Windows System Administrator
- NTP
- Group Policy
- Scripts
- Get AD User Last Logon and Last Logon AD Server Script
- KMS Activation Script
- Get AD Group Member List Script
- Reset Local Account Script
- Offline WSUS Scan Script
- Net User Examples
- Test TCP Port
- Disable TLS 1.0 & 1.1
- Set Time Zone via CMD
- Harden IIS
NTP
NTP
Configuring w32time As NTP Client
Step 1: Stop the time service
net stop w32timeStep 2: Set the manual peer list of external servers
w32tm /config /syncfromflags:manual /manualpeerlist:“[server1],0x8 [server2],0x8”Step 3: Set the connection as reliable
w32tm /config /reliable:yesStep 4: Start the time service
net start w32timeStep 5: Test the configuration
w32tm /query /configurationor
w32tm /query /statusor
w32tm /query /peers NTP
Configure NTP Server in AD
Option 1 - Via GPO
Setup GPO for NTP Server and apply it to the Domain Controller.
Setup GPO for NTP Client for Member Server
Option 2 - Manually via Regedit
Enable NTP Server in Domain Controller.
- Change the server type to NTP. To do this, follow these steps:
- Select Start > Run, type regedit, and then select OK.
- Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters - In the pane on the right, right-click Type, and then select Modify.
- In Edit Value, type NTP in the Value data box, and then select OK.
-
Example:
- Set
AnnounceFlagsto 5. To do this, follow these steps:- Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config - In the pane on the right, right-click AnnounceFlags, and then select Modify.
- In Edit DWORD Value, type 5 in the Value data box, and then select OK.
- Example:
- Locate and then select the following registry subkey:
- Enable NTPServer. To do this, follow these steps:
- Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer - In the pane on the right, right-click Enabled, and then select Modify.
- In Edit DWORD Value, type 1 in the Value data box, and then select OK.
- Example:
- Locate and then select the following registry subkey:
- Specify the time sources. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters - In the pane on the right, right-click NtpServer, and then select Modify.
- In Edit Value, type Peers in the Value data box, and then select OK.
- Example:
- Locate and then click the following registry subkey:
-
Configure the time correction settings. To do this, follow these steps:
-
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config -
In the pane on the right, right-click MaxPosPhaseCorrection, and then select Modify.
-
In Edit DWORD Value, click to select Decimal in the Base box.
-
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then select OK.
-
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config -
In the pane on the right, right-click MaxNegPhaseCorrection, and then select Modify.
-
In Edit DWORD Value, click to select Decimal in the Base box.
-
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then select OK.
- Example:
-
-
Close Registry Editor.
-
At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
net stop w32time && net start w32timeGroup Policy
Group Policy
Windows Server Audit Policy
Backup
To backup existing auditing settings:
auditpol /backup /file:C:\Temp\Audit.txtRestore
To restore the auditing settings:
auditpol /restore /file:C:\Temp\Audit.txtDisplay Settings
To check the auditing settings:
auditpol /get /category:*Clear Settings
Option 1 - Copy and paste from good server
- 'auditpol /backup /file:c:\temp\audit.txt' on a good DC in the lab
- 'auditpol /backup /file:c:\temp\audit.txt' on the borked DC
- Open c:\temp\audit.txt on the borked DC
- Copy/paste the contents from the good DC into audit.txt on borked DC in notepad
- Replace good DC name with borked DC name and save file
- 'auditpol /restore /file:c:\temp\audit.txt'
Option 2 - Reset everything
To clear or rollback to defaults settings:
- Reset all of your local advanced audit settings. If you did this via GPO, reset the settings in this GPO.
For local policies delete the Audit.csv from all of these locations. Some may be hidden, but they are there!!auditpol /clear
- C:\Windows\security\audit
- C:\Windows\System32\GroupPolicy\Machine\Microsoft\Windows NT\Audit
For domain based policy this will be in SYSVOL
- \[Domain]\sysvol[Domain]\Policies{GUID}\Machine\Microsoft\Windows NT\Audit - You must set the local policy “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” to DISABLED.
In GPO, "Security Settings->Local Policies->Security Options", setting "Audit: Force audit policy subcategory settings".
When you do this and it is applied you will see the registry key HKLM\SYSTEM\CurrentControlSet\Control\Lsa – SCENoApplyLegacyAuditPolicy = 0 (DWORD)
-
Now reboot or “gpupdate /force” and you should be back to the start again.
Group Policy
GPO WMI Filters
Hostname Filter
Select * From Win32_ComputerSystem Where Name = "ComputerName"
Windows 2019 Domain Controller Filter
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "10.0.17763" AND ProductType LIKE "2"
Windows 2019 Member Server Filter
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "10.0.17763" AND ProductType LIKE "3"
Windows Server 2016 Domain Controller Filter
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "10.0.14393" AND ProductType LIKE "2"
Windows Server 2016 Server Member Filter
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "10.0.14393" AND ProductType LIKE "3"
Windows Server 2012 R2 Server Member Filter
SELECT * FROM Win32_OperatingSystem WHERE Version LIKE "6.3%" AND ProductType="3"
Windows Server Member (Hyper-V) Filter
SELECT * FROM Win32_ServerFeature WHERE ID=20
Windows Web Service (IIS) Role Filter
SELECT Name FROM Win32_ServerFeature WHERE Name = "Web Server (IIS)"
Group Policy
Reset GPO
To clear Local GPO
Delete everything inside the GPO folder
RD /S /Q "%WinDir%\System32\GroupPolicyUsers" && RD /S /Q "%WinDir%\System32\GroupPolicy"To clear Domain GPO
Make a backup of the GPO in the domain first.
To reset the Default Domain Controller Policy:
dcgpofix /ignoreschema /target:DCTo reset the Default Domain Policy:
dcgpofix /ignoreschema /target:DomainScripts
Scripts
Get AD User Last Logon and Last Logon AD Server Script
Save this as .ps1 file and run as admin in the Domain Controller
Import-Module ActiveDirectory
function Get-ADUsersLastLogon()
{
$dateinfile = (Get-Date).AddMonths(-1).ToString('yyyy-MM')
$domain = (Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem | Select Domain).Domain
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$users = Get-ADUser -Filter * -Properties *
$time = 0
$exportFilePath = "c:\temp\$dateinfile - $domain - ADUser_lastLogon.csv"
$columns = "Name,UserName,Description,AccountDisabled,CreationDate,LastLogonTime,LastLogonServer,PasswordLastSet"
Out-File -filepath $exportFilePath -force -InputObject $columns
foreach($user in $users)
{
$timearray = [System.Collections.ArrayList]@()
$rowarray = [System.Collections.ArrayList]@()
foreach($dc in $dcs)
{
$currentUser = Get-ADUser $user.SamAccountName | Get-ADObject -Server $dc.HostName -Properties lastLogon
if ($currentUser.lastlogon -eq $null -or $currentUser.lastlogon -eq 0){
$dt = 0
}
else {
$time = $currentUser.LastLogon
$dt = [DateTime]::FromFileTime($time).ToString("dd/MM/yyyy HH:mm:ss")
}
$timearray.Add($dt)
if($user.Enabled){
$disable = "No"
}else{
$disable = "Yes"
}
if ($user.passwordlastset -eq $null){
$pwdset = 0
}else{
$pwdset = $user.passwordlastset.ToString("dd/MM/yyyy HH:mm:ss")
}
$row = $user.SamAccountName +","+ $user.Name+","+
$user.Description+","+ $disable+","+
$user.whenCreated.ToString("dd/MM/yyyy HH:mm:ss")+","+
$dt+","+
$dc.Name+","+
$pwdset+","
$rowarray.add($row);
}
$newest = ($timearray | measure -Maximum).Maximum
write-host $user.name $newest $rowarray[$rowarray.indexof($newest)]
Out-File -filepath $exportFilePath -append -noclobber -InputObject $rowarray[$timearray.indexof($newest)]
$time = 0
}
}
Get-ADUsersLastLogonScripts
KMS Activation Script
Save this at .bat file and run as admin
@echo off
:: For unattended mode, run the script with /u parameter.
::========================================================================================================================================
:: Change to 1 to enable debug mode
set _Debug=0
:: Change to 0 to turn OFF Windows or Office activation via the script
:: - This is not effective if Windows and/or Office installation is already Volume (GVLK installed)
:: - In [Online KMS + Digital License] $OEM$ preactivation, Windows KMS activation is turned off by default.
set ActWindows=1
set ActOffice=1
:: Change to 0 to revert Windows 10 KMS38 to normal KMS
set SkipKMS38=1
:: Server List - You can edit the Online KMS Servers in below line.
set "servers=kms.srv.crsoo.com kms.digiboy.ir kms8.MSGuides.com kms.loli.beer kms.lolico.moe kms.moeclub.org kms.garybear.tk kms.chinancce.com"
:: Change to 1 to clear KMS cache after the activation.
:: - Registered KMS server address (cache) enables the system to automatically renew the license (for next 180 days) every 7 days, as long as the server is online.
:: - This process is same as how the legal KMS suppose to work, so no security program will flag this behavior.
:: - Changing this option here won't have any effect if manual (Desktop Context menu) and/or auto, renewal activation script is installed. [default (0)].
:: - I recommend to leave this option as default (0).
set Clear-KMS-Cache=0
: ##################################################################
: # NORMALY THERE IS NO NEED TO CHANGE ANYTHING BELOW THIS COMMENT #
: ##################################################################
::========================================================================================================================================
::========================================================================================================================================
: ======================================================================
: This script is a fork of KMS_VL_ALL-SppExtComObjPatcher Project
: The main project is maintained by @abbodi1406 (MDL)
: https://forums.mydigitallife.net/posts/838808
: Thanks to @RPO (MDL), for providing the help in making of this fork.
: ======================================================================
: =================================================================
: This script is a part of 'Microsoft Activation Scripts'
: Maintained by @WindowsAddict
: Homepage - https://www.nsaneforums.com/topic/316668--/
: =================================================================
::========================================================================================================================================
::========================================================================================================================================
cls
title Online KMS Activation
if /i "%*" EQU "/u" (set Unattended=1) else (set Unattended=0)
if defined Renewal_Task set Task=1
if defined Run_Once set Task=1
if defined Task set Unattended=1& set DateTime=1
if defined SkipWin set ActWindows=0
for /f "tokens=6 delims=[]. " %%G in ('ver') do set winbuild=%%G
set "EchoRed=powershell write-host -back Black -fore Red"
set "EchoGreen=powershell write-host -back Black -fore Green"
set "ELine=echo. & %EchoRed% ==== ERROR ==== &echo."
setlocal EnableDelayedExpansion
::========================================================================================================================================
: ===========================================================
: Check if the file path name contains special characters
: https://stackoverflow.com/a/33626625
: Written by @jeb (stackoverflow)
: Thanks to @abbodi1406 (MDL) for the help.
: ===========================================================
setlocal
setlocal DisableDelayedExpansion
set "param=%~f0"
cmd /v:on /c echo(^^!param^^!| findstr /R "[| ` ~ ! @ %% \^ & ( ) \[ \] { } + = ; ' , |]*^"
endlocal
if %errorlevel% EQU 0 (
%ELine%
echo Disallowed special characters detected in file path name.
echo Make sure file path name do not have following special characters,
echo ^` ^~ ^! ^@ %% ^^ ^& ^( ^) [ ] { } ^+ ^= ^; ^' ^,
goto Done
)
::========================================================================================================================================
if %winbuild% LSS 7600 (
%ELine%
echo Unsupported OS version Detected.
echo Project is supported only for Windows 7/8/8.1/10 and their Server equivalent.
goto Done
)
::========================================================================================================================================
: ================================================
: Self-elevate passing args and preventing loop
: Written by @AveYo aka @BAU
: ================================================
reg query HKEY_USERS\S-1-5-20 1>nul 2>nul && goto GotPrivileges
If "%ElevError%"=="Y" goto Elev_Err
set "args="%~f0" %*" & call set "args=%%args:"=\"%%"
echo Initializing...
powershell -c "start cmd -ArgumentList '/c set ElevError=Y& call %args%' -verb runas" && exit /b
:Elev_Err
%ELine%
echo Right click on this file and select 'Run as administrator'
goto Done
:GotPrivileges
::========================================================================================================================================
If defined Task call :_Start_>>"%windir%\Online_KMS_Activation_Script\Logs.txt" & exit
:_Start_
If defined Task call :Activation_Start & echo Exiting... & echo. & exit /b
::========================================================================================================================================
: ======================================================
: Set buffer height independently of window height
: https://stackoverflow.com/a/13351373
: Written by @dbenham (stackoverflow)
: ======================================================
mode con: cols=98 lines=30
powershell -command "&{$H=get-host;$W=$H.ui.rawui;$B=$W.buffersize;$B.width=98;$B.height=160;$W.buffersize=$B;}"
::========================================================================================================================================
if "%~f0"=="%ProgramData%\Online_KMS_Activation.cmd" echo Running: %~f0 & timeout /t 2 >nul & cls
setlocal
call :Activation_Start
@echo off
endlocal
setlocal
call :Clear-KMS-Cache
endlocal
::========================================================================================================================================
:Done
echo.
if %_Debug% EQU 1 exit /b
if %Unattended% EQU 1 (
echo Exiting in 5 seconds...
if %winbuild% LSS 7600 (ping -n 5 127.0.0.1 > nul) else (timeout /t 5)
exit /b
)
echo Press any key to exit...
pause >nul
exit /b
::========================================================================================================================================
:Clear-KMS-Cache
If exist "%windir%\Online_KMS_Activation_Script" exit /b
if exist "%ProgramData%\Online_KMS_Activation.cmd" exit /b
if %Clear-KMS-Cache% NEQ 1 exit /b
: ==================================================
: Clear-KMS-Cache.cmd
: https://forums.mydigitallife.net/posts/1511883
: Written by @abbodi1406 (MDL)
: ==================================================
set "SysPath=%Windir%\System32"
if exist "%Windir%\Sysnative\reg.exe" (set "SysPath=%Windir%\Sysnative")
set "Path=%SysPath%;%Windir%;%SysPath%\Wbem;%SysPath%\WindowsPowerShell\v1.0\"
set "OSPP=SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform"
set "SPPk=SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform"
wmic path SoftwareLicensingProduct where (Description like '%%KMSCLIENT%%') get Name 2>nul | findstr /i Windows 1>nul && (set SppHook=1) || (set SppHook=0)
wmic path SoftwareLicensingProduct where (Description like '%%KMSCLIENT%%') get Name 2>nul | findstr /i Office 1>nul && (set SppHook=1)
wmic path OfficeSoftwareProtectionService get Version >nul 2>&1 && (set OsppHook=1) || (set OsppHook=0)
if %SppHook% NEQ 0 call :cKMS SoftwareLicensingProduct SoftwareLicensingService SPP
if %OsppHook% NEQ 0 call :cKMS OfficeSoftwareProtectionProduct OfficeSoftwareProtectionService OSPP
call :cREG >nul 2>&1
%EchoGreen% Cleared KMS Cache successfully.
