$VMs = Get-VM -Name "Windows 11 LTSC 2024" | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -ne "placeholderVm" }

$SettingName = @(
    "tools.setInfo.sizeLimit",
    "isolation.device.edit.disable",
    "isolation.device.connectable.disable",
    "isolation.tools.copy.disable",
    "isolation.tools.dnd.disable",
    "isolation.tools.setGUIOptions.enable",
    "RemoteDisplay.vnc.enabled",
    "isolation.tools.paste.disable",
    "isolation.tools.diskShrink.disable",
    "isolation.tools.diskWiper.disable",
    "log.keepOld",
    "log.rotateSize"
)

$Result = [System.Collections.ArrayList]@()
ForEach ($VM in $VMs) {
    $GetAdvSetting = Get-AdvancedSetting -Entity $VM -Name $SettingName | select Entity, Name, Value
    $obj = [PSCustomObject]@{
        'Entity'                               = $VM.Name
        "tools.setInfo.sizeLimit"              = ($GetAdvSetting | Where-Object Name -EQ 'tools.setInfo.sizeLimit').Value
        "isolation.device.edit.disable"        = ($GetAdvSetting | Where-Object Name -EQ 'isolation.device.edit.disable').Value
        "isolation.device.connectable.disable" = ($GetAdvSetting | Where-Object Name -EQ 'isolation.device.connectable.disable').Value
        "isolation.tools.copy.disable"         = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.copy.disable').Value
        "isolation.tools.dnd.disable"          = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.dnd.disable').Value
        "isolation.tools.setGUIOptions.enable" = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.setGUIOptions.enable').Value
        "RemoteDisplay.vnc.enabled"            = ($GetAdvSetting | Where-Object Name -EQ 'RemoteDisplay.vnc.enabled').Value
        "isolation.tools.paste.disable"        = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.paste.disable').Value
        "isolation.tools.diskShrink.disable"   = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.diskShrink.disable').Value
        "isolation.tools.diskWiper.disable"    = ($GetAdvSetting | Where-Object Name -EQ 'isolation.tools.diskWiper.disable').Value
        "log.keepOld"                          = ($GetAdvSetting | Where-Object Name -EQ 'log.keepOld').Value
        "log.rotateSize"                       = ($GetAdvSetting | Where-Object Name -EQ 'log.rotateSize').Value
    }
    $Result.Add($obj)
}

$Result


<# Blank Loop
ForEach-Object( ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'' -ne "VALUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name '' -Value TRUE -Confirm:$false -Force:$true
}
#>

# remediate VMs
ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'tools.setInfo.sizeLimit' -ne 1048576 }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'tools.setInfo.sizeLimit' -Value '1048576' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.device.edit.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.device.edit.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.device.connectable.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.device.connectable.disable' -Value TRUE -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.copy.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.copy.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.dnd.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.dnd.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.setGUIOptions.enable' -ne "FALSE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.setGUIOptions.enable' -Value 'FALSE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'RemoteDisplay.vnc.enabled' -ne "FALSE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'RemoteDisplay.vnc.enabled' -Value 'FALSE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.paste.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.paste.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.diskShrink.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.diskShrink.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'isolation.tools.diskWiper.disable' -ne "TRUE" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'isolation.tools.diskWiper.disable' -Value 'TRUE' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'log.keepOld' -ne "10" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'log.keepOld' -Value '10' -Confirm:$false -Force:$true
}

ForEach ($VM in ($Result | Where-Object { $_.Entity -notlike "vCLS*" -and $_.'log.rotateSize' -ne "1024000" }).Entity ) {
    New-AdvancedSetting -Entity $VM -Name 'log.rotateSize' -Value '1024000' -Confirm:$false -Force:$true
}