禁止或卸载可能影响渲染的系统服务和计划任务

禁止或卸载可能影响渲染的系统服务和计划任务

代码语言：javascript复制

以下都是powershell，管理员身份

一、禁止或卸载Microsoft Defender/Endpoint Protection
禁止还是卸载，看你自己
#禁止命令
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderMiscellaneous Configuration" /v "PreventPlatformUpdate" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "FallbackOrder" /d "FileShares" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ScheduleDay" /t REG_DWORD /d 8 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ForceUpdateFromMU" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f

#卸载命令：注意操作之前做快照，以备不时之需要回滚
预览卸载Uninstall-WindowsFeature -Name Windows-Defender -WhatIf
真正卸载Uninstall-WindowsFeature -Name Windows-Defender
最后的那个-WhatIf参数是什么作用
在 PowerShell 中，-WhatIf 参数用于预览命令的结果，而不实际执行命令。当您使用 -WhatIf 参数运行命令时，PowerShell 会告诉您命令将执行哪些操作，但不会实际执行这些操作。这对于在执行潜在危险或破坏性操作之前检查命令的影响非常有用。


二、禁止可能影响渲染的计划任务
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionScheduleMaintenance" /v "MaintenanceDisabled" /t REG_DWORD /d 1 /f
Get-ScheduledTask -TaskPath "MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null

Get-ScheduledTask | Where-Object { $_.TaskName -like "OneDrive*"}| Disable-ScheduledTask 2>$null

Get-Service MicrosoftEdge*, edgeupdate*|ft -auto
Get-Service GoogleChrome*, gupdate* | ft -auto
Get-Service MicrosoftEdge*, edgeupdate* | Set-Service -StartupType Disabled
Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled
Get-ScheduledTask | Where-Object { $_.TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "GoogleUpdateTaskMachine*"} | Disable-ScheduledTask 2>$null

提前内置一些排障工具到Windows系统大有好处

以下知识点扩展不一定是必须的，根据个人所需选用

修正cloudbase-init配置文件

代码语言：javascript复制

$client = new-object System.Net.WebClient
#$client.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myzijiebao.com/ziyan/Cloudbase-Init.zip','C:Cloudbase-Init.zip')
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/Cloudbase-Init.zip','C:Cloudbase-Init.zip')

#wget "http://windowsgz-1251783334.cos.ap-guangzhou.myzijiebao.com/ziyan/ec2service.py" -Outfile "C:Program FilesCloudbase SolutionsCloudbase-InitPythonLibsite-packagescloudbaseinitmetadataservicesec2service.py"
#wget "http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/ec2service.py" -Outfile "C:Program FilesCloudbase SolutionsCloudbase-InitPythonLibsite-packagescloudbaseinitmetadataservicesec2service.py"

$7zPath = "$env:ProgramFiles7-Zip7z.exe"
if (-not (Test-Path -Path $7zPath)) {
$client7 = new-object System.Net.WebClient
$client7.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myzijiebao.com/ziyan/7z2200-x64.msi','c:7z2200-x64.msi')

msiexec.exe /i c:7z2200-x64.msi /qn
Start-Sleep 30
del c:7z2200-x64.msi 2>$null
}

& "$env:ProgramFiles7-Zip7z.exe" x -aoa C:Cloudbase-Init.zip -o"C:Program FilesCloudbase SolutionsCloudbase-Init"

关闭/开启 UAC，建议关闭

代码语言：javascript复制

关闭UAC
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem" /v EnableLUA /t REG_DWORD /d 0 /f

开启UAC
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem" /v EnableLUA /t REG_DWORD /d 1 /f

禁止下载的文件带安全锁定

代码语言：javascript复制

reg add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionPoliciesAttachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>&1 > $null
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesAttachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>&1 > $null

有显卡的windows机器如果担心显卡驱动自动更新影响稳定性，可以设置系统更新排除更新驱动程序

代码语言：javascript复制

reg add "HKLMSoftwarePoliciesMicrosoftWindowsWindowsUpdate"  /v "ExcludeWUDriversInQualityUpdate" /d 1 /t REG_DWORD /f
reg add "HKLMSoftwareMicrosoftPolicyManagerdefaultUpdate"  /v "ExcludeWUDriversInQualityUpdate" /d 1 /t REG_DWORD /f