exit /b
:cKMS
set spp=%1
set sps=%2
for /f "tokens=2 delims==" %%G in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%') get ID /VALUE" 2^>nul') do (set app=%%G&call :cAPP)
for /f "tokens=2 delims==" %%A in ('"wmic path %sps% get Version /VALUE"') do set ver=%%A
wmic path %sps% where version='%ver%' call ClearKeyManagementServiceMachine >nul 2>&1
wmic path %sps% where version='%ver%' call ClearKeyManagementServicePort >nul 2>&1
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceDnsPublishing 1 >nul 2>&1
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceHostCaching 1 >nul 2>&1
goto :eof
:cAPP
wmic path %spp% where ID='%app%' call ClearKeyManagementServiceMachine >nul 2>&1
wmic path %spp% where ID='%app%' call ClearKeyManagementServicePort >nul 2>&1
goto :eof
:cREG
reg delete "HKLM\%SPPk%\55c92734-d682-4d71-983e-d6ec3f16059f" /f
reg delete "HKLM\%SPPk%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%SPPk%" /f /v KeyManagementServiceName
reg delete "HKLM\%SPPk%" /f /v KeyManagementServicePort
reg delete "HKU\S-1-5-20\%SPPk%\55c92734-d682-4d71-983e-d6ec3f16059f" /f
reg delete "HKU\S-1-5-20\%SPPk%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%\59a52881-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%" /f /v KeyManagementServiceName
reg delete "HKLM\%OSPP%" /f /v KeyManagementServicePort
if %OsppHook% NEQ 1 (
reg delete "HKLM\%OSPP%" /f
reg delete "HKU\S-1-5-20\%OSPP%" /f
)
goto :eof
:=========================================================================================================================================
:=========================================================================================================================================
:=========================================================================================================================================
:=========================================================================================================================================
:Activation_Start
:: change External to 1 and set KMS_IP address to activate via external KMS server
set External=1
:: ### Advanced Options ###
:: change KMS auto renewal schedule, range in minutes: from 15 to 43200
:: example: 10080 = weekly, 1440 = daily, 43200 = monthly
set KMS_RenewalInterval=10080
:: change KMS reattempt schedule for failed activation or unactivated, range in minutes: from 15 to 43200
set KMS_ActivationInterval=120
:: change Hardware Hash for local KMS emulator server (only affect Windows 8.1 and 10)
set KMS_HWID=0x3A1C049600B60076
:: change KMS TCP port
set KMS_Port=1688
set KMS_Emulation=1
set Unattend=1
set Silent=0
set Logger=0
set "SysPath=%Windir%\System32"
if exist "%Windir%\Sysnative\reg.exe" (set "SysPath=%Windir%\Sysnative")
set "Path=%SysPath%;%Windir%;%SysPath%\Wbem;%SysPath%\WindowsPowerShell\v1.0\"
set "_err===== ERROR ===="
set _args=%1
fsutil dirty query %SystemDrive% >nul 2>&1 || goto :E_Admin
if defined _args (
if /i "%~1"=="/u" set Unattend=1
if /i "%~1"=="/s" set Silent=1
if /i "%~1"=="/d" set _Debug=1
if /i "%~2"=="/d" set _Debug=1
if /i "%~2"=="/l" set Logger=1
)
if %Silent% EQU 1 (
set Unattend=1
)
set "_run=nul"
if %Logger% EQU 1 (
set _run="%~dp0Activate.log"
)
set "_temp=%SystemRoot%\Temp"
set "_log=%~dpn0"
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"
setlocal EnableExtensions EnableDelayedExpansion
if %_Debug% EQU 0 (
set "_Nul1=1>nul"
set "_Nul2=2>nul"
set "_Nul6=2^>nul"
set "_Nul3=1>nul 2>nul"
set "_Pause=pause >nul"
if %Unattend% EQU 1 set "_Pause="
if %Silent% EQU 0 (call :Begin) else (call :Begin >!_run! 2>&1)
) else (
set "_Nul1="
set "_Nul2="
set "_Nul6="
set "_Nul3="
set "_Pause="
if %Silent% EQU 0 (
echo.
echo Running in Debug Mode...
echo The window will be closed when finished
)
copy /y nul "!_work!\#.rw" 1>nul 2>nul && (if exist "!_work!\#.rw" del /f /q "!_work!\#.rw") || (set "_log=!_temp!\%~n0")
@echo on
@prompt $G
@call :Begin >"!_log!.tmp" 2>&1 &cmd /u /c type "!_log!.tmp">"!_log!_Debug.log"&del "!_log!.tmp"
)
@exit /b
:Begin
::========================================================================================================================================
: ===================================================
: Multi KMS servers integration
: 1688 Port Test, Internet Test with Powershell
: Written by @RPO (MDL)
: ===================================================
If defined Renewal_Task set T_Name=Renewal_Task
If defined Run_Once set T_Name=Run_Once_[Activation_Task]
if defined DateTime (
echo ========================================================================================================
echo ----------------------------
Echo %T_Name%
echo ----------------------------
echo ----------------------------------------------
echo Date : %date% Time : %time%
echo ----------------------------------------------
)
set /a loop=1
set /a max_loop=1
if defined Renewal_Task set /a max_loop=3
if defined Run_Once set /a max_loop=5
:repeat
powershell -nologo "If([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet){Exit 0}Else{Exit 1}"
if %errorlevel%==0 (goto IntConnected)
(
if %loop%== %max_loop% (
%ELine%
echo Internet is not connected.
echo. &exit /b 1
)
echo Checking: Internet is not connected.
echo Waiting 30 s
timeout /t 30 >nul
set /a loop=%loop%+1
goto repeat
)
:IntConnected
set n=1&for %%a in (%servers%) do (set server[!n!]=%%a&set /A n+=1)&set /a max_servers=!n!-1
set server_num=1
set /a online_server_count=0
echo.
:server
if %online_server_count%==2 (
%EchoRed% Error: Activation was not successful.
echo Restart the system and try again.
echo Read the troubleshoot guide in ReadMe.txt
echo.
echo ------------------------------------------------------------------
echo.
exit /b 1
)
set /a activation_ok=1
if %server_num% gtr !max_servers! (
echo ------------------------------------------------------------------
echo.
%EchoRed% Error: Internet is not connected.
echo.
echo ------------------------------------------------------------------
echo.
exit /b 1
)
set KMS_IP=!server[%server_num%]!
if %WinBuild% GEQ 9600 powershell -nologo -command test-netconnection %KMS_IP% -port 1688 -InformationLevel Quiet | findstr /i true %_Nul3%
if %WinBuild% LSS 9600 powershell New-Object System.Net.Sockets.TCPClient -ArgumentList %KMS_IP%, 1688 | findstr /irC:"connected.*true" %_Nul3%
if %errorlevel% NEQ 0 (
set /a server_num+=1
goto :server
)
echo KMS Server: ^(%KMS_IP%^)
set /a online_server_count+=1
::========================================================================================================================================
if %ActWindows% EQU 0 if %ActOffice% EQU 0 (echo.&echo Both Windows and Office activations are OFF...&goto :END)
set AUR=0
if exist "%SystemRoot%\system32\SppExtComObj*.dll" (
dir /b /al "%SystemRoot%\system32\SppExtComObjHook.dll" %_Nul3% || set AUR=1
)
if %External% EQU 1 (
set AUR=1
)
if %External% EQU 0 (
set KMS_IP=172.16.0.2
)
if %AUR% EQU 0 (
set KMS_ActivationInterval=43200
set KMS_RenewalInterval=43200
)
set xOS=x64
if /i "%PROCESSOR_ARCHITECTURE%"=="x86" (if not defined PROCESSOR_ARCHITEW6432 set xOS=Win32)
set "IFEO=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
set "OSPP=SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform"
set "SPPk=SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform"
wmic path SoftwareLicensingProduct where (Description like '%%KMSCLIENT%%') get Name %_Nul2% | findstr /i Windows %_Nul1% && (set SppHook=1) || (set SppHook=0)
wmic path OfficeSoftwareProtectionService get Version %_Nul3% && (set OsppHook=1) || (set OsppHook=0)
for /f "tokens=6 delims=[]. " %%G in ('ver') do set winbuild=%%G
if %winbuild% GEQ 9200 (
set OSType=Win8
) else if %winbuild% GEQ 7600 (
set OSType=Win7
) else (
goto :UnsupportedVersion
)
if %winbuild% GEQ 9600 (
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /f /v NoGenTicket /t REG_DWORD /d 1 %_Nul3%
)
SET Win10Gov=0
IF %winbuild% LSS 14393 GOTO :Main
SET "RegKey=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages"
SET "Pattern=Microsoft-Windows-*Edition~31bf3856ad364e35"
SET "EditionPKG=NUL"
FOR /F "TOKENS=8 DELIMS=\" %%A IN ('REG QUERY "%RegKey%" /f "%Pattern%" /k %_Nul6% ^| FIND /I "CurrentVersion"') DO (
REG QUERY "%RegKey%\%%A" /v "CurrentState" %_Nul2% | FIND /I "0x70" %_Nul1% && (
FOR /F "TOKENS=3 DELIMS=-~" %%B IN ('ECHO %%A') DO SET "EditionPKG=%%B"
)
)
IF /I "%EditionPKG:~-7%"=="Edition" (
SET "EditionID=%EditionPKG:~0,-7%"
) ELSE (
FOR /F "TOKENS=3 DELIMS=: " %%A IN ('DISM /English /Online /Get-CurrentEdition %_Nul6% ^| FIND /I "Current Edition :"') DO SET "EditionID=%%A"
)
FOR /F "TOKENS=2 DELIMS==" %%A IN ('"WMIC PATH SoftwareLicensingProduct WHERE (Name LIKE 'Windows%%' AND PartialProductKey is not NULL) GET LicenseFamily /VALUE" %_Nul6%') DO IF NOT ERRORLEVEL 1 SET "EditionWMI=%%A"
IF NOT DEFINED EditionWMI (
IF %winbuild% GEQ 17063 FOR /F "SKIP=2 TOKENS=3 DELIMS= " %%A IN ('REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionId') DO SET "EditionID=%%A"
GOTO :Main
)
FOR %%A IN (Cloud,CloudN,IoTEnterprise,IoTEnterpriseS,ProfessionalSingleLanguage,ProfessionalCountrySpecific) DO (IF /I "%EditionWMI%"=="%%A" GOTO :Main)
SET EditionID=%EditionWMI%
FOR %%A IN (EnterpriseG,EnterpriseGN) DO (IF /I "%EditionID%"=="%%A" SET Win10Gov=1)
:Main
if %AUR% EQU 0 if not exist "!_work!\bin\!xOS!.dll" goto :E_DLL
call :StopService sppsvc
if %OsppHook% NEQ 0 call :StopService osppsvc
if %AUR% EQU 0 call :InstallHook
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds %_Nul3% && set "_C2R=HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration"
if not defined _C2R reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds %_Nul3% && set "_C2R=HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\ClickToRun\Configuration"
for %%A in (14,15,16,19) do call :officeLoc %%A
if %AUR% EQU 1 if %External% EQU 0 (
if %winbuild% GEQ 9200 call :UpdateIFEOEntry SppExtComObj.exe
if %winbuild% LSS 9200 call :UpdateIFEOEntry sppsvc.exe
call :UpdateIFEOEntry osppsvc.exe
)
if %AUR% EQU 1 if %External% EQU 1 (
call :UpdateOSPPEntry osppsvc.exe
)
call :SPP
if %ActOffice% NEQ 0 call :OSPP
if %ActOffice% EQU 0 (echo.&echo Office activation is OFF...)
if exist "!_temp!\*chk.txt" del /f /q "!_temp!\*chk.txt"
if exist "!_temp!\slmgr.vbs" del /f /q "!_temp!\slmgr.vbs"
call :StopService sppsvc
if %OsppHook% NEQ 0 call :StopService osppsvc
if %AUR% EQU 0 call :UninstallHook
sc start sppsvc trigger=timer;sessionid=0 %_Nul3%
echo.
if %activation_ok%==0 (
echo ------------------------------------------------------------------ &echo.
if not %online_server_count%==2 (
echo Activation wasn't successful. Trying another server...&echo.
echo ------------------------------------------------------------------ &echo.
)
set /a server_num+=1
goto :server
)
if defined Run_Once (
echo Deleting Scheduled Task Online_KMS_Activation_Script-Run_Once
echo Deleting File %windir%\Online_KMS_Activation_Script\Online_KMS_Activation_Script-Run_Once.cmd
schtasks /delete /tn Online_KMS_Activation_Script-Run_Once /f 1>nul 2>nul
del /f /q %windir%\Online_KMS_Activation_Script\Online_KMS_Activation_Script-Run_Once.cmd >nul 2>&1
)
goto :END
:SPP
set spp=SoftwareLicensingProduct
set sps=SoftwareLicensingService
set W1nd0ws=1
set WinPerm=0
set WinVL=0
set Off1ce=0
if %winbuild% GEQ 9200 if %ActOffice% NEQ 0 (
call :sppoff
if !Off1ce! EQU 0 (echo.&echo !aword! Office 2013/2016/2019 Product Detected...)
)
wmic path %spp% where (Description like '%%KMSCLIENT%%') get Name %_Nul2% | findstr /i Windows %_Nul1% && (set WinVL=1) || (echo.&echo No Supported KMS Client Windows Detected...)
if %Off1ce% EQU 0 if %WinVL% EQU 0 exit /b
if %AUR% EQU 0 (
reg delete "HKLM\%SPPk%\55c92734-d682-4d71-983e-d6ec3f16059f" /f %_Nul3%
reg delete "HKLM\%SPPk%\0ff1ce15-a989-479d-af46-f275c6370663" /f %_Nul3%
)
wmic path %spp% where (Description like '%%KMSCLIENT%%' and PartialProductKey is not NULL) get Name %_Nul2% | findstr /i Windows %_Nul1% && (set gvlk=1) || (set gvlk=0)
set gpr=0
if %winbuild% GEQ 10240 if %SkipKMS38% NEQ 0 if %gvlk% EQU 1 for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%' and Name like 'Windows%%' and PartialProductKey is not NULL) get GracePeriodRemaining /VALUE" %_Nul6%') do set "gpr=%%A"
if %gpr% NEQ 0 if %gpr% GTR 259200 (
set W1nd0ws=0
wmic path %spp% where "Description like '%%KMSCLIENT%%' and Name like 'Windows%%' and PartialProductKey is not NULL" get LicenseFamily %_Nul2% | findstr /i EnterpriseG %_Nul1% && (call set W1nd0ws=1)
)
for /f "tokens=2 delims==" %%A in ('"wmic path %sps% get Version /VALUE"') do set ver=%%A
wmic path %sps% where version='%ver%' call SetKeyManagementServiceMachine MachineName="%KMS_IP%" %_Nul3%
wmic path %sps% where version='%ver%' call SetKeyManagementServicePort %KMS_Port% %_Nul3%
if %W1nd0ws% EQU 0 for /f "tokens=2 delims==" %%G in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%' and Name like 'Windows%%') get ID /VALUE"') do (set app=%%G&call :sppchkwin)
if %W1nd0ws% EQU 1 if %ActWindows% NEQ 0 for /f "tokens=2 delims==" %%G in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%' and Name like 'Windows%%') get ID /VALUE"') do (set app=%%G&call :sppchkwin)
if %W1nd0ws% EQU 1 if %ActWindows% EQU 0 (echo.&echo Windows activation is OFF...)
