# Show hidden files and folders 
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Value "1" -PropertyType DWORD -Force | Out-Null
# disable Hide extensions for known file types
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Value "0" -PropertyType DWORD -Force | Out-Null
# Prevent taskbar grouping - Never combine
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -Value "2" -PropertyType DWORD -Force | Out-Null
# Enable Remote Desktop
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value "0" -PropertyType DWORD -Force | Out-Null

# Allow RDP Firewall Rule
# For Win2k12R2
# Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# For Win2k16
Get-NetFirewallRule -DisplayGroup "Remote Desktop" | where { $_.Profile -eq "Domain" } | Enable-NetFirewallRule
Get-NetFirewallRule -DisplayGroup "Remote Desktop" | where { $_.Profile -eq "Private, Public" } | Enable-NetFirewallRule
# check wf.msc

#setup.reg
#[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
#"Hidden"=dword:00000001
#"HideFileExt"=dword:00000000
#"TaskbarGlomLevel"=dword:00000002
#[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
#"fDenyTSConnections"=dword:00000000

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
#Enabling SQL Server Ports
New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action allow
New-NetFirewallRule -DisplayName "SQL Admin Connection" -Direction Inbound -Protocol TCP -LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName "SQL Database Management" -Direction Inbound -Protocol UDP -LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName "SQL Service Broker" -Direction Inbound -Protocol TCP -LocalPort 4022 -Action allow
New-NetFirewallRule -DisplayName "SQL Debugger/RPC" -Direction Inbound -Protocol TCP -LocalPort 135 -Action allow
#Enabling SQL Analysis Ports
New-NetFirewallRule -DisplayName "SQL Analysis Services" -Direction Inbound -Protocol TCP -LocalPort 2383 -Action allow
New-NetFirewallRule -DisplayName "SQL Browser" -Direction Inbound -Protocol TCP -LocalPort 2382 -Action allow
#Enabling Misc. Applications
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action allow
New-NetFirewallRule -DisplayName "SSL" -Direction Inbound -Protocol TCP -LocalPort 443 -Action allow
New-NetFirewallRule -DisplayName "SQL Server Browse Button Service" -Direction Inbound -Protocol UDP -LocalPort 1433 -Action allow
#Enable Windows Firewall
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True

Set-NetFirewallProfile -Profile Domain -Enabled True
# Private or Domain
# Enable Group of pre-made rules
Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enabled True
Set-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" -Enabled True
Set-NetFirewallRule -DisplayGroup "Windows Management Instrumentation(WMI)" -Enabled True
Set-NetFirewallRule -DisplayGroup "Remote Desktop" -Enabled True
Set-NetFirewallRule -DisplayGroup "Windows Remote Management" -Enabled True
Set-NetFirewallRule -DisplayGroup "Remote Administration" -Enabled True
#list all current Role Groups
$rules=Get-NetFirewallRule
$DisplayGroups=foreach ($rule in $rules){$rule.displaygroup}
$DisplayGroups|Select-Object -Unique
# delete rule
Remove-NetfirewallRule -DisplayName "Allow Inbound OpenVPN Client Requests"
# Get Firewall Profile info
Get-NetFirewallProfile -name Domain
# Manage Rules Remotely
$TargetComputer=New-CIMSession -Computername MYCOMPUTER
Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enabled True -CimSession $TargetComputer