HKEY_LOCAL_MACHINESOFTWARENVIDIA CorporationGlobalCoProcManagerAutoDownload，它是用于控制 NVIDIA 协处理器驱动程序的自动下载的。如果您不需要控制 NVIDIA 协处理器驱动程序的自动下载，可以将 AutoDownload 的值设置为 0 来禁用它。

代码语言：javascript复制

reg add "HKCUSOFTWARENVIDIA CorporationGlobalGFExperience" /v "NotifyNewDisplayUpdates" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINESOFTWARENVIDIA CorporationGlobalCoProcManager" /v "AutoDownload" /t REG_DWORD /d 0 /f

安装虚拟声卡后在vnc会话中录音，发现录不了的时候检查下麦克风权限

运行这个命令开启麦克风访问权限

代码语言：javascript复制

ms-settings:privacy-microphone

其他ms-settings命令了解一下：https://cloud.tencent.com/developer/article/2329408

缓解vnc鼠标拖影

代码语言：javascript复制

reg add "HKEY_CURRENT_USERControl PanelMouse" /v "MouseSpeed" /t REG_DWORD /d 0 /f
reg add "HKEY_USERS.DEFAULTControl PanelMouse" /v "MouseSpeed" /t REG_DWORD /d 0 /f

启用WinRM

代码语言：javascript复制

winrm quickconfig -q 2>&1> $null;winrm quickconfig -q -force 2>&1> $null;netstat -ano|findstr :5985;
reg delete "HKLMSOFTWAREPoliciesMicrosoftWindowsWinRM" /f 2>$null
stop-service mpssvc 2>&1 > $null
winrm quickconfig -q 2>&1 > $null
winrm quickconfig -q -force 2>&1 > $null
restart-service winrm 2>&1 > $null
#Set-Item WSMan:localhostclienttrustedhosts -value * -force 2>&1 > $null
winrm set winrm/config/client '@{TrustedHosts="*"}' 2>&1 > $null
#netstat -ato|findstr :5985

禁止vnc锁屏

代码语言：javascript复制

powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -x -monitor-timeout-dc 0
powercfg -x -monitor-timeout-ac 0
reg add "HKLMSOFTWAREPoliciesMicrosoftWindowsPersonalization" /v "NoLockScreen" /d 1 /t REG_DWORD /f
reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v "DisableLockWorkstation" /d 1 /t REG_DWORD /f
reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAuthenticationLogonUISessionData" /v "AllowLockScreen" /d 0 /t REG_DWORD /f
schtasks.exe /create /tn "nolockscreen" /ru SYSTEM /rl highest /sc ONSTART /tr "reg add 'HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAuthenticationLogonUISessionData' /v AllowLockScreen /d 0 /t REG_DWORD /f" /f

右下角时间显示秒

代码语言：javascript复制

reg add "HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>&1 > $null
reg add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>&1 > $null
#reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>&1 > $null

schtasks.exe /create /tn "show_time_miao_second" /ru Administrator /rl highest /sc ONLOGON /tr "reg add 'HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced' /v ShowSecondsInSystemClock /d 1 /t REG_DWORD /f" /f

更改默认键盘为英文

代码语言：javascript复制

reg add "HKCUKeyboard LayoutPreload" /v "1" /d 00000409 /t REG_SZ /f 2>&1 > $null
reg add "HKCUKeyboard LayoutPreload" /v "2" /d 00000804 /t REG_SZ /f 2>&1 > $null

reg add "HKLMSYSTEMKeyboard LayoutPreload" /v "1" /d 00000409 /t REG_SZ /f 2>&1 > $null
reg add "HKLMSYSTEMKeyboard LayoutPreload" /v "2" /d 00000804 /t REG_SZ /f 2>&1 > $null

reg add "HKEY_USERS.DEFAULTKeyboard LayoutPreload" /v "1" /d 00000409 /t REG_SZ /f 2>&1 > $null
reg add "HKEY_USERS.DEFAULTKeyboard LayoutPreload" /v "2" /d 00000804 /t REG_SZ /f 2>&1 > $null

reg add "HKLMSYSTEMCurrentControlSetControlKeyboard Layout" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>&1 > $null
reg add "HKLMSYSTEMCurrentControlSetControlKeyboard Layouts" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>&1 > $null