if %Off1ce% EQU 1 if %ActOffice% NEQ 0 for /f "tokens=2 delims==" %%G in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%' and Name like 'Office%%') get ID /VALUE"') do (set app=%%G&call :sppchkoff)
if %AUR% EQU 0 (
call :cKMS %_Nul3%
call :cREG %_Nul3%
) else (
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceDnsPublishing 0 %_Nul3%
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceHostCaching 0 %_Nul3%
)
exit /b
:sppoff
set spp_off15=0&set spp_off16=0&set spp_off19=0
wmic path %spp% where (Description like '%%KMSCLIENT%%') get Name > "!_temp!\sppchk.txt" 2>&1
find /i "Office 15" "!_temp!\sppchk.txt" %_Nul1% && (set spp_off15=1)
find /i "Office 16" "!_temp!\sppchk.txt" %_Nul1% && (set spp_off16=1)
find /i "Office 19" "!_temp!\sppchk.txt" %_Nul1% && (set spp_off19=1)
for %%A in (15,16,19) do if !loc_off%%A! EQU 0 set spp_off%%A=0
set loc_offgl=1
if %loc_off15% EQU 0 if %loc_off16% EQU 0 if %loc_off19% EQU 0 (set loc_offgl=0)
if %loc_offgl% EQU 1 set Off1ce=1
set spp_offgl=1
if %spp_off15% EQU 0 if %spp_off16% EQU 0 if %spp_off19% EQU 0 (set spp_offgl=0)
if %spp_offgl% EQU 0 (
set Off1ce=0
if %loc_offgl% EQU 0 set "aword=No Installed"
if %loc_offgl% EQU 1 set "aword=No Supported KMS Client"
)
exit /b
:sppchkoff
wmic path %spp% where ID='%app%' get Name > "!_temp!\sppchk.txt"
find /i "Office 15" "!_temp!\sppchk.txt" %_Nul1% && (if %loc_off15% EQU 0 exit /b)
find /i "Office 16" "!_temp!\sppchk.txt" %_Nul1% && (if %loc_off16% EQU 0 exit /b)
find /i "Office 19" "!_temp!\sppchk.txt" %_Nul1% && (if %loc_off19% EQU 0 exit /b)
set office=1
wmic path %spp% where (PartialProductKey is not NULL) get ID %_Nul2% | findstr /i "%app%" %_Nul1% && (echo.&call :activate %app%&exit /b)
for /f "tokens=3 delims==, " %%G in ('"wmic path %spp% where ID='%app%' get Name /value"') do set OffVer=%%G
call :offchk%OffVer%
exit /b
:sppchkwin
set office=0
if %winbuild% GEQ 14393 if %gvlk% EQU 0 wmic path %spp% where (Description like '%%KMSCLIENT%%' and PartialProductKey is not NULL) get Name %_Nul2% | findstr /i Windows %_Nul1% && (set gvlk=1)
wmic path %spp% where ID='%app%' get LicenseStatus %_Nul2% | findstr "1" %_Nul1% && (echo.&call :activate %app%&exit /b)
wmic path %spp% where (PartialProductKey is not NULL) get ID %_Nul2% | findstr /i "%app%" %_Nul1% && (echo.&call :activate %app%&exit /b)
if %gvlk% EQU 1 exit /b
if %WinPerm% EQU 1 exit /b
if %winbuild% LSS 10240 (call :winchk&exit /b)
for %%A in (
b71515d9-89a2-4c60-88c8-656fbcca7f3a,af43f7f0-3b1e-4266-a123-1fdb53f4323b,075aca1f-05d7-42e5-a3ce-e349e7be7078
11a37f09-fb7f-4002-bd84-f3ae71d11e90,43f2ab05-7c87-4d56-b27c-44d0f9a3dabd,2cf5af84-abab-4ff0-83f8-f040fb2576eb
6ae51eeb-c268-4a21-9aae-df74c38b586d,ff808201-fec6-4fd4-ae16-abbddade5706,34260150-69ac-49a3-8a0d-4a403ab55763
4dfd543d-caa6-4f69-a95f-5ddfe2b89567,5fe40dd6-cf1f-4cf2-8729-92121ac2e997,903663f7-d2ab-49c9-8942-14aa9e0a9c72
2cc171ef-db48-4adc-af09-7c574b37f139,5b2add49-b8f4-42e0-a77c-adad4efeeeb1
) do (
if /i '%app%' EQU '%%A' exit /b
)
if not defined EditionID (call :winchk&exit /b)
if /i '%app%' EQU '0df4f814-3f57-4b8b-9a9d-fddadcd69fac' if /i %EditionID% NEQ CloudE exit /b
if /i '%app%' EQU 'e0c42288-980c-4788-a014-c080d2e1926e' if /i %EditionID% NEQ Education exit /b
if /i '%app%' EQU '73111121-5638-40f6-bc11-f1d7b0d64300' if /i %EditionID% NEQ Enterprise exit /b
if /i '%app%' EQU '2de67392-b7a7-462a-b1ca-108dd189f588' if /i %EditionID% NEQ Professional exit /b
if /i '%app%' EQU '3f1afc82-f8ac-4f6c-8005-1d233e606eee' if /i %EditionID% NEQ ProfessionalEducation exit /b
if /i '%app%' EQU '82bbc092-bc50-4e16-8e18-b74fc486aec3' if /i %EditionID% NEQ ProfessionalWorkstation exit /b
if /i '%app%' EQU '3c102355-d027-42c6-ad23-2e7ef8a02585' if /i %EditionID% NEQ EducationN exit /b
if /i '%app%' EQU 'e272e3e2-732f-4c65-a8f0-484747d0d947' if /i %EditionID% NEQ EnterpriseN exit /b
if /i '%app%' EQU 'a80b5abf-76ad-428b-b05d-a47d2dffeebf' if /i %EditionID% NEQ ProfessionalN exit /b
if /i '%app%' EQU '5300b18c-2e33-4dc2-8291-47ffcec746dd' if /i %EditionID% NEQ ProfessionalEducationN exit /b
if /i '%app%' EQU '4b1571d3-bafb-4b40-8087-a961be2caf65' if /i %EditionID% NEQ ProfessionalWorkstationN exit /b
if /i '%app%' EQU '58e97c99-f377-4ef1-81d5-4ad5522b5fd8' if /i %EditionID% NEQ Core exit /b
if /i '%app%' EQU 'cd918a57-a41b-4c82-8dce-1a538e221a83' if /i %EditionID% NEQ CoreSingleLanguage exit /b
if /i '%app%' EQU 'ec868e65-fadf-4759-b23e-93fe37f2cc29' if /i %EditionID% NEQ ServerRdsh exit /b
if /i '%app%' EQU 'e4db50ea-bda1-4566-b047-0ca50abc6f07' if /i %EditionID% NEQ ServerRdsh exit /b
if /i '%app%' EQU 'e4db50ea-bda1-4566-b047-0ca50abc6f07' (
wmic path %spp% where 'Description like "%%KMSCLIENT%%"' get ID | findstr /i "ec868e65-fadf-4759-b23e-93fe37f2cc29" %_Nul3% && (exit /b)
)
call :winchk
exit /b
:winchk
if not defined tok (if %winbuild% GEQ 9200 (set "tok=4") else (set "tok=7"))
if not defined wApp set wApp=55c92734-d682-4d71-983e-d6ec3f16059f
wmic path %spp% where (LicenseStatus='1' and Description like '%%KMSCLIENT%%') get Name %_Nul2% | findstr /i "Windows" %_Nul3% && (exit /b)
echo.
wmic path %spp% where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL) get Name %_Nul2% | findstr /i "Windows" %_Nul3% && (
set WinPerm=1
)
if %WinPerm% EQU 0 (
wmic path %spp% where "ApplicationID='%wApp%' and LicenseStatus='1'" get Name %_Nul2% | findstr /i "Windows" %_Nul3% && (
for /f "tokens=%tok% delims=, " %%G in ('"wmic path %spp% where (ApplicationID='%wApp%' and LicenseStatus='1') get Description /VALUE"') do set "channel=%%G"
for %%A in (VOLUME_MAK, RETAIL, OEM_DM, OEM_SLP, OEM_COA, OEM_COA_SLP, OEM_COA_NSLP, OEM_NONSLP, OEM) do if /i "%%A"=="!channel!" set WinPerm=1
)
)
if %WinPerm% EQU 0 (
copy /y %Windir%\System32\slmgr.vbs "!_temp!\slmgr.vbs" %_Nul3%
cscript //nologo "!_temp!\slmgr.vbs" /xpr %_Nul2% | findstr /i "permanently" %_Nul3% && set WinPerm=1
)
if %WinPerm% EQU 1 (
for /f "tokens=2 delims==" %%x in ('"wmic path %spp% where (ApplicationID='%wApp%' and LicenseStatus='1') get Name /VALUE"') do echo Checking: %%x
echo Product is Permanently Activated.
exit /b
)
call :insKey %app%
exit /b
:OSPP
set spp=OfficeSoftwareProtectionProduct
set sps=OfficeSoftwareProtectionService
if %winbuild% LSS 9200 (set "aword=2010/2013/2016/2019") else (set "aword=2010")
if %OsppHook% NEQ 1 (echo.&echo No Installed Office %aword% Product Detected...&exit /b)
wmic path %spp% where (Description like '%%KMSCLIENT%%') get Name /VALUE %_Nul3% || (echo.&echo No Supported KMS Client Office %aword% Product Detected...&exit /b)
if %AUR% EQU 0 (
reg delete "HKLM\%OSPP%\59a52881-a989-479d-af46-f275c6370663" /f %_Nul3%
reg delete "HKLM\%OSPP%\0ff1ce15-a989-479d-af46-f275c6370663" /f %_Nul3%
)
for /f "tokens=2 delims==" %%A in ('"wmic path %sps% get Version /VALUE" %_Nul6%') do set ver=%%A
wmic path %sps% where version='%ver%' call SetKeyManagementServiceMachine MachineName="%KMS_IP%" %_Nul3%
wmic path %sps% where version='%ver%' call SetKeyManagementServicePort %KMS_Port% %_Nul3%
for /f "tokens=2 delims==" %%G in ('"wmic path %spp% where (Description like '%%KMSCLIENT%%') get ID /VALUE"') do (set app=%%G&call :osppchk)
if %AUR% EQU 0 (
call :cKMS %_Nul3%
call :cREG %_Nul3%
) else (
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceDnsPublishing 0 %_Nul3%
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceHostCaching 0 %_Nul3%
)
exit /b
:osppchk
wmic path %spp% where ID='%app%' get Name > "!_temp!\osppchk.txt"
find /i "Office 14" "!_temp!\osppchk.txt" %_Nul1% && (if %loc_off14% EQU 0 exit /b)
find /i "Office 15" "!_temp!\osppchk.txt" %_Nul1% && (if %loc_off15% EQU 0 exit /b)
find /i "Office 16" "!_temp!\osppchk.txt" %_Nul1% && (if %loc_off16% EQU 0 exit /b)
find /i "Office 19" "!_temp!\osppchk.txt" %_Nul1% && (if %loc_off19% EQU 0 exit /b)
set office=0
wmic path %spp% where (PartialProductKey is not NULL) get ID | findstr /i "%app%" %_Nul3% && (echo.&call :activate %app%&exit /b)
for /f "tokens=3 delims==, " %%G in ('"wmic path %spp% where ID='%app%' get Name /value"') do set OffVer=%%G
call :offchk%OffVer%
exit /b
:offchk
set ls=0
set ls2=0
for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where (Name like '%%Office%~2%%') get LicenseStatus /VALUE" %_Nul6%') do set /a ls=%%A
if "%~4" NEQ "" (
for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where (Name like '%%Office%~4%%') get LicenseStatus /VALUE" %_Nul6%') do set /a ls2=%%A
)
if "%ls2%" EQU "1" (
echo Checking: %~5
echo Product is Permanently Activated.
exit /b
)
if "%ls%" EQU "1" (
echo Checking: %~3
echo Product is Permanently Activated.
