Minimisation du bruit des réseaux Windows avec PowerShell
9 novembre 2022
J’ai déjà fait de nombreux billets sur la manière de minimiser le bruit des protocoles utilisés par les stations et les serveurs Windows.
Je vous ai donc écrit un script PowerShell pour désactiver tous ces protocoles inutiles et bruyants.
Minimiser le bruit de votre machine Windows
J’ai mis quelques commentaires qui, je l’espère, vous permettront de comprendre.
# Disable mDNS
$path='HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters'
$property = 'EnableMDNS'
$value = 0
New-ItemProperty -Path $Path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SOFTWARE\Policies\Microsoft\Windows NT'
$key='DNSClient'
$property = 'EnableMulticast'
$value = 0
New-Item -Path $path -Name $key -Force
$path+="\$key"
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
#Disable WS-Discovery
$path='HKLM:\SYSTEM\CurrentControlSet\Services\fdPHost'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\FDResPub'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\PeerDistSvc'
If(Test-Path -Path $path)
{
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
}
#Disbale IPv6
$path='HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
$property = 'DisabledComponents'
$value = 4294967295
#Disable WPAD
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc'
$property = 'Start'
$value = 4
#Disable NetBIOS over IP
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$adapters=Get-WmiObject -Class win32_networkadapterconfiguration
$adapters
Foreach ($adapter in $adapters){
$adapter.settcpipnetbios(2)
}
#Disable IPSec
$path='HKLM:\SYSTEM\CurrentControlSet\Services\IKEExt'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
#Disable UPnP+SSDP
$path='HKLM:\SYSTEM\CurrentControlSet\Services\SSDPSRV'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\upnphost'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
Minimiser le bruit de toutes les machines du domaine Active Directory
Attention, la désactivation de NetBios over IP vous empêchera notamment l’échange de fichiers avec les vieux systèmes comme Windows 98 ou Windows NT4.
Clear
$computers=Get-ADComputer -Filter * -Properties Name,DistinguishedName|Select Name,DistinguishedName |Where {$_.DistinguishedName -NotLike '*,OU=Domain Controllers,*'}
ForEach($computer in $computers)
{
$ping=&{ping $computer.name -n 1 -w 200}
If($ping -match 'perdus = 0')
{
$start=Invoke-Command -ComputerName $computer.Name -ScriptBlock{
# Disable mDNS
$path='HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters'
$property = 'EnableMDNS'
$value = 0
New-ItemProperty -Path $Path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SOFTWARE\Policies\Microsoft\Windows NT'
$key='DNSClient'
$property = 'EnableMulticast'
$value = 0
New-Item -Path $path -Name $key -Force
$path+="\$key"
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
#Disable WS-Discovery
$path='HKLM:\SYSTEM\CurrentControlSet\Services\fdPHost'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\FDResPub'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\PeerDistSvc'
If(Test-Path -Path $path)
{
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
}
#Disbale IPv6
$path='HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters'
$property = 'DisabledComponents'
$value = 4294967295
#Disable WPAD
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc'
$property = 'Start'
$value = 4
#Disable NetBIOS over IP
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$adapters=Get-WmiObject -Class win32_networkadapterconfiguration
$adapters
Foreach ($adapter in $adapters){
$adapter.settcpipnetbios(2)
}
#Disable IPSec
$path='HKLM:\SYSTEM\CurrentControlSet\Services\IKEExt'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
#Disable UPnP+SSDP
$path='HKLM:\SYSTEM\CurrentControlSet\Services\SSDPSRV'
$property = 'Start'
$value = 4
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
$path='HKLM:\SYSTEM\CurrentControlSet\Services\upnphost'
New-ItemProperty -Path $path -Name $property -Value $value -PropertyType DWORD -Force
}
}
}
Billet écrit le 16 octobre 2016