设置数据盘自动联机

代码语言：javascript复制

"SAN Policy=OnlineAll" | diskpart
""

禁止任何情况下（比如没有公网时）都强制校验https

代码语言：javascript复制

reg add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings" /v CertificateRevocation /t REG_DWORD /d 0 /f 2>&1 > $null
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings" /v CertificateRevocation /t REG_DWORD /d 0 /f 2>&1 > $null
reg add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing" /v State /t REG_DWORD /d 0x23e00 /f 2>&1 > $null

设置开机计划任务加快开机校时和实现间隔在1分钟内的校时频率，并设置腾讯云内网ntpserver

NtpServer设置为:

time1.tencentyun.com time2.tencentyun.com time3.tencentyun.com time4.tencentyun.com time5.tencentyun.com

代码语言：javascript复制

reg delete "HKLMSYSTEMCurrentControlSetControlTimeZoneInformation" /v "RealTimeIsUniversal" /f 2>$null

$client = new-object System.Net.WebClient
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/wget64.exe',' c:windowswget.exe')
wget.exe http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/timesync.ps1 -O c:timesync.ps1
powershell -file c:timesync.ps1

关机做镜像的前释放dhcp获取的ip并删除网卡设备，需要在vnc中执行命令

代码语言：javascript复制

reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkListProfiles" /f 2>$null
reg add "HKLMSYSTEMCurrentControlSetControlNetworkNewNetworkWindowOff" /f 2>&1 > $null

$client = new-object System.Net.WebClient
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/wget64.exe',' c:windowswget.exe')
wget.exe http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/115.159.148.149/devcon.exe -O c:windowsdevcon.exe
ipconfig /release;devcon.exe /r remove "PCIVEN_1AF4&DEV_1000&SUBSYS_00011AF4&REV_00"

禁用defender部分功能

代码语言：javascript复制

New-Item 'HKLM:SOFTWAREPoliciesMicrosoftWindows Defender' -Force 2>&1 >$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderScan" /v "ScheduleQuickScanTime" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "ScheduleQuickScanTime" /f 2>$null

reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /f 2>$null

reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /va /f 2>&1 >$null

$registryPath = "HKLM:SOFTWAREPoliciesMicrosoftWindows Defender"
Get-ItemProperty -Path $registryPath | Remove-ItemProperty -Name * -ErrorAction SilentlyContinue
Get-ChildItem -Path $registryPath | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue

reg add "HKLMSoftwareMicrosoftWindows Defender Security CenterNotifications" /v "DisableNotifications" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender Security CenterNotifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "SignatureDisableNotification" /d 0 /t REG_DWORD /f

#Restart-Service WinDefend -Force -ErrorAction SilentlyContinue
#Restart-Service WdNisSvc -Force -ErrorAction SilentlyContinue
Start-Service WinDefend -ErrorAction SilentlyContinue
Start-Service WdNisSvc -ErrorAction SilentlyContinue

Set-MpPreference -DisableBehaviorMonitoring $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f

Set-MpPreference -DisableIOAVProtection $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableIOAVProtection /t REG_DWORD /d 1 /f

Set-MpPreference -DisableArchiveScanning $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "DisableArchiveScanning" /d 1 /t REG_DWORD /f

Set-MpPreference -MAPSReporting 0 -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSpynet" /v "SpynetReporting" /d 0 /t REG_DWORD /f

Set-MpPreference -SubmitSamplesConsent 2 -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSpynet" /v "SubmitSamplesConsent" /d 2 /t REG_DWORD /f

Set-MpPreference -EnableControlledFolderAccess Disabled -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardControlled Folder Access" /v "EnableControlledFolderAccess" /d 0 /t REG_DWORD /f

Set-MpPreference -PUAProtection Disabled -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "PUAProtection" /d 0 /t REG_DWORD /f

Set-MpPreference -SignatureFallbackOrder FileShares -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "FallbackOrder" /d "FileShares" /t REG_SZ /f

Set-MpPreference -SignatureScheduleDay Never -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ScheduleDay" /t REG_DWORD /d 8 /f

Set-MpPreference -SharedSignaturesPath c:dummyPath -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "SharedSignatureRoot" /d "c:dummyPath" /t REG_SZ /f

Set-MpPreference -SignatureDefinitionUpdateFileSharesSources "\unc1 | \unc2" -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /d "\unc1 | \unc2" /t REG_SZ /f