exit /b
)
call :insKey %app%
exit /b
:offchk19
if /i '%app%' EQU '0bc88885-718c-491d-921f-6f214349e79c' exit /b
if /i '%app%' EQU 'fc7c4d0c-2e85-4bb9-afd4-01ed1476b5e9' exit /b
if /i '%app%' EQU '500f6619-ef93-4b75-bcb4-82819998a3ca' exit /b
if /i '%app%' EQU '85dd8b5f-eaa4-4af3-a628-cce9e77c9a03' (
wmic path %spp% where 'PartialProductKey is not NULL' get ID | findstr /i "0bc88885-718c-491d-921f-6f214349e79c" %_Nul3% && (exit /b)
)
if /i '%app%' EQU '2ca2bf3f-949e-446a-82c7-e25a15ec78c4' (
wmic path %spp% where 'PartialProductKey is not NULL' get ID | findstr /i "fc7c4d0c-2e85-4bb9-afd4-01ed1476b5e9" %_Nul3% && (exit /b)
)
if /i '%app%' EQU '5b5cf08f-b81a-431d-b080-3450d8620565' (
wmic path %spp% where 'PartialProductKey is not NULL' get ID | findstr /i "500f6619-ef93-4b75-bcb4-82819998a3ca" %_Nul3% && (exit /b)
)
if /i '%app%' EQU '85dd8b5f-eaa4-4af3-a628-cce9e77c9a03' (
call :offchk "%app%" "19ProPlus2019VL_MAK_AE" "Office ProPlus 2019" "19ProPlus2019XC2RVL_MAKC2R" "Office ProPlus 2019 C2R"
exit /b
)
if /i '%app%' EQU '6912a74b-a5fb-401a-bfdb-2e3ab46f4b02' (
call :offchk "%app%" "19Standard2019VL_MAK_AE" "Office Standard 2019"
exit /b
)
if /i '%app%' EQU '2ca2bf3f-949e-446a-82c7-e25a15ec78c4' (
call :offchk "%app%" "19ProjectPro2019VL_MAK_AE" "Project Pro 2019" "19ProjectPro2019XC2RVL_MAKC2R" "Project Pro 2019 C2R"
exit /b
)
if /i '%app%' EQU '1777f0e3-7392-4198-97ea-8ae4de6f6381' (
call :offchk "%app%" "19ProjectStd2019VL_MAK_AE" "Project Standard 2019"
exit /b
)
if /i '%app%' EQU '5b5cf08f-b81a-431d-b080-3450d8620565' (
call :offchk "%app%" "19VisioPro2019VL_MAK_AE" "Visio Pro 2019" "19VisioPro2019XC2RVL_MAKC2R" "Visio Pro 2019 C2R"
exit /b
)
if /i '%app%' EQU 'e06d7df3-aad0-419d-8dfb-0ac37e2bdf39' (
call :offchk "%app%" "19VisioStd2019VL_MAK_AE" "Visio Standard 2019"
exit /b
)
call :insKey %app%
exit /b
:offchk16
if /i '%app%' EQU 'd450596f-894d-49e0-966a-fd39ed4c4c64' (
call :offchk "%app%" "16ProPlusVL_MAK" "Office ProPlus 2016"
exit /b
)
if /i '%app%' EQU 'dedfa23d-6ed1-45a6-85dc-63cae0546de6' (
call :offchk "%app%" "16StandardVL_MAK" "Office Standard 2016"
exit /b
)
if /i '%app%' EQU '4f414197-0fc2-4c01-b68a-86cbb9ac254c' (
call :offchk "%app%" "16ProjectProVL_MAK" "Project Pro 2016"
exit /b
)
if /i '%app%' EQU 'da7ddabc-3fbe-4447-9e01-6ab7440b4cd4' (
call :offchk "%app%" "16ProjectStdVL_MAK" "Project Standard 2016"
exit /b
)
if /i '%app%' EQU '6bf301c1-b94a-43e9-ba31-d494598c47fb' (
call :offchk "%app%" "16VisioProVL_MAK" "Visio Pro 2016"
exit /b
)
if /i '%app%' EQU 'aa2a7821-1827-4c2c-8f1d-4513a34dda97' (
call :offchk "%app%" "16VisioStdVL_MAK" "Visio Standard 2016"
exit /b
)
if /i '%app%' EQU '829b8110-0e6f-4349-bca4-42803577788d' (
call :offchk "%app%" "16ProjectProXC2RVL_MAKC2R" "Project Pro 2016 C2R"
exit /b
)
if /i '%app%' EQU 'cbbaca45-556a-4416-ad03-bda598eaa7c8' (
call :offchk "%app%" "16ProjectStdXC2RVL_MAKC2R" "Project Standard 2016 C2R"
exit /b
)
if /i '%app%' EQU 'b234abe3-0857-4f9c-b05a-4dc314f85557' (
call :offchk "%app%" "16VisioProXC2RVL_MAKC2R" "Visio Pro 2016 C2R"
exit /b
)
if /i '%app%' EQU '361fe620-64f4-41b5-ba77-84f8e079b1f7' (
call :offchk "%app%" "16VisioStdXC2RVL_MAKC2R" "Visio Standard 2016 C2R"
exit /b
)
call :insKey %app%
exit /b
:offchk15
if /i '%app%' EQU 'b322da9c-a2e2-4058-9e4e-f59a6970bd69' (
call :offchk "%app%" "ProPlusVL_MAK" "Office ProPlus 2013"
exit /b
)
if /i '%app%' EQU 'b13afb38-cd79-4ae5-9f7f-eed058d750ca' (
call :offchk "%app%" "StandardVL_MAK" "Office Standard 2013"
exit /b
)
if /i '%app%' EQU '4a5d124a-e620-44ba-b6ff-658961b33b9a' (
call :offchk "%app%" "ProjectProVL_MAK" "Project Pro 2013"
exit /b
)
if /i '%app%' EQU '427a28d1-d17c-4abf-b717-32c780ba6f07' (
call :offchk "%app%" "ProjectStdVL_MAK" "Project Standard 2013"
exit /b
)
if /i '%app%' EQU 'e13ac10e-75d0-4aff-a0cd-764982cf541c' (
call :offchk "%app%" "VisioProVL_MAK" "Visio Pro 2013"
exit /b
)
if /i '%app%' EQU 'ac4efaf0-f81f-4f61-bdf7-ea32b02ab117' (
call :offchk "%app%" "VisioStdVL_MAK" "Visio Standard 2013"
exit /b
)
call :insKey %app%
exit /b
:offchk14
set "vPrem="&set "vPro="
for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where (Name like '%%OfficeVisioPrem-MAK%%') get LicenseStatus /VALUE" %_Nul6%') do set vPrem=%%A
for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where (Name like '%%OfficeVisioPro-MAK%%') get LicenseStatus /VALUE" %_Nul6%') do set vPro=%%A
if /i '%app%' EQU '6f327760-8c5c-417c-9b61-836a98287e0c' (
call :offchk "%app%" "ProPlus-MAK" "Office ProPlus 2010" "ProPlusAcad-MAK" "Office Professional Academic 2010"
exit /b
)
if /i '%app%' EQU '9da2a678-fb6b-4e67-ab84-60dd6a9c819a' (
call :offchk "%app%" "Standard-MAK" "Office Standard 2010"
exit /b
)
if /i '%app%' EQU 'ea509e87-07a1-4a45-9edc-eba5a39f36af' (
call :offchk "%app%" "SmallBusBasics-MAK" "Office Home and Business 2010"
exit /b
)
if /i '%app%' EQU 'df133ff7-bf14-4f95-afe3-7b48e7e331ef' (
call :offchk "%app%" "ProjectPro-MAK" "Project Pro 2010"
exit /b
)
if /i '%app%' EQU '5dc7bf61-5ec9-4996-9ccb-df806a2d0efe' (
call :offchk "%app%" "ProjectStd-MAK" "Project Standard 2010"
exit /b
)
if /i '%app%' EQU '92236105-bb67-494f-94c7-7f7a607929bd' (
call :offchk "%app%" "VisioPrem-MAK" "Visio Premium 2010" "VisioPro-MAK" "Visio Pro 2010"
exit /b
)
if defined vPrem exit /b
if /i '%app%' EQU 'e558389c-83c3-4b29-adfe-5e4d7f46c358' (
call :offchk "%app%" "VisioPro-MAK" "Visio Pro 2010" "VisioStd-MAK" "Visio Standard 2010"
exit /b
)
if defined vPro exit /b
if /i '%app%' EQU '9ed833ff-4f92-4f36-b370-8683a4f13275' (
call :offchk "%app%" "VisioStd-MAK" "Visio Standard 2010"
exit /b
)
call :insKey %app%
exit /b
:officeLoc
set loc_off%1=0
if %1 EQU 19 (
if defined _C2R reg query %_C2R% /v ProductReleaseIds %_Nul2% | findstr 2019 %_Nul1% && set loc_off%1=1
exit /b
)
for /f "tokens=2*" %%a in ('"reg query HKLM\SOFTWARE\Microsoft\Office\%1.0\Common\InstallRoot /v Path" %_Nul6%') do if exist "%%b\OSPP.VBS" set loc_off%1=1
for /f "tokens=2*" %%a in ('"reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\%1.0\Common\InstallRoot /v Path" %_Nul6%') do if exist "%%b\OSPP.VBS" set loc_off%1=1
if %1 EQU 16 if defined _C2R (
for /f "skip=2 tokens=2*" %%a in ('reg query %_C2R% /v ProductReleaseIds') do echo %%b> "!_temp!\c2rchk.txt"
for %%a in (Mondo,ProPlus,Standard,ProjectProX,ProjectStdX,ProjectPro,ProjectStd,VisioProX,VisioStdX,VisioPro,VisioStd,Access,Excel,OneNote,Outlook,PowerPoint,Publisher,SkypeforBusiness,Word) do (
findstr /I /C:"%%aVolume" "!_temp!\c2rchk.txt" %_Nul1% && set loc_off%1=1
findstr /I /C:"%%aRetail" "!_temp!\c2rchk.txt" %_Nul1% && set loc_off%1=1
)
exit /b
)
if exist "%ProgramFiles%\Microsoft Office\Office%1\OSPP.VBS" set loc_off%1=1
if exist "%ProgramFiles(x86)%\Microsoft Office\Office%1\OSPP.VBS" set loc_off%1=1
exit /b
:insKey
echo.
set "key="
for /f "tokens=2 delims==" %%A in ('"wmic path %spp% where ID='%1' get Name /VALUE"') do echo Installing Key for: %%A
call :keys %1
if "%key%" EQU "" (echo Could not find matching KMS Client key&exit /b)
wmic path %sps% where version='%ver%' call InstallProductKey ProductKey="%key%" %_Nul3%
set ERRORCODE=%ERRORLEVEL%
if %ERRORCODE% NEQ 0 (
cmd /c exit /b %ERRORCODE%
echo Failed: 0x!=ExitCode!
exit /b
)
:activate
wmic path %spp% where ID='%1' call ClearKeyManagementServiceMachine %_Nul3%
wmic path %spp% where ID='%1' call ClearKeyManagementServicePort %_Nul3%
if %W1nd0ws% EQU 0 if %office% EQU 0 if %sps% EQU SoftwareLicensingService (
wmic path %spp% where ID='%1' call SetKeyManagementServiceMachine MachineName="127.0.0.2" %_Nul3%
wmic path %spp% where ID='%1' call SetKeyManagementServicePort %KMS_Port% %_Nul3%
for /f "tokens=2 delims==" %%x in ('"wmic path %spp% where ID='%1' get Name /VALUE"') do echo Checking: %%x
echo Product is KMS 2038 Activated.
exit /b
)
for /f "tokens=2 delims==" %%x in ('"wmic path %spp% where ID='%1' get Name /VALUE"') do echo Activating: %%x
wmic path %spp% where ID='%1' call Activate %_Nul3%
call set ERRORCODE=%ERRORLEVEL%
if %ERRORCODE% NEQ 0 (
if %sps% EQU SoftwareLicensingService (call :StopService sppsvc) else (call :StopService osppsvc)
wmic path %spp% where ID='%1' call Activate %_Nul3%
call set ERRORCODE=!ERRORLEVEL!
)
if %sps% EQU SoftwareLicensingService wmic path %sps% where version='%ver%' call RefreshLicenseStatus %_Nul3%
for /f "tokens=2 delims==" %%x in ('"wmic path %spp% where ID='%1' get GracePeriodRemaining /VALUE"') do (set gpr=%%x&set /a gpr2=%%x/1440)
if %gpr% EQU 43200 if %office% EQU 0 if %winbuild% GEQ 9200 (
%EchoGreen% Windows Core/ProfessionalWMC Activation Successful
echo Remaining Period: 30 days ^(%gpr% minutes^)
exit /b
)
if %gpr% EQU 64800 (
%EchoGreen% Windows Core/ProfessionalWMC Activation Successful
echo Remaining Period: 45 days ^(%gpr% minutes^)
exit /b
)
if %gpr% GTR 259200 if %Win10Gov% EQU 1 (
%EchoGreen% Windows 10 %EditionID% Activation Successful
echo Remaining Period: %gpr2% days ^(%gpr% minutes^)
exit /b
)
if %gpr% EQU 259200 (
%EchoGreen% Product Activation Successful
) else (
cmd /c exit /b %ERRORCODE%
%EchoRed% Product Activation Failed: 0x!=ExitCode!
set activation_ok=0
)
echo Remaining Period: %gpr2% days ^(%gpr% minutes^)
exit /b
:StopService
sc query %1 | find /i "STOPPED" %_Nul1% || net stop %1 /y %_Nul3%
sc query %1 | find /i "STOPPED" %_Nul1% || sc stop %1 %_Nul3%
goto :eof
:InstallHook
for %%# in (SppExtComObjHookAvrf.dll,SppExtComObjHook.dll,SppExtComObjPatcher.dll,SppExtComObjPatcher.exe) do (
if exist "%SystemRoot%\system32\%%#" del /f /q "%SystemRoot%\system32\%%#" %_Nul3%
)
mklink "%SystemRoot%\system32\SppExtComObjHook.dll" "!_work!\bin\!xOS!.dll" %_Nul3%
set ERRORCODE=%ERRORLEVEL%
if %ERRORCODE% NEQ 0 goto :E_SYM
set AclReset=0
icacls "%SystemRoot%\system32\SppExtComObjHook.dll" /findsid *S-1-5-32-545 %_Nul2% | find /i "SppExtComObjHook.dll" %_Nul1% || (
set AclReset=1
icacls "%SystemRoot%\system32\SppExtComObjHook.dll" /grant *S-1-5-32-545:RX %_Nul3%
)
if %OSType% EQU Win8 call :CreateIFEOEntry SppExtComObj.exe
if %OSType% EQU Win7 if %SppHook% NEQ 0 call :CreateIFEOEntry sppsvc.exe
if %OsppHook% NEQ 0 call :CreateIFEOEntry osppsvc.exe
goto :eof
:UninstallHook
if %AclReset% EQU 1 icacls "%SystemRoot%\system32\SppExtComObjHook.dll" /reset %_Nul3%
if exist "%SystemRoot%\system32\SppExtComObjHook.dll" del /f /q "%SystemRoot%\system32\SppExtComObjHook.dll" %_Nul3%
if %OSType% EQU Win8 call :RemoveIFEOEntry SppExtComObj.exe
if %OSType% EQU Win7 if %SppHook% NEQ 0 call :RemoveIFEOEntry sppsvc.exe
