#https://docs.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server #https://docs.microsoft.com/de-de/windows/application-management/per-user-services-in-windows $cred = Get-Credential foreach ($Server in $(Get-ADComputer -SearchBase "OU=Meine OU,DC=Meine Domäne,DC=Meine TLD" -Filter 'OperatingSystem -like "Windows Server 2016*"')) { Write-Host "Verbinde mit Server:" $Server.DNSHostName Invoke-Command -ComputerName $Server.DNSHostName -Credential $cred -ScriptBlock { Write-Host "`tDeaktiviere Dienste..." Set-Service -Name "Audiosrv" -StartupType Disabled Set-Service -Name "AudioEndpointBuilder" -StartupType Disabled Set-Service -Name "AxInstSV" -StartupType Disabled Set-Service -Name "bthserv" -StartupType Disabled Set-Service -Name "CDPUserSvc" -StartupType Disabled Set-Service -Name "dmwappushservice" -StartupType Disabled Set-Service -Name "FrameServer" -StartupType Disabled Set-Service -Name "icssvc" -StartupType Disabled Set-Service -Name "lltdsvc" -StartupType Disabled Set-Service -Name "lfsvc" -StartupType Disabled Set-Service -Name "MapsBroker" -StartupType Disabled Set-Service -Name "NcbService" -StartupType Disabled Set-Service -Name "PcaSvc" -StartupType Disabled Set-Service -Name "QWAVE" -StartupType Disabled Set-Service -Name "RmSvc" -StartupType Disabled Set-Service -Name "SensorDataService" -StartupType Disabled Set-Service -Name "SensorService" -StartupType Disabled Set-Service -Name "SensrSvc" -StartupType Disabled Set-Service -Name "SharedAccess" -StartupType Disabled Set-Service -Name "ShellHWDetection" -StartupType Disabled Set-Service -Name "SSDPSRV" -StartupType Disabled Set-Service -Name "stisvc" -StartupType Disabled Set-Service -Name "TabletInputService" -StartupType Disabled Set-Service -Name "upnphost" -StartupType Disabled Set-Service -Name "WalletService" -StartupType Disabled Set-Service -Name "WiaRpc" -StartupType Disabled Set-Service -Name "wisvc" -StartupType Disabled Set-Service -Name "wlidsvc" -StartupType Disabled Set-Service -Name "WpnService" -StartupType Disabled Set-Service -Name "XblAuthManager" -StartupType Disabled Set-Service -Name "XblGameSave" -StartupType Disabled Write-Host "`tDeaktiviere User Dienste..." if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*) { $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\CDPUserSvc_*) foreach ($SVC in $TempSVC) { $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)" Set-ItemProperty -Path $SVC -Name "Start" -Value 4 } } Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NgcSvc" -Name "Start" -Value 4 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc" -Name "Start" -Value 4 if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) { $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\OneSyncSvc_*) foreach ($SVC in $TempSVC) { $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)" Set-ItemProperty -Path $SVC -Name "Start" -Value 4 } } Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" -Name "Start" -Value 4 if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*) { $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_*) foreach ($SVC in $TempSVC) { $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)" Set-ItemProperty -Path $SVC -Name "Start" -Value 4 } } Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UserDataSvc" -Name "Start" -Value 4 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc" -Name "Start" -Value 4 if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*) { $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\UnistoreSvc_*) foreach ($SVC in $TempSVC) { $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)" Set-ItemProperty -Path $SVC -Name "Start" -Value 4 } } Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService" -Name "Start" -Value 4 if(Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*) { $TempSVC = (Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\WpnUserService_*) foreach ($SVC in $TempSVC) { $SVC = "$($SVC.PSParentPath)\$($SVC.PSChildName)" Set-ItemProperty -Path $SVC -Name "Start" -Value 4 } } Write-Host "`tDeaktiviere geplante Tasks..." Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "Microsoft Compatibility Appraiser" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Application Experience\" -TaskName "ProgramDataUpdater" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "EDP Policy Manager" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\AppID\" -TaskName "SmartScreenSpecific" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "CleanupTemporaryState" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\ApplicationData\" -TaskName "DsSvcCleanup" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Autochk\" -TaskName "Proxy" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Bluetooth\" -TaskName "UninstallDeviceTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\CloudExperienceHost\" -TaskName "CreateObjectTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "Consolidator" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "KernelCeipTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Customer Experience Improvement Program\" -TaskName "UsbCeip" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Diagnosis\" -TaskName "Scheduled" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "Notifications" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Location\" -TaskName "WindowsActionDialog" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maintenance\" -TaskName "WinSAT" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Maps\" -TaskName "MapsToastTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Mobile Broadband Accounts\" -TaskName "MNO Metadata Parser" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\NetTrace\" -TaskName "GatherNetworkInfo" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Power Efficiency Diagnostics\" -TaskName "AnalyzeSystem" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Ras\" -TaskName "MobilityManager" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceAgentTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\SpacePort\" -TaskName "SpaceManagerTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Speech\" -TaskName "SpeechModelDownloadTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Storage Tiers Management\" -TaskName "Storage Tiers Management Initialization" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\WDI\" -TaskName "ResolutionHost" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\Windows\Workplace Join\" -TaskName "Automatic-Device-Join" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTask" | Out-Null Disable-ScheduledTask -TaskPath "\Microsoft\XblGameSave\" -TaskName "XblGameSaveTaskLogon" | Out-Null } }