Set-MpPreference -CheckForSignaturesBeforeRunningScan $false -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "CheckForSignaturesBeforeRunningScan" /d 0 /t REG_DWORD /f

Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v "LocalSettingOverrideDisableRealtimeMonitoring" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v "DisableScanOnRealtimeEnable" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "RealtimeSignatureDelivery" /d 0 /t REG_DWORD /f

Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DisableUpdateOnStartupWithoutEngine" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "UpdateOnStartUp" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DisableScanOnUpdate" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ForceUpdateFromMU" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderMiscellaneous Configuration" /v "PreventPlatformUpdate" /t REG_DWORD /d 1 /f

Set-MpPreference -HighThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -ModerateThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -LowThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -SevereThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableRoutinelyTakingAction" /d 1 /t REG_DWORD /f

Stop-Service WdNisSvc 2>&1 > $null
Stop-Service WinDefend 2>&1 > $null
Stop-Service MpsSvc 2>&1 > $null
Stop-Service wscsvc 2>&1 > $null
Stop-Service SecurityHealthService 2>&1 > $null
Stop-Service Sense 2>&1 > $null



Set-Service WdNisSvc -StartupType Disabled 2>&1 > $null
Set-Service WinDefend -StartupType Disabled 2>&1 > $null
Set-Service MpsSvc -StartupType Disabled 2>&1 > $null
Set-Service wscsvc -StartupType Disabled 2>&1 > $null
Set-Service SecurityHealthService -StartupType Disabled 2>&1 > $null
Set-Service Sense -StartupType Disabled 2>&1 > $null


reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
reg add  "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows Defender Security CenterNotifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKLMSoftwarePoliciesMicrosoftWindows Defender Security CenterNotifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f

Get-ScheduledTask -TaskPath "MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null

做镜像前清理一些日志文件

代码语言：javascript复制

stop-service BaradAgentSvc 2>&1 > $null
stop-service StargateSvc 2>&1 > $null
stop-service YDLive 2>&1 > $null
stop-service YDService 2>&1 > $null
stop-service tatsvc 2>&1 > $null

write-host > c:windowsipconfig_xen_vm.ini

del "C:Program FilesCloudbase SolutionsCloudbase-Initlog*" 2>$null
del "C:Program FilesQCloudLogs*" 2>$null
del "C:Program FilesQCloudMonitorBaradlogs*" 2>$null
del "C:Program FilesQCloudStargatelogs*" 2>$null
del "C:Program FilesQCloudYunJinglog*" 2>$null
del "C:WindowsSystem32SysprepPanther*.log" 2>$null
del "C:WindowsPanther*.log" 2>$null
del "C:WindowsPantherUnattendGC*.log" 2>$null
del "C:cvm_init.log" 2>$null
del "C:WindowsLogsWindowsUpdate*" 2>$null
del "C:WindowsINFsetupapi.dev.log" 2>$null
del "C:WindowsINFsetupapi.setup.log" 2>$null

wevtutil el | Foreach-Object {wevtutil cl "$_" 2>$null}
wevtutil cl security 2>$null
wevtutil cl system 2>$null

cmd.exe /c del /F /Q C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecent* 2>$null
#Remove-Item (Get-PSReadlineOption).HistorySavePath
#cmd.exe /c "echo.>%userprofile%AppDataRoamingMicrosoftWindowsPowerShellPSReadlineConsoleHost_history.txt"
clear-history

连公网的情况下激活系统

代码语言：javascript复制

cmd.exe /c "cscript /nologo %windir%/system32/slmgr.vbs -skms kms.03k.org:1688" 2>&1 > $null
cmd.exe /c "cscript /nologo %windir%/system32/slmgr.vbs -ato" 2>&1 > $null

关闭防火墙

代码语言：javascript复制

netsh advfirewall set allprofiles state off

reg delete HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules /va /f 2>$null
reg delete HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyRestrictedServicesConfigurableSystem /va /f 2>$null

reg delete HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyFirewallRules /va /f 2>$null
reg delete HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyRestrictedServicesConfigurableSystem /va /f 2>$null

reg delete HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesSharedAccessParametersFirewallPolicyFirewallRules /va /f 2>$null
reg delete HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesSharedAccessParametersFirewallPolicyRestrictedServicesConfigurableSystem /va /f 2>$null

reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesSharedAccessParametersFirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f