if %OsppHook% NEQ 0 call :RemoveIFEOEntry osppsvc.exe
goto :eof
:CreateIFEOEntry
reg delete "%IFEO%\%1" /f /v Debugger %_Nul3%
reg add "%IFEO%\%1" /f /v VerifierDlls /t REG_SZ /d "SppExtComObjHook.dll" %_Nul3%
reg add "%IFEO%\%1" /f /v GlobalFlag /t REG_DWORD /d 256 %_Nul3%
reg add "%IFEO%\%1" /f /v KMS_Emulation /t REG_DWORD /d %KMS_Emulation% %_Nul3%
reg add "%IFEO%\%1" /f /v KMS_ActivationInterval /t REG_DWORD /d %KMS_ActivationInterval% %_Nul3%
reg add "%IFEO%\%1" /f /v KMS_RenewalInterval /t REG_DWORD /d %KMS_RenewalInterval% %_Nul3%
if /i %1 EQU SppExtComObj.exe if %winbuild% GEQ 9600 (
reg add "%IFEO%\%1" /f /v KMS_HWID /t REG_QWORD /d "%KMS_HWID%" %_Nul3%
)
goto :eof
:RemoveIFEOEntry
if /i %1 NEQ osppsvc.exe (
reg delete "%IFEO%\%1" /f %_Nul3%
goto :eof
)
if %OsppHook% NEQ 1 if /i %1 EQU osppsvc.exe (
reg delete "%IFEO%\%1" /f %_Nul3%
goto :eof
)
for %%A in (VerifierDlls,GlobalFlag,Debugger,KMS_Emulation,KMS_ActivationInterval,KMS_RenewalInterval,Office2010,Office2013,Office2016,Office2019) do reg delete "%IFEO%\%1" /v %%A /f %_Nul3%
reg delete "HKLM\%OSPP%" /v KeyManagementServiceName /f %_Nul3%
reg delete "HKLM\%OSPP%" /v KeyManagementServicePort /f %_Nul3%
goto :eof
:UpdateIFEOEntry
reg query "%IFEO%\%1" /v KMS_Emulation %_Nul3% || goto :eof
reg add "%IFEO%\%1" /f /v KMS_ActivationInterval /t REG_DWORD /d %KMS_ActivationInterval% %_Nul3%
reg add "%IFEO%\%1" /f /v KMS_RenewalInterval /t REG_DWORD /d %KMS_RenewalInterval% %_Nul3%
if /i %1 EQU SppExtComObj.exe if %winbuild% GEQ 9600 reg add "%IFEO%\%1" /f /v KMS_HWID /t REG_QWORD /d "%KMS_HWID%" %_Nul3%
:UpdateOSPPEntry
if /i %1 EQU osppsvc.exe (
reg add "HKLM\%OSPP%" /f /v KeyManagementServiceName /t REG_SZ /d %KMS_IP% %_Nul3%
reg add "HKLM\%OSPP%" /f /v KeyManagementServicePort /t REG_SZ /d %KMS_Port% %_Nul3%
)
goto :eof
:cKMS
wmic path %sps% where version='%ver%' call ClearKeyManagementServiceMachine
wmic path %sps% where version='%ver%' call ClearKeyManagementServicePort
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceDnsPublishing 1
wmic path %sps% where version='%ver%' call DisableKeyManagementServiceHostCaching 1
goto :eof
:cREG
reg delete "HKLM\%SPPk%\55c92734-d682-4d71-983e-d6ec3f16059f" /f
reg delete "HKLM\%SPPk%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%SPPk%" /f /v KeyManagementServiceName
reg delete "HKLM\%SPPk%" /f /v KeyManagementServicePort
reg delete "HKU\S-1-5-20\%SPPk%\55c92734-d682-4d71-983e-d6ec3f16059f" /f
reg delete "HKU\S-1-5-20\%SPPk%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%\59a52881-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%\0ff1ce15-a989-479d-af46-f275c6370663" /f
reg delete "HKLM\%OSPP%" /f /v KeyManagementServiceName
reg delete "HKLM\%OSPP%" /f /v KeyManagementServicePort
if %OsppHook% NEQ 1 (
reg delete "HKLM\%OSPP%" /f
reg delete "HKU\S-1-5-20\%OSPP%" /f
)
goto :eof
:keys
if "%~1"=="" exit /b
goto :%1 %_Nul2% || exit /b
:: Windows 10 [RS5]
:32d2fab3-e4a8-42c2-923b-4bf4fd13e6ee
set "key=M7XTQ-FN8P6-TTKYV-9D4CC-J462D" &:: Enterprise LTSC 2019
exit /b
:7103a333-b8c8-49cc-93ce-d37c09687f92
set "key=92NFX-8DJQP-P6BBQ-THF9C-7CG2H" &:: Enterprise LTSC 2019 N
exit /b
:ec868e65-fadf-4759-b23e-93fe37f2cc29
set "key=CPWHC-NT2C7-VYW78-DHDB2-PG3GK" &:: Enterprise for Virtual Desktops
exit /b
:0df4f814-3f57-4b8b-9a9d-fddadcd69fac
set "key=NBTWJ-3DR69-3C4V8-C26MC-GQ9M6" &:: Lean
exit /b
:: Windows 10 [RS3]
:82bbc092-bc50-4e16-8e18-b74fc486aec3
set "key=NRG8B-VKK3Q-CXVCJ-9G2XF-6Q84J" &:: Pro Workstation
exit /b
:4b1571d3-bafb-4b40-8087-a961be2caf65
set "key=9FNHH-K3HBT-3W4TD-6383H-6XYWF" &:: Pro Workstation N
exit /b
:e4db50ea-bda1-4566-b047-0ca50abc6f07
set "key=7NBT4-WGBQX-MP4H7-QXFF8-YP3KX" &:: Enterprise Remote Server
exit /b
:: Windows 10 [RS2]
:e0b2d383-d112-413f-8a80-97f373a5820c
set "key=YYVX9-NTFWV-6MDM3-9PT4T-4M68B" &:: Enterprise G
exit /b
:e38454fb-41a4-4f59-a5dc-25080e354730
set "key=44RPN-FTY23-9VTTB-MP9BX-T84FV" &:: Enterprise G N
exit /b
:: Windows 10 [RS1]
:2d5a5a60-3040-48bf-beb0-fcd770c20ce0
set "key=DCPHK-NFMTC-H88MJ-PFHPY-QJ4BJ" &:: Enterprise 2016 LTSB
exit /b
:9f776d83-7156-45b2-8a5c-359b9c9f22a3
set "key=QFFDN-GRT3P-VKWWX-X7T3R-8B639" &:: Enterprise 2016 LTSB N
exit /b
:3f1afc82-f8ac-4f6c-8005-1d233e606eee
set "key=6TP4R-GNPTD-KYYHQ-7B7DP-J447Y" &:: Pro Education
exit /b
:5300b18c-2e33-4dc2-8291-47ffcec746dd
set "key=YVWGF-BXNMC-HTQYQ-CPQ99-66QFC" &:: Pro Education N
exit /b
:: Windows 10 [TH]
:58e97c99-f377-4ef1-81d5-4ad5522b5fd8
set "key=TX9XD-98N7V-6WMQ6-BX7FG-H8Q99" &:: Home
exit /b
:7b9e1751-a8da-4f75-9560-5fadfe3d8e38
set "key=3KHY7-WNT83-DGQKR-F7HPR-844BM" &:: Home N
exit /b
:cd918a57-a41b-4c82-8dce-1a538e221a83
set "key=7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH" &:: Home Single Language
exit /b
:a9107544-f4a0-4053-a96a-1479abdef912
set "key=PVMJN-6DFY6-9CCP6-7BKTT-D3WVR" &:: Home China
exit /b
:2de67392-b7a7-462a-b1ca-108dd189f588
set "key=W269N-WFGWX-YVC9B-4J6C9-T83GX" &:: Pro
exit /b
:a80b5abf-76ad-428b-b05d-a47d2dffeebf
set "key=MH37W-N47XK-V7XM9-C7227-GCQG9" &:: Pro N
exit /b
:e0c42288-980c-4788-a014-c080d2e1926e
set "key=NW6C2-QMPVW-D7KKK-3GKT6-VCFB2" &:: Education
exit /b
:3c102355-d027-42c6-ad23-2e7ef8a02585
set "key=2WH4N-8QGBV-H22JP-CT43Q-MDWWJ" &:: Education N
exit /b
:73111121-5638-40f6-bc11-f1d7b0d64300
set "key=NPPR9-FWDCX-D2C8J-H872K-2YT43" &:: Enterprise
exit /b
:e272e3e2-732f-4c65-a8f0-484747d0d947
set "key=DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4" &:: Enterprise N
exit /b
:7b51a46c-0c04-4e8f-9af4-8496cca90d5e
set "key=WNMTR-4C88C-JK8YV-HQ7T2-76DF9" &:: Enterprise 2015 LTSB
exit /b
:87b838b7-41b6-4590-8318-5797951d8529
set "key=2F77B-TNFGY-69QQF-B8YKP-D69TJ" &:: Enterprise 2015 LTSB N
exit /b
:: Windows Server 2019 [RS5]
:de32eafd-aaee-4662-9444-c1befb41bde2
set "key=N69G4-B89J2-4G8F4-WWYCC-J464C" &:: Standard
exit /b
:34e1ae55-27f8-4950-8877-7a03be5fb181
set "key=WMDGN-G9PQG-XVVXX-R3X43-63DFG" &:: Datacenter
exit /b
:034d3cbb-5d4b-4245-b3f8-f84571314078
set "key=WVDHN-86M7X-466P6-VHXV7-YY726" &:: Essentials
exit /b
:a99cc1f0-7719-4306-9645-294102fbff95
set "key=FDNH6-VW9RW-BXPJ7-4XTYG-239TB" &:: Azure Core
exit /b
:73e3957c-fc0c-400d-9184-5f7b6f2eb409
set "key=N2KJX-J94YW-TQVFB-DG9YT-724CC" &:: Standard ACor
exit /b
:90c362e5-0da1-4bfd-b53b-b87d309ade43
set "key=6NMRW-2C8FM-D24W7-TQWMY-CWH2D" &:: Datacenter ACor
exit /b
:8de8eb62-bbe0-40ac-ac17-f75595071ea3
set "key=GRFBW-QNDC4-6QBHG-CCK3B-2PR88" &:: ServerARM64
exit /b
:: Windows Server 2016 [RS4]
:43d9af6e-5e86-4be8-a797-d072a046896c
set "key=K9FYF-G6NCK-73M32-XMVPY-F9DRR" &:: ServerARM64
exit /b
:: Windows Server 2016 [RS3]
:61c5ef22-f14f-4553-a824-c4b31e84b100
set "key=PTXN8-JFHJM-4WC78-MPCBR-9W4KR" &:: Standard ACor
exit /b
:e49c08e7-da82-42f8-bde2-b570fbcae76c
set "key=2HXDN-KRXHB-GPYC7-YCKFJ-7FVDG" &:: Datacenter ACor
exit /b
:: Windows Server 2016 [RS1]
:8c1c5410-9f39-4805-8c9d-63a07706358f
set "key=WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY" &:: Standard
exit /b
:21c56779-b449-4d20-adfc-eece0e1ad74b
set "key=CB7KF-BWN84-R7R2Y-793K2-8XDDG" &:: Datacenter
exit /b
:2b5a1b0f-a5ab-4c54-ac2f-a6d94824a283
set "key=JCKRF-N37P4-C2D82-9YXRT-4M63B" &:: Essentials
exit /b
:7b4433f4-b1e7-4788-895a-c45378d38253
set "key=QN4C6-GBJD2-FB422-GHWJK-GJG2R" &:: Cloud Storage
exit /b
:3dbf341b-5f6c-4fa7-b936-699dce9e263f
set "key=VP34G-4NPPG-79JTQ-864T4-R3MQX" &:: Azure Core
exit /b
:: Windows 8.1
:fe1c3238-432a-43a1-8e25-97e7d1ef10f3
set "key=M9Q9P-WNJJT-6PXPY-DWX8H-6XWKK" &:: Core
exit /b
:78558a64-dc19-43fe-a0d0-8075b2a370a3
set "key=7B9N3-D94CG-YTVHR-QBPX3-RJP64" &:: Core N
exit /b
:c72c6a1d-f252-4e7e-bdd1-3fca342acb35
set "key=BB6NG-PQ82V-VRDPW-8XVD2-V8P66" &:: Core Single Language
exit /b
:db78b74f-ef1c-4892-abfe-1e66b8231df6
set "key=NCTT7-2RGK8-WMHRF-RY7YQ-JTXG3" &:: Core China
exit /b
:ffee456a-cd87-4390-8e07-16146c672fd0
set "key=XYTND-K6QKT-K2MRH-66RTM-43JKP" &:: Core ARM
exit /b
:c06b6981-d7fd-4a35-b7b4-054742b7af67
set "key=GCRJD-8NW9H-F2CDX-CCM8D-9D6T9" &:: Pro
exit /b
:7476d79f-8e48-49b4-ab63-4d0b813a16e4
set "key=HMCNV-VVBFX-7HMBH-CTY9B-B4FXY" &:: Pro N
exit /b
:096ce63d-4fac-48a9-82a9-61ae9e800e5f
set "key=789NJ-TQK6T-6XTH8-J39CJ-J8D3P" &:: Pro with Media Center
exit /b
:81671aaf-79d1-4eb1-b004-8cbbe173afea
set "key=MHF9N-XY6XB-WVXMC-BTDCT-MKKG7" &:: Enterprise
exit /b
:113e705c-fa49-48a4-beea-7dd879b46b14
set "key=TT4HM-HN7YT-62K67-RGRQJ-JFFXW" &:: Enterprise N
exit /b
:0ab82d54-47f4-4acb-818c-cc5bf0ecb649
set "key=NMMPB-38DD4-R2823-62W8D-VXKJB" &:: Embedded Industry Pro
exit /b
:cd4e2d9f-5059-4a50-a92d-05d5bb1267c7
set "key=FNFKF-PWTVT-9RC8H-32HB2-JB34X" &:: Embedded Industry Enterprise
exit /b
:f7e88590-dfc7-4c78-bccb-6f3865b99d1a
set "key=VHXM3-NR6FT-RY6RT-CK882-KW2CJ" &:: Embedded Industry Automotive
exit /b
:e9942b32-2e55-4197-b0bd-5ff58cba8860
set "key=3PY8R-QHNP9-W7XQD-G6DPH-3J2C9" &:: with Bing
exit /b
:c6ddecd6-2354-4c19-909b-306a3058484e
set "key=Q6HTR-N24GM-PMJFP-69CD8-2GXKR" &:: with Bing N
exit /b
:b8f5e3a3-ed33-4608-81e1-37d6c9dcfd9c
set "key=KF37N-VDV38-GRRTV-XH8X6-6F3BB" &:: with Bing Single Language
exit /b
:ba998212-460a-44db-bfb5-71bf09d1c68b
set "key=R962J-37N87-9VVK2-WJ74P-XTMHR" &:: with Bing China
exit /b
:e58d87b5-8126-4580-80fb-861b22f79296
set "key=MX3RK-9HNGX-K3QKC-6PJ3F-W8D7B" &:: Pro for Students
exit /b
:cab491c7-a918-4f60-b502-dab75e334f40
set "key=TNFGH-2R6PB-8XM3K-QYHX2-J4296" &:: Pro for Students N
exit /b
:: Windows Server 2012 R2
:b3ca044e-a358-4d68-9883-aaa2941aca99
set "key=D2N9P-3P6X9-2R39C-7RTCD-MDVJX" &:: Standard
exit /b
:00091344-1ea4-4f37-b789-01750ba6988c
set "key=W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9" &:: Datacenter
exit /b
:21db6ba4-9a7b-4a14-9e29-64a60c59301d
set "key=KNC87-3J2TX-XB4WP-VCPJV-M4FWM" &:: Essentials
exit /b
:b743a2be-68d4-4dd3-af32-92425b7bb623
set "key=3NPTF-33KPT-GGBPR-YX76B-39KDD" &:: Cloud Storage
exit /b
:: Windows 8
:c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60
set "key=BN3D2-R7TKB-3YPBD-8DRP2-27GG4" &:: Core
exit /b
:197390a0-65f6-4a95-bdc4-55d58a3b0253
set "key=8N2M2-HWPGY-7PGT9-HGDD8-GVGGY" &:: Core N
exit /b
:8860fcd4-a77b-4a20-9045-a150ff11d609
set "key=2WN2H-YGCQR-KFX6K-CD6TF-84YXQ" &:: Core Single Language
exit /b
:9d5584a2-2d85-419a-982c-a00888bb9ddf
set "key=4K36P-JN4VD-GDC6V-KDT89-DYFKP" &:: Core China
exit /b
:af35d7b7-5035-4b63-8972-f0b747b9f4dc
set "key=DXHJF-N9KQX-MFPVR-GHGQK-Y7RKV" &:: Core ARM
exit /b
:a98bcd6d-5343-4603-8afe-5908e4611112
