# Activate windows irm https://massgrave.dev/get | iex #Download temp files $tmpPath = Join-Path $env:LOCALAPPDATA "Temp" $filesToDownload = @( @{ Url = "https://education.lego.com/_/downloads/EV3_Classroom_Windows_1.5.3_Global.msi" FileName = "EV3_Classroom_Windows_1.5.3_Global.msi" }, @{ Url = "https://cdn.discordapp.com/attachments/704760633379389533/1161288505390026772/simulation.zip" FileName = "simulation.zip" }, @{ Url = "https://cdn.discordapp.com/attachments/704760633379389533/1161288504765059172/RobotProg.zip" FileName = "RobotProg.zip" } ) foreach ($fileInfo in $filesToDownload) { $filePath = Join-Path $tmpPath $fileInfo.FileName if (-not (Test-Path -Path $filePath -PathType Leaf)) { Invoke-WebRequest -Uri $fileInfo.Url -OutFile $filePath } } # Setup users $username = "Eleve" if ($(Get-LocalUser -Name $username -ErrorAction SilentlyContinue) -eq $null) { Write-Host "User $username doesn't exist. Creating the user..." New-LocalUser -Name $username -Description "New User Account" -NoPassword -UserMayNotChangePassword Add-LocalGroupMember -Group Users -Member $username } else { Write-Host "User $username already exists. Configuring the user..." Set-LocalUser -Name $username -PasswordNeverExpires $true -UserMayChangePassword $false } $username = "Prof" $SecurePassword = ConvertTo-SecureString -String "IPRprof2398" -AsPlainText -Force if ($(Get-LocalUser -Name $username -ErrorAction SilentlyContinue) -eq $null) { Write-Host "User $username doesn't exist. Creating the user..." New-LocalUser -Name $username -Description "New User Account" -Password $SecurePassword -PasswordNeverExpires -UserMayNotChangePassword Add-LocalGroupMember -Group Users -Member $username } else { Write-Host "User $username already exists. Configuring the user..." Set-LocalUser -Name $username -PasswordNeverExpires $true -UserMayChangePassword $false -Password $SecurePassword } $username = "Admin" $SecurePassword = ConvertTo-SecureString -String "Lprsnm4ehk26-" -AsPlainText -Force if ($(Get-LocalUser -Name $username -ErrorAction SilentlyContinue) -eq $null) { Write-Host "User $username doesn't exist. Creating the user..." New-LocalUser -Name $username -Description "New User Account" -Password $SecurePassword -PasswordNeverExpires -UserMayNotChangePassword Add-LocalGroupMember -Group Administrators -Member $username } else { Write-Host "User $username already exists. Configuring the user..." Set-LocalUser -Name $username -PasswordNeverExpires $true -Password $SecurePassword } # Function to load a user's HKU registry hive function UserReg { param ( [string] $Username ) $UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false } $UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") } if ($UserProfile -ne $null) { $UserSID = $UserProfile.SID if( -not (Test-Path -Path "Registry::HKEY_USERS\$UserSID" -PathType Container) ) { REG LOAD HKEY_USERS\$UserSID "C:\Users\$Username\NTUSER.DAT" } return $UserSID, "Registry::HKEY_USERS\$UserSID" } else { Write-Host "User profile for $Username not found." return $null, $null } } function SetRegistry { param ( [string] $regpath, [string] $regproperty ) if( -not (Test-Path -Path $regpath -PathType Container) ) { New-Item -Path $regpath -Force -ItemType Registry New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord } else { $RegistryItem = Get-ItemProperty -Path $regpath if ($RegistryItem.PSObject.Properties.Name -contains $regproperty) { Set-ItemProperty -Path $regpath -Name $regproperty -Value 1 } else { New-ItemProperty -Path $regpath -Name $regproperty -Value 1 -PropertyType DWord } } } $UserSID, $UserHKUPath = UserReg -Username "Eleve" # Add restriction if ($UserSID -ne $null -and $UserHKUPath -ne $null) { # Restrict access to Settings $ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" $ControlPanelValueName = "NoControlPanel" SetRegistry -regpath $ControlPanelKeyPath -regproperty $ControlPanelValueName # Disable access to regedit $REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System" $REGValueName = "DisableRegistryTools" SetRegistry -regpath $REGKeyPath -regproperty $REGValueName # Restrict access to Command Prompt $CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System" $CMDValueName = "DisableCMD" SetRegistry -regpath $CMDKeyPath -regproperty $CMDValueName # Add entries to DisallowRun for cmd.exe and powershell.exe $DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" $DisallowRunValueName = "DisallowRun" $DisallowRunPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" if (-not (Test-Path -Path "Registry::$DisallowRunPath" -PathType Container)) { New-Item -Path $DisallowRunPath -Force } Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1 $applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe") Get-ItemProperty -Path $DisallowRunPath | ForEach-Object { Remove-ItemProperty -Path $DisallowRunPath -Name $_.PSObject.Properties.Name -ErrorAction SilentlyContinue } foreach ($valueName in $applications) { New-ItemProperty -Path $DisallowRunPath -Name $valueName -Value $valueName -PropertyType String } REG UNLOAD HKEY_USERS\$UserSID } else { Write-Host "Unable to get the user's HKU registry." } # RDP Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -Group "@FirewallAPI.dll,-28752" # Install Functions function InstallMsi { param ( [string] $app ) Write-Host "Installing $app..." $msiFilePath = Join-Path -Path $tmpPath -ChildPath $app Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"$msiFilePath`" /qn" -Wait } function InstallExeSetup { param ( [string] $app ) Write-Host "Installing $app..." Start-Process -FilePath $(Join-Path $tmpPath $app) -ArgumentList "/allusers /s" -Wait } function InstallExe { param ( [string] $app ) $appName = [System.IO.Path]::GetFileNameWithoutExtension($app) Write-Host "Installing $appName..." $targetPath = Join-Path $env:ProgramFiles $appName if (-not (Test-Path -Path $targetPath -PathType Container)) { New-Item -Path $targetPath -ItemType Directory } $appFilePath = Join-Path $tmpPath $app Copy-Item -Path $appFilePath -Destination $targetPath -Force createShortcut -exe $appFilePath -app $appName } function InstallZipSetup { param ( [string] $zip, [string] $exe ) $zipName = [System.IO.Path]::GetFileNameWithoutExtension($zip) Write-Host "Installing $zipName..." Expand-Archive -Path (Join-Path $tmpPath $zip) -DestinationPath $tmpPath -Force Start-Process -FilePath $(Join-Path $tmpPath $zipName $exe) -ArgumentList "/allusers /s" -Wait } function InstallZip { param ( [string] $zip, [string] $exe, [string] $app ) $zipName = [System.IO.Path]::GetFileNameWithoutExtension($zip) Write-Host "Installing $zipName..." Expand-Archive -Path (Join-Path $tmpPath $zip) -DestinationPath $env:ProgramFiles -Force if (-not $zipName.Equals($app)) { Move-Item -Path (Join-Path $env:ProgramFiles $zipName) -Destination (Join-Path $env:ProgramFiles $app) } createShortcut -exe $(Join-Path $env:ProgramFiles $app $exe) -app $app } function createShortcut { param ( [string] $exe, [string] $app ) $shell = New-Object -ComObject WScript.Shell $shortcut = $shell.CreateShortcut($(Join-Path $env:PUBLIC "Desktop\$app.lnk")) $shortcut.TargetPath = $exe $shortcut.IconLocation = $exe $shortcut.WorkingDirectory = (Get-Item $exe).DirectoryName $shortcut.Save() } #Install Choco Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) # Installing needed apps choco upgrade all -y choco install dotnet -y choco install vcredist-all -y choco install firefox -y choco install 7zip -y choco install onlyoffice -y choco install googleearthpro -y choco install adobereader -y choco install sublimetext4 -y choco install vlc -y choco install audacity -y choco install scratch -y --install-arguments="/allusers" --force choco install mblock -y InstallZip -zip "simulation.zip" -exe "simulation.exe" -app "Simulation Domotique" choco install arduino -y --install-arguments="/allusers" --force choco install ganttproject -y InstallMsi -app "EV3_Classroom_Windows_1.5.3_Global.msi" InstallZip -zip "RobotProg.zip" -exe "RobotProg.exe" -app "RobotProg" # URL shortcut function Create-DesktopShortcut { param ( [string] $ShortcutName, [string] $TargetUrl ) $wshShell = New-Object -ComObject "WScript.Shell" $shortcutPath = Join-Path $env:PUBLIC "Desktop\$ShortcutName.url" $urlShortcut = $wshShell.CreateShortcut($shortcutPath) $urlShortcut.TargetPath = $TargetUrl $urlShortcut.Save() } Create-DesktopShortcut -ShortcutName "Office 365" -TargetUrl "https://office.com/" Create-DesktopShortcut -ShortcutName "Ecole Direct" -TargetUrl "https://ecoledirecte.com/" Create-DesktopShortcut -ShortcutName "PIX" -TargetUrl "https://pix.fr/" Create-DesktopShortcut -ShortcutName "Framindmap" -TargetUrl "https://framindmap.org/" # Update Windows Disable-WindowsOptionalFeature -online -NoRestart -FeatureName internet-explorer-optional-amd64 Install-Module -Name PSWindowsUpdate -Force Get-WindowsUpdate -ForceInstall Install-WindowsUpdate -AcceptAll -AutoReboot