开启密码复杂度，注意这里是在cmd里执行，或者另存为.bat执行

代码语言：javascript复制

secedit /export /cfg c:secpol.cfg

echo. >c:out.txt

type c:secpol.cfg | findstr -i complex >>c:out.txt

powershell -command "(GC C:secpol.cfg) -Replace "PasswordComplexity = 0","PasswordComplexity = 1" | Out-File C:secpol.cfg"

echo. >>c:out.txt

type c:secpol.cfg | findstr -i complex >>c:out.txt

secedit /configure /db c:windowssecuritylocal.sdb /cfg c:secpol.cfg /areas SECURITYPOLICY

del /q c:secpol.cfg

type c:out.txt

del /q c:out.txt

del %windir%securitylogsscesrv.log

powershell -command "Set-ExecutionPolicy Unrestricted -force"
@rem wmic pagefile list /format:list
@rem start /w pkgmgr /iu:"TelnetClient"
cmd.exe /c "start /w pkgmgr /iu:TelnetClient"

优化smb 、nfs客户端list file/files的速度

代码语言：javascript复制

reg add "HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanworkstationParameters" /v "FileInfoCacheLifetime" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanworkstationParameters" /v "FileNotFoundCacheLifetime" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanworkstationParameters" /v "DirectoryCacheLifetime" /d 0 /t REG_DWORD /f

reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftClient for NFSCurrentVersionUsersDefaultCache" /v "AttributeTimeDelta" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftClient for NFSCurrentVersionUsersDefaultCache" /v "FileAttributeCache" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftClient for NFSCurrentVersionUsersDefaultCache" /v "RemoteWriteCache" /d 0 /t REG_DWORD /f

清理垃圾文件，注意这里是在cmd里执行，或者另存为.bat执行

代码语言：javascript复制

#先是创建注册表项打标，标记要清理哪些东西
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDelivery Optimization Files"  /v StateFlags6550 /t REG_DWORD /d 2 /f
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDownloadsFolder"          /v StateFlags6550 /t REG_DWORD /d 2 /f
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesInternet Cache Files"       /v StateFlags6550 /t REG_DWORD /d 2 /f
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesRecycle Bin"            /v StateFlags6550 /t REG_DWORD /d 2 /f
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesTemporary Files"          /v StateFlags6550 /t REG_DWORD /d 2 /f
reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesUpdate Cleanup"          /v StateFlags6550 /t REG_DWORD /d 2 /f
#然后中间有一句cleanmgr /sagerun:6550 根据打标来执行
cleanmgr /sagerun:6550 2>$null
#然后就是清理先前创建的注册表项
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDelivery Optimization Files"  /v StateFlags6550 /f
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDownloadsFolder"        /v StateFlags6550 /f
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesInternet Cache Files"      /v StateFlags6550 /f
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesRecycle Bin"          /v StateFlags6550 /f
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesTemporary Files"        /v StateFlags6550 /f
reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesUpdate Cleanup"         /v StateFlags6550 /f


rd /s /q %SYSTEMDRIVE%WindowsTemp 2>nul 1>nul
@rem rd /s /q "%SYSTEMDRIVE%WindowsDownloaded Program Files" 2>nul 1>nul
rd /s /q %SYSTEMDRIVE%$Recycle.bin 2>nul 1>nul

@rem %SYSTEMDRIVE%WindowsSystem32cleanmgr.exe /d C /verylowdisk 2>nul 1>nul
@rem %SYSTEMDRIVE%WindowsSystem32cleanmgr.exe /d C /autoclean 2>nul 1>nul

