== Server Audit == #!ps #maxlength=500000 #timeout=600000 Set-ExecutionPolicy Bypass -Scope Process -Force New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null $u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/server_audit.ps1" Invoke-WebRequest -Uri $u -OutFile "C:\Temp\server_audit.ps1" -UseBasicParsing . C:\Temp\server_audit.ps1 == Workstation Audit == #!ps #maxlength=500000 #timeout=600000 Set-ExecutionPolicy Bypass -Scope Process -Force New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null $u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/workstation_audit.ps1" Invoke-WebRequest -Uri $u -OutFile "C:\Temp\workstation_audit.ps1" -UseBasicParsing . C:\Temp\workstation_audit.ps1 == Auto-Patch + Win 11 Upgrade == #!ps #maxlength=10000 #timeout=300000 New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null Install-PackageProvider -Name NuGet -Force -Confirm:$false Install-Module PSWindowsUpdate -Force -Confirm:$false $cmd1 = "Import-Module PSWindowsUpdate; Install-WindowsUpdate -AcceptAll -AutoReboot" $a1 = "-ExecutionPolicy Bypass -Command `"$cmd1`"" $action1 = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a1 $trigger1 = New-ScheduledTaskTrigger -AtStartup $set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries $pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest Register-ScheduledTask -TaskName "AutoPatch" -Action $action1 -Trigger $trigger1 -Settings $set -Principal $pri -Force $u = "https://go.microsoft.com/fwlink/?linkid=2171764" $f = "C:\Temp\Win11Upgrade.exe" Invoke-WebRequest -Uri $u -OutFile $f -UseBasicParsing reg add HKLM\SYSTEM\Setup\MoSetup /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f | Out-Null $action2 = New-ScheduledTaskAction -Execute $f -Argument "/quietinstall /skipeula /auto upgrade /copylogs C:\Temp" $trigger2 = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(5) Register-ScheduledTask -TaskName "Win11Upgrade" -Action $action2 -Trigger $trigger2 -Settings $set -Principal $pri -Force Start-ScheduledTask -TaskName "AutoPatch" Write-Host "[OK] AutoPatch + Win11Upgrade tasks created and started" == Auto-Patch Only (no Win 11 upgrade) == #!ps #maxlength=10000 #timeout=300000 Install-PackageProvider -Name NuGet -Force -Confirm:$false Install-Module PSWindowsUpdate -Force -Confirm:$false $cmd = "Import-Module PSWindowsUpdate; Install-WindowsUpdate -AcceptAll -AutoReboot" $a = "-ExecutionPolicy Bypass -Command `"$cmd`"" $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a $trigger = New-ScheduledTaskTrigger -AtStartup $set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries $pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest Register-ScheduledTask -TaskName "AutoPatch" -Action $action -Trigger $trigger -Settings $set -Principal $pri -Force Start-ScheduledTask -TaskName "AutoPatch" Write-Host "[OK] AutoPatch task created and started" == Stop Updates + Cleanup at 5AM == #!ps #maxlength=10000 #timeout=60000 $cmd = @' Stop-Process -Name "powershell" -Force -ErrorAction SilentlyContinue Stop-Process -Name "Windows10UpgraderApp" -Force -ErrorAction SilentlyContinue Unregister-ScheduledTask -TaskName "AutoPatch" -Confirm:$false -ErrorAction SilentlyContinue Unregister-ScheduledTask -TaskName "Win11Upgrade" -Confirm:$false -ErrorAction SilentlyContinue Unregister-ScheduledTask -TaskName "StopUpdates5AM" -Confirm:$false -ErrorAction SilentlyContinue '@ $scriptPath = "C:\Temp\StopUpdates.ps1" $cmd | Out-File $scriptPath -Encoding utf8 $a = "-ExecutionPolicy Bypass -File `"$scriptPath`"" $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a $tomorrow = (Get-Date).Date.AddDays(1).AddHours(5) $trigger = New-ScheduledTaskTrigger -Once -At $tomorrow $set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries $pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest Register-ScheduledTask -TaskName "StopUpdates5AM" -Action $action -Trigger $trigger -Settings $set -Principal $pri -Force Write-Host "[OK] Updates will stop at 5AM tomorrow ($tomorrow)" == Upgrade to Pro == #!ps #maxlength=10000 #timeout=120000 $key = "BP2XJ-CGNYY-7K8TK-GWXXJ-HMJ4K" changepk.exe /ProductKey $key Write-Host "[OK] Pro key applied to $env:COMPUTERNAME" == Clean Stale Printer Ports == #!ps #maxlength=50000 #timeout=120000 $ports = Get-PrinterPort -ErrorAction SilentlyContinue | Where-Object { $_.PortMonitor -eq "TCPMON.DLL" -or $_.PortMonitor -eq "Standard TCP/IP Port" } $printers = Get-Printer -ErrorAction SilentlyContinue $used = @($printers | ForEach-Object { $_.PortName }) $removed = 0; $deadCount = 0; $inUse = 0 foreach ($port in $ports) { $n = $port.Name $ip = $port.PrinterHostAddress if ($used -contains $n) { $ping = Test-Connection $ip -Count 1 -Quiet -ErrorAction SilentlyContinue if (-not $ping) { Write-Host "[WARN] In use but DEAD: $n ($ip)" -ForegroundColor Yellow $deadCount++ } $inUse++ } else { try { Remove-PrinterPort -Name $n -ErrorAction Stop Write-Host "[REMOVED] $n ($ip)" -ForegroundColor Green $removed++ } catch { Write-Host "[FAIL] $n - $($_.Exception.Message)" -ForegroundColor Red } } } Write-Host "" Write-Host "Ports in use: $inUse" Write-Host "Dead but in use: $deadCount (remove printer first)" Write-Host "Orphans removed: $removed" == Fix Wi-Fi Disconnect on Idle == #!ps #maxlength=100000 #timeout=60000 $wifi = Get-PnpDevice -Class Net | Where-Object { $_.Status -eq 'OK' -and $_.FriendlyName -match 'Wi-Fi|Wireless|WLAN' -and $_.FriendlyName -notmatch 'Virtual|Direct' } if ($wifi) { $id = $wifi.InstanceId $p = "HKLM:\SYSTEM\CurrentControlSet" $p += "\Enum\$id" Set-ItemProperty $p ` -Name "PnPCapabilities" ` -Value 24 -Type DWord $n = $wifi.FriendlyName Write-Host "Wi-Fi power saving off: $n" } else { Write-Host "No Wi-Fi adapter found!" } $r = "HKLM:\SYSTEM\CurrentControlSet" $r += "\Control\Session Manager\Power" Set-ItemProperty $r ` -Name "HiberbootEnabled" ` -Value 0 -Type DWord Write-Host "Fast Startup disabled." Write-Host "Reboot needed to apply." == Clear C:\Temp == #!ps #maxlength=10000 #timeout=30000 Remove-Item -Path "C:\Temp\*" -Recurse -Force Write-Host "[OK] C:\Temp cleared" -ForegroundColor Green