set "key=NG4HW-VH26C-733KW-K6F98-J8CK4" &:: Pro
exit /b
:ebf245c1-29a8-4daf-9cb1-38dfc608a8c8
set "key=XCVCF-2NXM9-723PB-MHCB7-2RYQQ" &:: Pro N
exit /b
:a00018a3-f20f-4632-bf7c-8daa5351c914
set "key=GNBB8-YVD74-QJHX6-27H4K-8QHDG" &:: Pro with Media Center
exit /b
:458e1bec-837a-45f6-b9d5-925ed5d299de
set "key=32JNW-9KQ84-P47T8-D8GGY-CWCK7" &:: Enterprise
exit /b
:e14997e7-800a-4cf7-ad10-de4b45b578db
set "key=JMNMF-RHW7P-DMY6X-RF3DR-X2BQT" &:: Enterprise N
exit /b
:10018baf-ce21-4060-80bd-47fe74ed4dab
set "key=RYXVT-BNQG7-VD29F-DBMRY-HT73M" &:: Embedded Industry Pro
exit /b
:18db1848-12e0-4167-b9d7-da7fcda507db
set "key=NKB3R-R2F8T-3XCDP-7Q2KW-XWYQ2" &:: Embedded Industry Enterprise
exit /b
:: Windows Server 2012
:f0f5ec41-0d55-4732-af02-440a44a3cf0f
set "key=XC9B7-NBPP2-83J2H-RHMBY-92BT4" &:: Standard
exit /b
:d3643d60-0c42-412d-a7d6-52e6635327f6
set "key=48HP8-DN98B-MYWDG-T2DCC-8W83P" &:: Datacenter
exit /b
:7d5486c7-e120-4771-b7f1-7b56c6d3170c
set "key=HM7DN-YVMH3-46JC3-XYTG7-CYQJJ" &:: MultiPoint Standard
exit /b
:95fd1c83-7df5-494a-be8b-1300e1c9d1cd
set "key=XNH6W-2V9GX-RGJ4K-Y8X6F-QGJ2G" &:: MultiPoint Premium
exit /b
:: Windows 7
:b92e9980-b9d5-4821-9c94-140f632f6312
set "key=FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4" &:: Professional
exit /b
:54a09a0d-d57b-4c10-8b69-a842d6590ad5
set "key=MRPKT-YTG23-K7D7T-X2JMM-QY7MG" &:: Professional N
exit /b
:5a041529-fef8-4d07-b06f-b59b573b32d2
set "key=W82YF-2Q76Y-63HXB-FGJG9-GF7QX" &:: Professional E
exit /b
:ae2ee509-1b34-41c0-acb7-6d4650168915
set "key=33PXH-7Y6KF-2VJC9-XBBR8-HVTHH" &:: Enterprise
exit /b
:1cb6d605-11b3-4e14-bb30-da91c8e3983a
set "key=YDRBP-3D83W-TY26F-D46B2-XCKRJ" &:: Enterprise N
exit /b
:46bbed08-9c7b-48fc-a614-95250573f4ea
set "key=C29WB-22CC8-VJ326-GHFJW-H9DH4" &:: Enterprise E
exit /b
:db537896-376f-48ae-a492-53d0547773d0
set "key=YBYF6-BHCR3-JPKRB-CDW7B-F9BK4" &:: Embedded POSReady 7
exit /b
:e1a8296a-db37-44d1-8cce-7bc961d59c54
set "key=XGY72-BRBBT-FF8MH-2GG8H-W7KCW" &:: Embedded Standard
exit /b
:aa6dd3aa-c2b4-40e2-a544-a6bbb3f5c395
set "key=73KQT-CD9G6-K7TQG-66MRP-CQ22C" &:: Embedded ThinPC
exit /b
:: Windows Server 2008 R2
:a78b8bd9-8017-4df5-b86a-09f756affa7c
set "key=6TPJF-RBVHG-WBW2R-86QPH-6RTM4" &:: Web
exit /b
:cda18cf3-c196-46ad-b289-60c072869994
set "key=TT8MH-CG224-D3D7Q-498W2-9QCTX" &:: HPC
exit /b
:68531fb9-5511-4989-97be-d11a0f55633f
set "key=YC6KT-GKW9T-YTKYR-T4X34-R7VHC" &:: Standard
exit /b
:7482e61b-c589-4b7f-8ecc-46d455ac3b87
set "key=74YFP-3QFB3-KQT8W-PMXWJ-7M648" &:: Datacenter
exit /b
:620e2b3d-09e7-42fd-802a-17a13652fe7a
set "key=489J6-VHDMP-X63PK-3K798-CPX3Y" &:: Enterprise
exit /b
:8a26851c-1c7e-48d3-a687-fbca9b9ac16b
set "key=GT63C-RJFQ3-4GMB6-BRFB9-CB83V" &:: Itanium
exit /b
:f772515c-0e87-48d5-a676-e6962c3e1195
set "key=736RG-XDKJK-V34PF-BHK87-J6X3K" &:: MultiPoint Server
exit /b
:: Office 2019
:0bc88885-718c-491d-921f-6f214349e79c
set "key=VQ9DP-NVHPH-T9HJC-J9PDT-KTQRG" &:: Professional Plus C2R-P
exit /b
:fc7c4d0c-2e85-4bb9-afd4-01ed1476b5e9
set "key=XM2V9-DN9HH-QB449-XDGKC-W2RMW" &:: Project Professional C2R-P
exit /b
:500f6619-ef93-4b75-bcb4-82819998a3ca
set "key=N2CG9-YD3YK-936X4-3WR82-Q3X4H" &:: Visio Professional C2R-P
exit /b
:85dd8b5f-eaa4-4af3-a628-cce9e77c9a03
set "key=NMMKJ-6RK4F-KMJVX-8D9MJ-6MWKP" &:: Professional Plus
exit /b
:6912a74b-a5fb-401a-bfdb-2e3ab46f4b02
set "key=6NWWJ-YQWMR-QKGCB-6TMB3-9D9HK" &:: Standard
exit /b
:2ca2bf3f-949e-446a-82c7-e25a15ec78c4
set "key=B4NPR-3FKK7-T2MBV-FRQ4W-PKD2B" &:: Project Professional
exit /b
:1777f0e3-7392-4198-97ea-8ae4de6f6381
set "key=C4F7P-NCP8C-6CQPT-MQHV9-JXD2M" &:: Project Standard
exit /b
:5b5cf08f-b81a-431d-b080-3450d8620565
set "key=9BGNQ-K37YR-RQHF2-38RQ3-7VCBB" &:: Visio Professional
exit /b
:e06d7df3-aad0-419d-8dfb-0ac37e2bdf39
set "key=7TQNQ-K3YQQ-3PFH7-CCPPM-X4VQ2" &:: Visio Standard
exit /b
:9e9bceeb-e736-4f26-88de-763f87dcc485
set "key=9N9PT-27V4Y-VJ2PD-YXFMF-YTFQT" &:: Access
exit /b
:237854e9-79fc-4497-a0c1-a70969691c6b
set "key=TMJWT-YYNMB-3BKTF-644FC-RVXBD" &:: Excel
exit /b
:c8f8a301-19f5-4132-96ce-2de9d4adbd33
set "key=7HD7K-N4PVK-BHBCQ-YWQRW-XW4VK" &:: Outlook
exit /b
:3131fd61-5e4f-4308-8d6d-62be1987c92c
set "key=RRNCX-C64HY-W2MM7-MCH9G-TJHMQ" &:: PowerPoint
exit /b
:9d3e4cca-e172-46f1-a2f4-1d2107051444
set "key=G2KWX-3NW6P-PY93R-JXK2T-C9Y9V" &:: Publisher
exit /b
:734c6c6e-b0ba-4298-a891-671772b2bd1b
set "key=NCJ33-JHBBY-HTK98-MYCV8-HMKHJ" &:: Skype for Business
exit /b
:059834fe-a8ea-4bff-b67b-4d006b5447d3
set "key=PBX3G-NWMT6-Q7XBW-PYJGG-WXD33" &:: Word
exit /b
:: Office 2016
:829b8110-0e6f-4349-bca4-42803577788d
set "key=WGT24-HCNMF-FQ7XH-6M8K7-DRTW9" &:: Project Professional C2R-P
exit /b
:cbbaca45-556a-4416-ad03-bda598eaa7c8
set "key=D8NRQ-JTYM3-7J2DX-646CT-6836M" &:: Project Standard C2R-P
exit /b
:b234abe3-0857-4f9c-b05a-4dc314f85557
set "key=69WXN-MBYV6-22PQG-3WGHK-RM6XC" &:: Visio Professional C2R-P
exit /b
:361fe620-64f4-41b5-ba77-84f8e079b1f7
set "key=NY48V-PPYYH-3F4PX-XJRKJ-W4423" &:: Visio Standard C2R-P
exit /b
:e914ea6e-a5fa-4439-a394-a9bb3293ca09
set "key=DMTCJ-KNRKX-26982-JYCKT-P7KB6" &:: MondoR
exit /b
:9caabccb-61b1-4b4b-8bec-d10a3c3ac2ce
set "key=HFTND-W9MK4-8B7MJ-B6C4G-XQBR2" &:: Mondo
exit /b
:d450596f-894d-49e0-966a-fd39ed4c4c64
set "key=XQNVK-8JYDB-WJ9W3-YJ8YR-WFG99" &:: Professional Plus
exit /b
:dedfa23d-6ed1-45a6-85dc-63cae0546de6
set "key=JNRGM-WHDWX-FJJG3-K47QV-DRTFM" &:: Standard
exit /b
:4f414197-0fc2-4c01-b68a-86cbb9ac254c
set "key=YG9NW-3K39V-2T3HJ-93F3Q-G83KT" &:: Project Professional
exit /b
:da7ddabc-3fbe-4447-9e01-6ab7440b4cd4
set "key=GNFHQ-F6YQM-KQDGJ-327XX-KQBVC" &:: Project Standard
exit /b
:6bf301c1-b94a-43e9-ba31-d494598c47fb
set "key=PD3PC-RHNGV-FXJ29-8JK7D-RJRJK" &:: Visio Professional
exit /b
:aa2a7821-1827-4c2c-8f1d-4513a34dda97
set "key=7WHWN-4T7MP-G96JF-G33KR-W8GF4" &:: Visio Standard
exit /b
:67c0fc0c-deba-401b-bf8b-9c8ad8395804
set "key=GNH9Y-D2J4T-FJHGG-QRVH7-QPFDW" &:: Access
exit /b
:c3e65d36-141f-4d2f-a303-a842ee756a29
set "key=9C2PK-NWTVB-JMPW8-BFT28-7FTBF" &:: Excel
exit /b
:d8cace59-33d2-4ac7-9b1b-9b72339c51c8
set "key=DR92N-9HTF2-97XKM-XW2WJ-XW3J6" &:: OneNote
exit /b
:ec9d9265-9d1e-4ed0-838a-cdc20f2551a1
set "key=R69KK-NTPKF-7M3Q4-QYBHW-6MT9B" &:: Outlook
exit /b
:d70b1bba-b893-4544-96e2-b7a318091c33
set "key=J7MQP-HNJ4Y-WJ7YM-PFYGF-BY6C6" &:: Powerpoint
exit /b
:041a06cb-c5b8-4772-809f-416d03d16654
set "key=F47MM-N3XJP-TQXJ9-BP99D-8K837" &:: Publisher
exit /b
:83e04ee1-fa8d-436d-8994-d31a862cab77
set "key=869NQ-FJ69K-466HW-QYCP2-DDBV6" &:: Skype for Business
exit /b
:bb11badf-d8aa-470e-9311-20eaf80fe5cc
set "key=WXY84-JN2Q9-RBCCQ-3Q3J3-3PFJ6" &:: Word
exit /b
:: Office 2013
:dc981c6b-fc8e-420f-aa43-f8f33e5c0923
set "key=42QTK-RN8M7-J3C4G-BBGYM-88CYV" &:: Mondo
exit /b
:b322da9c-a2e2-4058-9e4e-f59a6970bd69
set "key=YC7DK-G2NP3-2QQC3-J6H88-GVGXT" &:: Professional Plus
exit /b
:b13afb38-cd79-4ae5-9f7f-eed058d750ca
set "key=KBKQT-2NMXY-JJWGP-M62JB-92CD4" &:: Standard
exit /b
:4a5d124a-e620-44ba-b6ff-658961b33b9a
set "key=FN8TT-7WMH6-2D4X9-M337T-2342K" &:: Project Professional
exit /b
:427a28d1-d17c-4abf-b717-32c780ba6f07
set "key=6NTH3-CW976-3G3Y2-JK3TX-8QHTT" &:: Project Standard
exit /b
:e13ac10e-75d0-4aff-a0cd-764982cf541c
set "key=C2FG9-N6J68-H8BTJ-BW3QX-RM3B3" &:: Visio Professional
exit /b
:ac4efaf0-f81f-4f61-bdf7-ea32b02ab117
set "key=J484Y-4NKBF-W2HMG-DBMJC-PGWR7" &:: Visio Standard
exit /b
:6ee7622c-18d8-4005-9fb7-92db644a279b
set "key=NG2JY-H4JBT-HQXYP-78QH9-4JM2D" &:: Access
exit /b
:f7461d52-7c2b-43b2-8744-ea958e0bd09a
set "key=VGPNG-Y7HQW-9RHP7-TKPV3-BG7GB" &:: Excel
exit /b
:fb4875ec-0c6b-450f-b82b-ab57d8d1677f
set "key=H7R7V-WPNXQ-WCYYC-76BGV-VT7GH" &:: Groove
exit /b
:a30b8040-d68a-423f-b0b5-9ce292ea5a8f
set "key=DKT8B-N7VXH-D963P-Q4PHY-F8894" &:: InfoPath
exit /b
:1b9f11e3-c85c-4e1b-bb29-879ad2c909e3
set "key=2MG3G-3BNTT-3MFW9-KDQW3-TCK7R" &:: Lync
exit /b
:efe1f3e6-aea2-4144-a208-32aa872b6545
set "key=TGN6P-8MMBC-37P2F-XHXXK-P34VW" &:: OneNote
exit /b
:771c3afa-50c5-443f-b151-ff2546d863a0
set "key=QPN8Q-BJBTJ-334K3-93TGY-2PMBT" &:: Outlook
exit /b
:8c762649-97d1-4953-ad27-b7e2c25b972e
set "key=4NT99-8RJFH-Q2VDH-KYG2C-4RD4F" &:: Powerpoint
exit /b
:00c79ff1-6850-443d-bf61-71cde0de305f
set "key=PN2WF-29XG2-T9HJ7-JQPJR-FCXK4" &:: Publisher
exit /b
:d9f5b1c6-5386-495a-88f9-9ad6b41ac9b3
set "key=6Q7VD-NX8JD-WJ2VH-88V73-4GBJ7" &:: Word
exit /b
:: Office 2010
:09ed9640-f020-400a-acd8-d7d867dfd9c2
set "key=YBJTT-JG6MD-V9Q7P-DBKXJ-38W9R" &:: Mondo
exit /b
:ef3d4e49-a53d-4d81-a2b1-2ca6c2556b2c
set "key=7TC2V-WXF6P-TD7RT-BQRXR-B8K32" &:: Mondo2
exit /b
:6f327760-8c5c-417c-9b61-836a98287e0c
set "key=VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB" &:: Professional Plus
exit /b
:9da2a678-fb6b-4e67-ab84-60dd6a9c819a
set "key=V7QKV-4XVVR-XYV4D-F7DFM-8R6BM" &:: Standard
exit /b
:df133ff7-bf14-4f95-afe3-7b48e7e331ef
set "key=YGX6F-PGV49-PGW3J-9BTGG-VHKC6" &:: Project Professional
exit /b
:5dc7bf61-5ec9-4996-9ccb-df806a2d0efe
set "key=4HP3K-88W3F-W2K3D-6677X-F9PGB" &:: Project Standard
exit /b
:92236105-bb67-494f-94c7-7f7a607929bd
set "key=D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ" &:: Visio Premium
exit /b
:e558389c-83c3-4b29-adfe-5e4d7f46c358
set "key=7MCW8-VRQVK-G677T-PDJCM-Q8TCP" &:: Visio Professional
exit /b
:9ed833ff-4f92-4f36-b370-8683a4f13275
set "key=767HD-QGMWX-8QTDB-9G3R2-KHFGJ" &:: Visio Standard
exit /b
:8ce7e872-188c-4b98-9d90-f8f90b7aad02
set "key=V7Y44-9T38C-R2VJK-666HK-T7DDX" &:: Access
exit /b
:cee5d470-6e3b-4fcc-8c2b-d17428568a9f
set "key=H62QG-HXVKF-PP4HP-66KMR-CW9BM" &:: Excel
exit /b
:8947d0b8-c33b-43e1-8c56-9b674c052832
set "key=QYYW6-QP4CB-MBV6G-HYMCJ-4T3J4" &:: Groove (SharePoint Workspace)
exit /b
:ca6b6639-4ad6-40ae-a575-14dee07f6430
set "key=K96W8-67RPQ-62T9Y-J8FQJ-BT37T" &:: InfoPath
exit /b
:ab586f5c-5256-4632-962f-fefd8b49e6f4
set "key=Q4Y4M-RHWJM-PY37F-MTKWH-D3XHX" &:: OneNote
exit /b
:ecb7c192-73ab-4ded-acf4-2399b095d0cc
set "key=7YDC2-CWM8M-RRTJC-8MDVC-X3DWQ" &:: Outlook
exit /b
:45593b1d-dfb1-4e91-bbfb-2d5d0ce2227a
set "key=RC8FX-88JRY-3PF7C-X8P67-P4VTT" &:: Powerpoint
exit /b
:b50c4f75-599b-43e8-8dcd-1081a7967241
set "key=BFK7F-9MYHM-V68C7-DRQ66-83YTP" &:: Publisher
exit /b
:2d0882e7-a4e7-423b-8ccc-70d91e0158b1
set "key=HVHB3-C6FV7-KQX9W-YQG79-CRY7T" &:: Word
exit /b
:ea509e87-07a1-4a45-9edc-eba5a39f36af
set "key=D6QFG-VBYP2-XQHM7-J97RH-VVRCK" &:: Home and Business
exit /b
:END
if %Unattend% EQU 0 echo Press any key to exit.