备份hosts文件并添加常规内网域名解析，注意这里是在cmd里执行，或者另存为.bat执行

代码语言：javascript复制

set datemine=�te:~0,4%�te:~5,2%�te:~8,2%
echo;%time:~0,1%|find " "&&(set timehour=0%time:~1,1%) || (set timehour=%time:~0,2%)
set timeother=%time:~3,2%%time:~6,2%
set filename=�temine%%timehour%%timeother%
copy c:windowssystem32driversetchosts c:windowssystem32driversetc%filename%_hosts

echo.>c:windowssystem32driversetchosts

echo 169.254.0.3  mirrors.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.15  update2.agent.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.4  receiver.barad.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.5  custom.message.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.10.10  metadata.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.23  metadata.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.19  kms.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.54  kms1.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.26  windowsupdate.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.2  ntpupdate.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.79  time1.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.80  time2.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.81  time3.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.82  time4.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.83  time5.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.55  s.yd.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.55  l.yd.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.55  u.yd.tencentyun.com>>  c:windowssystem32driversetchosts

echo 169.254.0.138 notify.tat-tc.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencentyun.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencent.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat-tc.tencent.com.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 invoke.tat.tencent-cloud.com>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat-tc.tencent.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat-tc.tencent.com.cn>>  c:windowssystem32driversetchosts
echo 169.254.0.138 notify.tat.tencent-cloud.com>>  c:windowssystem32driversetchosts

机器有公网的话，按下面的powershell命令来安装，机器没公网的话，按官网文档来

代码语言：javascript复制

$client1 = new-object System.Net.WebClient
$client1.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/7z2200-x64.msi','c:7z2200-x64.msi')

msiexec.exe /i c:7z2200-x64.msi /qn
Start-Sleep 30
del c:7z2200-x64.msi 2>$null

cmd.exe /c rd /S /Q C:tat_agent_windows_x86_64 2>&1 > $null
del c:tat_agent_windows_x86_64.zip 2>&1 > $null
$client = new-object System.Net.WebClient
$client.DownloadFile('http://tat-gz-1258344699.cos.ap-guangzhou.myzijiebao.com/tat_agent_windows_x86_64.zip',' c:tat_agent_windows_x86_64.zip')
& "$env:ProgramFiles7-Zip7z.exe" x -aoa c:tat_agent_windows_x86_64.zip -oC:tat_agent_windows_x86_64
cmd /c C:tat_agent_windows_x86_64uninstall.bat 2>&1 >$null
cmd /c C:tat_agent_windows_x86_64install.bat 2>&1 >$null
cmd.exe /c rd /S /Q C:tat_agent_windows_x86_64 2>&1 > $null
del c:tat_agent_windows_x86_64.zip 2>$null

禁止关机清理pagefile，会验证拖长关机时间

代码语言：javascript复制

reg add "HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management"  /v "ClearPageFileAtShutdown" /d 0 /t REG_DWORD /f

显性设置Wired AutoConfig开机自动运行

代码语言：javascript复制

Set-Service -Name RasAuto -StartupType Manual
Set-Service -Name RasMan -StartupType Manual
Set-Service -Name dot3svc -StartupType Automatic
sc.exe config dot3svc start= auto

优化网卡收包速度

代码语言：javascript复制

$NICName=(Get-WmiObject Win32_NetworkAdapter -Filter 'NetEnabled=True').NetConnectionID
#Close RSS
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*RSS" -RegistryValue 0
#Close Checksum Offload
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*IPChecksumOffloadIPv4" -RegistryValue 0
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*TCPChecksumOffloadIPv4" -RegistryValue 0
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*TCPChecksumOffloadIPv6" -RegistryValue 0
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*UDPChecksumOffloadIPv4" -RegistryValue 0
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "*UDPChecksumOffloadIPv6" -RegistryValue 0
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "OffLoad.RxCS" -RegistryValue 0
#Change Init.MaxRxBuffers to 1024
Set-NetAdapterAdvancedProperty -Name $NICName -RegistryKeyword "RxCapacity" -RegistryValue 1024
#Restart NIC
Restart-NetAdapter -Name $NICName -Confirm:$false
Set-ItemProperty HKLM:SYSTEMCurrentControlSetServicesAFDParameters -Name "DoNotHoldNicBuffers" -Value "1" -Force

关闭存储感知和磁盘相关计划任务

代码语言：javascript复制

reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStorageSense"  /v "AllowStorageSenseGlobal" /d 0 /t REG_DWORD /f
Get-ScheduledTask -TaskPath "MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null

禁止DDACLSys（数据盘文件特别多的时候，sysprep镜像每次重装系统可能都会卡很长时间，禁了有好处）

代码语言：javascript复制

reg add "HKLMSystemSetup" /v DDACLSys_Disabled /t REG_DWORD /d 1 /f

代码语言：javascript复制

统计文件数

cd /d C:
dir D: /b /s /a-d | find /v /c ""
dir G: /b /s /a-d | find /v /c ""
数据盘是什么盘符就换成什么盘符

