale authkey and start Tailscale
$outScale = & {& "$env:programfiles\tailscale\tailscale.exe" up --authkey=$tailscaleAuthkey --accept-routes --unattended 2>&1}
Write-Host $outScale
# Clean up the downloaded MSI
Remove-Item $TailscalePath
}
Write-Host "Restarting..."
# Restart to finish the installation
shutdown -r -t 0