%_Pause%
exit /b 0
Scripts
Get AD Group Member List Script
Save this as .ps1 file and run as admin in Domain Controller.
Simple
$groups = (Get-ADGroup -Filter * | Select name -ExpandProperty name)
$table=@()
$record=@{
"groupname" =""
"username"=""
}
foreach ($g in $groups){
$i = 0
$members = (Get-ADGroupMember -Identity $g | select name,samaccountname)
foreach ($m in $members){
$record."groupname"=$g
$record."UserName"=$m.samaccountname
$objrec= New-Object psobject -Property $record
$table += $objrec
$i+=1
}
if($i -eq 0){
$record."groupname"=$g
$record."UserName"=""
$objrec= New-Object psobject -Property $record
$table += $objrec
}
}
$dateinfile = (Get-Date).AddMonths(-1).ToString('yyyy-MM')
$domain = (Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem | Select Domain).Domain
$table |Export-Csv "C:\temp\$dateinfile - $domain - Group Member List.csv" -NoTypeInformation
Detailed
Import-Module ActiveDirectory
$date=Get-Date -f yyyy-MM-dd
$domain=(Get-WmiObject win32_computersystem).Domain
$csvexport=$null
$csvlocation="C:\temp\$domain-GroupReview-$date.csv"
If ((Test-Path C:\temp) -eq $false){
New-Item C:\temp -ItemType Directory
}
If ((Test-Path $csvlocation) -eq $true){
Remove-Item $csvlocation
}
$toprint=@()
$record=@{
"Name" =""
"GroupScope"=""
"Description"=""
"adminCount"=""
"ManagedBy"=""
"samaccountname"=""
"membertype"=""
"WhenCreated"=""
"WhenChanged"=""
}
$groupaccounts=Get-ADGroup -filter * -Properties * | Select "Name","GroupScope","Description","adminCount","ManagedBy","WhenCreated","WhenChanged"
foreach ($grp in $groupaccounts) {
$isempty=$true
if ($grp.adminCount -eq 1){
$record."adminCount"="Yes"
} else {
$record."adminCount"=""
}
if ($grp.ManagedBy){
$record."ManagedBy"=$grp.ManagedBy.Split(",")[0].replace("CN=","")
} else {
$record."ManagedBy"=""
}
$record."Name"=$grp.Name
$record."GroupScope"=$grp.GroupScope
$record."Description"=$grp.Description
$record."samaccountname"=""
$record."membertype"=""
$record."WhenCreated"=$grp.WhenCreated.ToString("dd-MMM-yyyy HH:mm:ss")
$record."WhenChanged"=$grp.WhenChanged.ToString("dd-MMM-yyyy HH:mm:ss")
try{
$groupmembers = (Get-ADGroupMember -Identity $grp.Name | select name,samaccountname,objectClass)
foreach ($m in $groupmembers){
if($m.objectClass){
$membertype=$m.objectClass
}else{
$membertype="builtin group"
}
$record."samaccountname"=$m.samaccountname+"<br>"+$record."samaccountname"
$record."membertype"=$membertype+"<br>"+$record."membertype"
$isempty=$false
}
if($isempty -eq $true){
$record."ManagedBy"=$grp.ManagedBy
$record."samaccountname"="-"
$record."membertype"="-"
}
$objrec= New-Object psobject -Property $record
$toprint += $objrec
}catch{ # For OWFT foreignSecurityPrincipal objects
$members = dsquery group -name $grp.Name | dsget group -members
$foreignAccount = [System.Collections.ArrayList]::new()
$nonForeignAccount = [System.Collections.ArrayList]::new()
foreach ($m in $members){
if ($m.Contains("ForeignSecurityPrincipals")) {
$foreignAccount.add($m.ToString().replace('"',''))
}else{
$nonForeignAccount.add($m.ToString().replace('"',''))
}
}
$foreignObjects = Get-ADObject -Filter {ObjectClass -eq "foreignSecurityPrincipal"} -Properties msds-principalname,memberof
foreach ($fObject in $foreignAccount){
$faccountname = ($foreignObjects | Where-Object DistinguishedName -eq $fObject ).'msds-principalname'
$record."samaccountname"=$faccountname+"<br>"+$record."samaccountname"
$record."membertype"='foreignSecurityPrincipal'+"<br>"+$record."membertype"
}
foreach ($obj in $nonForeignAccount){
if($obj -ne ""){
$fullname=$obj.Split(',')[0].replace('CN=','')
$userObj = Get-ADUser -Filter {name -like $fullname} | Select-Object SamAccountName,ObjectClass
$record."samaccountname"=$userObj.SamAccountName+"<br>"+$record."samaccountname"
$record."membertype"=$userObj.ObjectClass+"<br>"+$record."membertype"
}
}
$objrec= New-Object psobject -Property $record
$toprint += $objrec
}
}
$sn=0
foreach($tt in $toprint){
$sn=$sn+1
$csvexport += @(
[pscustomobject]@{
"SN"=$sn
"Group Name" = $tt.Name
"Group Scope" = $tt.GroupScope
"Description" = $tt.Description
"Admin Rights" = $tt.adminCount
"Managed By" = $tt.ManagedBy
"Member Name" = $tt.samaccountname.Replace("<br>","`n").ToString()
"MemberType" = $tt.membertype.Replace("<br>","`n").ToString()
"Creation Date" = $tt.WhenCreated
"Modified Date" = $tt.WhenChanged
}
)
}
$csvexport | Export-csv -Path $csvlocation -NoTypeInformation
Scripts
Reset Local Account Script
Change line 8 and 9.
# Check if the script is running as an administrator
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "Please run this script as an administrator." -ForegroundColor Red
exit
}
# Prompt for the username and password
$username = "test"
$password = "P@ssw0rdT3str3S3t"
# Define the output file path in C:\Temp
$outputFilePath = "C:\Temp\ResetPasswordLog.txt"
# Reset the local account password
try {
$user = [ADSI]"WinNT://./$username,user"
$user.SetPassword($password)
$user.SetInfo()
$output = "Password for $username has been reset."
Write-Host $output -ForegroundColor Green
$output | Out-File -FilePath $outputFilePath -Append
} catch {
$output = "Error resetting password for $username : $_"
Write-Host $output -ForegroundColor Red
$output | Out-File -FilePath $outputFilePath -Append
}
# Output the file path where the log was saved
Write-Host "Log file saved at: $outputFilePath"
Scripts
Offline WSUS Scan Script
Step 1 - Download Wsusscan2.cab file
Download Wsusscn2.cab from official MS website and save it in C:\temp\wsusscn2.cab.
Step 2 - Run offline script
Save this as offlinescan.vbs file and run "cscript offlinescan.vbs" as admin.
Set UpdateSession = CreateObject("Microsoft.Update.Session")
Set UpdateServiceManager = CreateObject("Microsoft.Update.ServiceManager")
Set UpdateService = UpdateServiceManager.AddScanPackageService("Offline Sync Service", "c:\Temp\wsusscn2.cab")
Set UpdateSearcher = UpdateSession.CreateUpdateSearcher()
WScript.Echo "Searching for updates..." & vbCRLF
UpdateSearcher.ServerSelection = 3 ' ssOthers
UpdateSearcher.ServiceID = UpdateService.ServiceID
Set SearchResult = UpdateSearcher.Search("IsInstalled=0")
Set Updates = SearchResult.Updates
If searchResult.Updates.Count = 0 Then
WScript.Echo "There are no applicable updates."
WScript.Quit
End If
WScript.Echo "List of applicable items on the machine when using wssuscan.cab:" & vbCRLF
For I = 0 to searchResult.Updates.Count-1
Set update = searchResult.Updates.Item(I)
WScript.Echo I + 1 & "> " & update.Title
Next
WScript.Quit
Net User Examples
Local User
The command net user is the same as the PowerShell command Get-LocalUser.
Command for cmd
net user locadminCommand for PowerShell
Get-LocalUser locadminExample
PS C:\Windows\system32> Get-LocalUser locadmin
Name Enabled Description
---- ------- -----------
Locadmin True Built-in account for administering the computer/domain
PS C:\Windows\system32> net user locadmin
User name Locadmin
Full Name
Comment Built-in account for administering the computer/domain
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 10/13/2022 2:52:21 AM
Password expires 10/13/2023 2:52:21 AM
Password changeable 10/14/2022 2:52:21 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 10/16/2022 11:43:57 AM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
PS C:\Windows\system32>Domain User
The command net user /domain is the same as the PowerShell command Get-ADUser.
However, Get-ADUser can only be run in the Domain Controller.
Command for cmd
net user /domain rach01Command for PowerShell
Get-ADUser rach01Example
PS C:\Windows\system32> Get-ADUser rach01
DistinguishedName : CN=rara zzz,OU=Users,OU=MilkyWay,DC=homelab,DC=local
Enabled : True
GivenName : rara
Name : rara zzz
ObjectClass : user
ObjectGUID : e9f55685-3dec-4143-a238-5f6f98fba383
SamAccountName : rach01
SID : S-1-5-21-2730233804-1460224074-2389028099-1105
Surname : zzz
UserPrincipalName : rach01@homelab.local
PS C:\Windows\system32> net user /domain rach01
User name rach01
Full Name rara zzz
Comment Dummy User #1
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 7/2/2023 2:11:58 PM
Password expires Never
Password changeable 8/2/2023 2:11:58 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 31/12/2023 1:23:54 AM
Logon hours allowed All
Local Group Memberships *Homelab2_AL *Remote Desktop Users
Global Group memberships *Domain Users
The command completed successfully.
PS C:\Windows\system32>Test TCP Port
To test TCP connection if open in the destination address
PS C:\Windows\system32> tnc 10.1.1.94 -port 443
ComputerName : 10.1.1.94
RemoteAddress : 10.1.1.94
RemotePort : 443
InterfaceAlias : Ethernet Instance 0
SourceAddress : 10.1.1.12
TcpTestSucceeded : True
PS C:\Windows\system32>
Disable TLS 1.0 & 1.1
Copy this and save it into a registry file (disableTLS.reg).
Run the file as admin.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001Set Time Zone via CMD
Using Command Prompt
Get current time zone.
tzutil /gGet all the time zone list in the system. Take note of the description of your desired time zone.
tzutil /lSet time zone
tzutil /s "Singapore Standard Time"
Harden IIS
Import-Module IISAdministration
Get-IISAppPool
$apppoolname = Read-Host 'What is the ApplicationPoolIdentity name? [default: DefaultAppPool]'
Get-Website | Select-Object Name, PhysicalPath
$websitename = Read-Host 'What is the Website name? [default: Default Web Site]'
$newloglocation = Read-Host 'Set a new IIS web log location other than C: [default: C:\inetpub\logs\LogFiles\W3SVC1]'
Write-Host "1. Basic Configurations"
Write-Host " 1.1 Ensure 'directory browsing' is set to disabled"
# Ensuring that directory browsing is disabled may reduce the probability of disclosing sensitive content that is inadvertently accessible via IIS.
Set-WebConfigurationProperty -Filter system.webserver/directorybrowse -PSPath iis:\ -Name Enabled -Value False
Write-Host " 1.2 Ensure 'Application pool identity' is configured for all application pools"
# Setting Application Pools to use unique least privilege identities such as ApplicationPoolIdentity reduces the potential harm the identity could cause should the application ever become compromised.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/applicationPools/add[@name='$apppoolname']/processModel" -name 'identityType' -value 'ApplicationPoolIdentity'
Write-Host " 1.3 Ensure 'unique application pools' is set for sites"
# By setting sites to run under unique Application Pools, resource-intensive applications can be assigned to their own application pools which could improve server and application performance.In addition, it can help maintain application availability: if an application in one pool fails, applications in other pools are not affected.Last, isolating applications helps mitigate the potential risk of one application being allowed access to the resources of another application. It is also recommended to stop any application pool that is not in use or was created by an installation such as .Net 4.0.
Set-ItemProperty -Path "IIS:\Sites\$websitename" -Name applicationPool -Value $websitename
Write-Host " 1.4 Ensure 'application pool identity' is configured for anonymous user identity"
# Configuring the anonymous user identity to use the application pool identity will help ensure site isolation - provided sites are set to use the application pool identity. Since a unique principal will run each application pool, it will ensure the identity is least privilege. Additionally, it will simplify Site management.
Set-ItemProperty -Path IIS:\AppPools\$apppoolname -Name passAnonymousToken -Value True
Write-Host " 1.5 Ensure WebDav feature is disabled"
# WebDAV is not widely used, and it has serious security concerns because it may allow clients to modify unauthorized files on the web server. Therefore, the WebDav feature should be disabled.
Remove-WindowsFeature Web-DAV-Publishing
Write-Host "2. Configure Authentication and Authorization"
# Ensure 'global authorization rule' is set to restrict access
# Configuring a global Authorization rule that restricts access will ensure inheritance of the settings down through the hierarchy of web directories; if that content is copied elsewhere, the authorization rules flow with it. This will ensure access to current and future content is only granted to the appropriate principals, mitigating risk of accidental or unauthorized access.
Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/authorization" -name "." -AtElement @{users='*';roles='';verbs=''}
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/authorization" -name "." -value @{accessType='Allow';roles='Administrators'}
Write-Host " 2.1 Ensure access to sensitive site features is restricted to authenticated principals only"
# Add the forms tag within <system.web>:
# <system.web>
# <authentication>
# <forms cookieless="UseCookies" requireSSL="true" />
# </authentication>
# </system.web>
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webServer/security/authentication/anonymousAuthentication' -name 'enabled' -value 'True'
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webServer/security/authentication/windowsAuthentication' -name 'enabled' -value 'False'
Write-Host " 2.2 Ensure 'forms authentication' requires SSL"
# Requiring SSL for Forms Authentication will protect the confidentiality of credentials during the login process, helping mitigate the risk of stolen user information.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter 'system.web/authentication/forms' -name 'requireSSL' -value 'True'
Write-Host " 2.3 Ensure 'forms authentication' is set to use cookies"
# Using cookies to manage session state may help mitigate the risk of session hi-jacking attempts by preventing ASP.NET from having to move session information to the URL. Moving session information identifiers into the URL may cause session IDs to show up in proxy logs, browsing history, and be accessible to client scripting via document.location.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter 'system.web/authentication/forms' -name 'cookieless' -value 'UseCookies'
Write-Host " 2.4 Ensure 'cookie protection mode' is configured for forms authentication"
# By encrypting and validating the cookie, the confidentiality and integrity of data within the cookie is assured. This helps mitigate the risk of attacks such as session hijacking and impersonation.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter 'system.web/authentication/forms' -name 'protection' -value 'All'
Write-Host " 2.5 Ensure transport layer security for 'basic authentication' is configured"
# Credentials sent in clear text can be easily intercepted by malicious code or persons. Enforcing the use of Transport Layer Security will help mitigate the chances of hijacked credentials.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location $websitename -filter 'system.webServer/security/access' -name 'sslFlags' -value 'Ssl'
Write-Host " 2.6 Ensure 'passwordFormat' is not set to clear"
# Authentication credentials should always be protected to reduce the risk of stolen authentication credentials.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter 'system.web/authentication/forms/credentials' -name 'passwordFormat' -value 'SHA1'
Write-Host " 2.7 Ensure 'credentials' are not stored in configuration files"
# Authentication credentials should always be protected to reduce the risk of stolen authentication credentials. For security reasons, it is recommended that user credentials not be stored an any IIS configuration files.
Remove-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter 'system.web/authentication/forms/credentials' -name '.'
Write-Host "3. ASP.NET Configuration Recommendations"
Write-Host " 3.1 Ensure 'deployment method retail' is set [Manual]"
# Utilizing the switch specifically intended for production IIS servers will eliminate the risk of vital application and system information leakages that would otherwise occur if tracing or debug were to be left enabled, or customErrors were to be left off.
Write-Host " # Open the machine.config file located in: %systemroot%\Microsoft.NET\Framework\<framework version>\Config"
Write-Host " # Add the line <deployment retail='true' /> within the <system.web> section:"
Write-Host " <system.web>"
Write-Host " <deployment retail="true" />"
Write-Host " </system.web>"
Write-Host " # Do the same for the 'Microsoft.NET\Framework64' directory"
Write-Host " 3.2 Ensure 'debug' is turned off"
# Setting <compilation debug> to false ensures that detailed error information does not inadvertently display during live application usage, mitigating the risk of application information leakage falling into unscrupulous hands.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter "system.web/compilation" -name "debug" -value "False"
Write-Host " 3.3 Ensure custom error messages are not off"
# customErrors can be set to On or RemoteOnly without leaking detailed application information to the client. Ensuring that customErrors is not set to Off will help mitigate the risk of malicious persons learning detailed application error and server configuration information.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter "system.web/customErrors" -name "mode" -value "Off"
Write-Host " 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely"
# The information contained in custom error messages can provide clues as to how applications function, opening up unnecessary attack vectors. Ensuring custom errors are never displayed remotely can help mitigate the risk of malicious persons obtaining information as to how the application works.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter "system.webServer/httpErrors" -name "errorMode" -value "DetailedLocalOnly"
Write-Host " 3.5 Ensure ASP.NET stack tracing is not enabled"
# In an active Web Site, tracing should not be enabled because it can display sensitive configuration and detailed stack trace information to anyone who views the pages in the site. If necessary, the localOnly attribute can be set to true to have trace information displayed only for localhost requests. Ensuring that ASP.NET stack tracing is not on will help mitigate the risk of malicious persons learning detailed stack trace information.
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$websitename" -filter "system.web/trace" -name "enabled" -value "False"
Write-Host " 3.6 Ensure 'httpcookie' mode is configured for session state"
# When cookies are set with the HttpOnly flag, they cannot be accessed by client side scripting running in the user's browser. Preventing client-side scripting from accessing cookie content may reduce the probability of a cross site scripting attack materializing into a successful session hijack.
Write-Host " # Locate and open the application's web.config file"
Write-Host " # Add the httpCookies tag within <system.web>:"
Write-Host " <configuration>"
Write-Host " <system.web>"
Write-Host " <httpCookies httpOnlyCookies='true' />"
Write-Host " </system.web>"
Write-Host " </configuration>"
Write-Host " 3.7 Ensure 'MachineKey validation method - .Net 3.5' is configured [HMACSHA256]"
C:\Windows\system32\inetsrv\appcmd set config /commit:WEBROOT /section:machineKey /validation:HMACSHA256
Write-Host " 3.8 Ensure 'MachineKey validation method - .Net 4.5' is configured [HMACSHA256]"
# Setting the validation property to AES will provide confidentiality and integrity protection to the viewstate. AES is the strongest encryption algorithm supported by the validation property. SHA-2 is the strongest hashing algorithm supported by the validation property so it should be used as the validation method for the MachineKey in .Net 4.5.
# Use HMACSHA256 encryption for the ASP.NET Machine Key
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/machineKey" -name "validation" -value "HMACSHA256"
Write-Host " 3.9 Ensure global .NET trust level is configured"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/trust" -name "level" -value "Medium"
Write-Host " 3.10 Ensure X-Powered-By Header is removed"
# While this is not the only way to fingerprint a site through the response headers, it makes it harder and prevents some potential attackers.
Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/httpProtocol/customHeaders" -name "." -AtElement @{name='XPowered-By'}
Write-Host " 3.11 Ensure Server Header is removed"
# While this is not the only way to fingerprint a site through the response headers, it makes it harder and prevents some potential attackers. The server header removal directive is a new feature in IIS 10 that can assist in mitigating this risk.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
Write-Host "4. Request Filtering and other Restriction Modules"
Write-Host " 4.1 Ensure 'maxAllowedContentLength' is configured"
# Setting an appropriate value that has been tested for the maxAllowedContentLength filter will lower the impact an abnormally large request would otherwise have on IIS and/or web applications. This helps to ensure availability of web content and services, and may also help mitigate the risk of buffer overflow type attacks in unmanaged components.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/requestLimits" -name "maxAllowedContentLength" -value 30000000
Write-Host " 4.2 Ensure 'maxURL request filter' is configured"
# With a properly configured Request Filter limiting the amount of data accepted in the URL, chances of undesired application behaviors affecting the availability of content and services are reduced.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/requestLimits" -name "maxUrl" -value 4096
Write-Host " 4.3 Ensure 'MaxQueryString request filter' is configured"
# With a properly configured Request Filter limiting the amount of data accepted in the query string, chances of undesired application behaviors such as app pool failures are reduced.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/requestLimits" -name "maxQueryString" -value 2048
Write-Host " 4.4 Ensure non-ASCII characters in URLs are not allowed"
# This feature can help defend against canonicalization attacks, reducing the potential attack surface of servers, sites, and/or applications.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "allowHighBitCharacters" -value "False"
Write-Host " 4.5 Ensure Double-Encoded requests will be rejected"
# This feature will help prevent attacks that rely on URLs that have been crafted to contain double-encoded request(s).
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "allowDoubleEscaping" -value "True"
Write-Host " 4.6 Ensure 'HTTP Trace Method' is disabled"
# Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. This risk can be mitigated by not allowing the TRACE verb.
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/verbs" -name "." -value @{verb='TRACE';allowed='False'}
Write-Host " 4.7 Ensure Unlisted File Extensions are not allowed"
# Disallowing all but the necessary file extensions can greatly reduce the attack surface of applications and servers.
# Set the list of allowed extensions (customise to suit your needs)
$SitePath = 'MACHINE/WEBROOT/APPHOST'
$Filter = 'system.webServer/security/requestFiltering/fileExtensions'
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.aspx';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.ashx';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.js';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.css';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.json';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.png';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.woff';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.woff2';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.ttf';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.jpg';allowed='True'}
Add-WebConfigurationProperty -pspath $SitePath -filter $Filter -name "." -value @{fileExtension='.svg';allowed='True'}
Write-Host " 4.8 Ensure Unlisted File Extensions are not allowed (e.g. .config, .backup, .bat)"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/fileExtensions" -name "allowUnlisted" -value "False"
Write-Host " 4.9 Ensure Handler is not granted Write and Script/Execute"
# By allowing both Execute/Script and Write permissions, a handler can run malicious code on the target server. Ensuring these two permissions are never together will help lower the risk of malicious code being executed on the server.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/handlers" -name "accessPolicy" -value "Read,Script"
Write-Host " 4.10 Ensure ‘notListedIsapisAllowed’ is set to false"
# Restricting this attribute to false will help prevent potentially malicious ISAPI extensions from being run.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/isapiCgiRestriction" -name "notListedIsapisAllowed" -value "False"
Write-Host " 4.11 Ensure ‘notListedCgisAllowed’ is set to false"
# Restricting this attribute to false will help prevent unlisted CGI extensions, including potentially malicious CGI scripts from being run.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/isapiCgiRestriction" -name "notListedCgisAllowed" -value "False"
Write-Host " 4.12 Ensure ‘Dynamic IP Address Restrictions’ is enabled"
# Dynamic IP address filtering allows administrators to configure the server to block access for IPs that exceed the specified number of requests or requests frequency. Ensure that you receive the Forbidden page once the block has been enforced.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/dynamicIpSecurity/denyByConcurrentRequests" -name "enabled" -value "True"
# You can customise this value to suit your needs. Start with 5 and adjust as necessary
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/dynamicIpSecurity/denyByConcurrentRequests" -name "maxConcurrentRequests" -value 5
Write-Host " 4.13 Ensure Double-Encoded Requests will be rejected"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webServer/security/requestFiltering' -name 'allowDoubleEscaping' -value 'True'
Write-Host "5. IIS Logging Recommendations"
Write-Host " 5.1 Ensure Default IIS web log location is moved"
# Moving IIS logging to a restricted, non-system drive will help mitigate the risk of logs being maliciously altered, removed, or lost in the event of system drive failure(s).
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/siteDefaults/logFile" -name "directory" -value "$newloglocation"
Write-Host " 5.1 Ensure ETW Logging is enabled"
Set-ItemProperty -Path "IIS:\Sites\$websitename" -Name logfile.logTargetW3C -Value 'File,ETW'
Write-Host "6. FTP Requests"
Write-Host " 6.1 Ensure FTP requests are encrypted"
# By using SSL, the FTP transmission is encrypted and secured from point to point and all FTP traffic as well as credentials are thereby guarded against interception.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/siteDefaults/ftpServer/security/ssl" -name "controlChannelPolicy" -value "SslRequire"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/siteDefaults/ftpServer/security/ssl" -name "dataChannelPolicy" -value "SslRequire"
Write-Host " 6.2 Ensure FTP Logon attempt restrictions is enabled"
# Successful brute force FTP attacks can allow an otherwise unauthorized user to make changes to data that should not be made. This could allow the unauthorized user to modify website code by uploading malicious software or even changing functionality for items such as online payments.
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.ftpServer/security/authentication/denyByFailure" -name "enabled" -value "True"
Write-Host "7. Transport Encryption"
Write-Host " 7.1 Ensure HSTS Header is set"
# HTTP Strict Transport Security (HSTS) is a simple and widely supported standard to protect visitors by ensuring that their browsers always connect to a website over HTTPS. HSTS exists to remove the need for the common, insecure practice of redirecting users from http:// to https:// URLs. HSTS relies on the User Agent/Browser to enforce the required behavior. All major browsers support it. If the browser doesn't support HSTS, it will be ignored.
# To set the HTTP Header at the server level using an AppCmd.exe command, run the
# following command from an elevated command prompt:
C:\Windows\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpProtocol /+"customHeaders.[name='StrictTransport-Security',value='max-age=31536000; includeSubDomains; preload']"
# To set the HTTP Header at the Website level using an AppCmd.exe command, run the
#following command from an elevated command prompt:
C:\Windows\system32\inetsrv\appcmd.exe set config "$websitename" -section:system.webServer/httpProtocol /+"customHeaders.[name='StrictTransport-Security',value='max-age=31536000; includeSubDomains; preload']"
Write-Host " 7.2 Ensure SSLv2 is disabled"
# Disabling weak protocols will help ensure the confidentiality and integrity of in-transit data. This protocol is not considered cryptographically secure.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.3 Ensure SSLv3 is Disabled"
# Disabling weak protocols will help ensure the confidentiality and integrity of in-transit data. This protocol is not considered cryptographically secure.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.4 Ensure TLS 1.0 is Disabled"
# The PCI Data Security Standard 3.1 recommends disabling "early TLS" along with SSL. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.5 Ensure TLS 1.1 is Disabled"
# The PCI Data Security Standard 3.1 recommends disabling "early TLS" along with SSL. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '1' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.5 Ensure TLS 1.2 is Enabled"
# TLS 1.2 is the most recent and mature protocol for protecting the confidentiality and integrity of HTTP traffic.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.6 Ensure NULL Cipher Suites is Disabled"
# The NULL cipher does not provide data confidentiality or integrity. It is recommended that the NULL cipher be disabled.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.7 Ensure DES Cipher Suites is Disabled"
# DES is a weak symmetric-key cipher. It is recommended that it be disabled.
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('DES 56/56')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.8 Ensure RC4 Cipher Suites is Disabled"
# RC4 is a stream cipher that has known practical attacks. It is recommended that RC4 be disabled. The only RC4 cipher enabled by default on Server 2012 and 2012 R2 is RC4 128/128.
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('RC4 40/128')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('RC4 56/128')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('RC4 64/128')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('RC4 128/128')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.9 Ensure AES 128/128 Cipher Suite is Disabled"
# Enabling AES 128/128 may be required for client compatibility. Enable or disable this cipher suite accordingly. Enabling AES 256/256 is recommended as this cipher does not suffer from known practical attacks.
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('AES 128/128')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.10 Ensure AES 256/256 Cipher Suite is Enabled"
# AES 256/256 is the most recent and mature cipher suite for protecting the confidentiality and integrity of HTTP traffic. Enabling AES 256/256 is recommended. This is enabled by default on Server 2012 and 2012 R2.
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('AES 256/256')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
Write-Host " 7.11 Ensure Triple DES Cipher Suite 168 is Disabled"
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('Triple DES 168')
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('Triple DES 168/168')
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168" /v Enabled /d 0 /t REG_DWORD /f | Out-Null
Write-Host " 7.11 Ensure TLS Cipher Suite Ordering is Configured"
# Cipher suites should be ordered from strongest to weakest in order to ensure that the more secure configuration is used for encryption between the server and client.
# Configure Strong TLS Cipher Suites to support Perfect Forward Secrecy and HTTP/2 support
# Cipher suites should be ordered from strongest to weakest i.e.
# TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
New-Item 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' -PropertyType 'MultiString' -Force | Out-Null
Get-WebBinding -Port * | Format-List bindingInformation
Write-Host "OK."