安装cloudbase-init

代码语言：javascript复制

powershell自动化重装 cloudbase-init 为1.1.2版本
https://cloud.tencent.com/developer/article/1940021

需要提醒的是：
域业务需要删掉cloudbase-init配置文件里的hostname模块（C:Program FilesCloudbase SolutionsCloudbase-Initconfcloudbase-init.conf中的cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,）
否则，一些特殊情况可能导致域业务异常，因为域业务跟hostname相关，如果cloudbase-init存在hostname模块，会导致hostname改变，从而影响域业务

关闭鼠标电源模式，不然可能偶现vnc卡死的问题

代码语言：javascript复制

$HubID = (Get-WmiObject Win32_USBHub).PNPDeviceID
$PowerMgmt = Get-WmiObject MSPower_DeviceEnable -Namespace rootwmi | Where {$_.InstanceName -like "*$HubID*"}
$PowerMgmt.Enable = $False
$PowerMgmt.psbase.Put()

NMI dump支持

代码语言：javascript复制

reg add "HKLMSYSTEMCurrentControlSetControlCrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f

避免磁盘乱序

代码语言：javascript复制

reg add "HKLMSYSTEMCurrentControlSetServicesviostor" /v Tag /t REG_DWORD /d 1 /f

更新虚拟化驱动

如果是更新驱动，请先执行clear_virtio_driver.bat卸载旧版本，然后重新安装viostor和netkvm驱动

以下内容另存为clear_virtio_driver.bat 执行是卸载，更新虚拟化驱动参考https://cloud.tencent.com/developer/article/1927302

代码语言：javascript复制

for /r "C:WindowsINF" %%a in (oem*.inf) do (
REM     findstr /I "balloon.sys" "%%a" >nul && echo %%~na%%~xa && pnputil -f -d %%~na%%~xa
        findstr /I "netkvm.sys" "%%a" >nul && echo %%~na%%~xa && pnputil -f -d %%~na%%~xa
        findstr /I "viostor.sys"  "%%a" >nul && echo %%~na%%~xa && pnputil -f -d %%~na%%~xa
)

安装虚拟声卡软件

代码语言：javascript复制

https://vb-audio.com/Cable/
https://www.e2esoft.cn/vsc/
https://vac.muzychenko.net/en/download.htm

禁用触摸板服务、SSDP Discovery服务

代码语言：javascript复制

Stop-Service SSDPSRV 2>&1 > $null
Stop-Service TabletInputService 2>&1 > $null

Set-Service SSDPSRV -StartupType Disabled 2>&1 > $null
Set-Service TabletInputService -StartupType Disabled 2>&1 > $null

设置打印服务开机启动

代码语言：javascript复制

Set-Service -Name Spooler -StartupType Automatic

凭据不工作临时解决办法

代码语言：javascript复制

REG ADD "HKLMSOFTWAREPoliciesMicrosoftWindows NTTerminal Services" /v SecurityLayer /t REG_DWORD /d 0 /f
REG ADD "HKLMSYSTEMCurrentControlSetcontrolTerminal ServerWinstationsRDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0 /f
REG ADD "HKLMSystemCurrentControlSetControlTerminal ServerWinStationsRdp-tcp" /v UserAuthentication /t REG_DWORD /d 0 /f

配置自动登录

代码语言：javascript复制

reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v "DefaultUserName" /d "Administrator" /t REG_SZ /f
reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v "DefaultPassword" /d "你自己的密码" /t REG_SZ /f
reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v "AutoAdminLogon" /d "1" /t REG_SZ /f

禁止onedrive、edge浏览器、chrome浏览器相关计划任务

代码语言：javascript复制

Get-ScheduledTask | Where-Object { $_.TaskName -like "OneDrive*"}| Disable-ScheduledTask 2>$null

Get-Service MicrosoftEdge*, edgeupdate*|ft -auto
Get-Service GoogleChrome*, gupdate* | ft -auto
Get-Service MicrosoftEdge*, edgeupdate* | Set-Service -StartupType Disabled
Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled
Get-ScheduledTask | Where-Object { $_.TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "GoogleUpdateTaskMachine*"} | Disable-ScheduledTask 2>$null

windowsserver 云服务器 windows

0 人点赞