ArkaprabhaChakraborty · July 25, 2025 13:54
diff --git a/installsharepointamsi.ps1 b/installsharepointamsi.ps1
 # Install-SharePointWithAMSI.ps1
 # Downloads and installs SharePoint Server on-premises with trial keys and enables AMSI integration
 # Prompts user to choose SharePoint version: 2016, 2019, or Subscription Edition

 # Ensure script runs with elevated privileges
 if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "This script requires administrative privileges. Please run as Administrator." -ForegroundColor Red
    exit 1
 }

 # Constants
 $AMSI_FEATURE_GUID = "4cf046f3-38c7-495f-a7da-a1292d32e8e9"
 $DOWNLOAD_PATH = "C:\SharePointInstall"
 $CONFIG_PATH = "$DOWNLOAD_PATH\config.xml"
    
 # SharePoint version details
 $SP_VERSIONS = @{
    "1" = @{
        Name = "2016"
        TrialKey = "NQGJR-63HC8-XCRQH-MY22Y-G3F9T"
        DownloadUrl = "https://download.microsoft.com/download/0/0/4/004EE264-7043-45BF-99E3-3E3F2E4C8461/OfficeServer.iso"
        UpdateKB = "KB5002494"
        UpdateUrl = "https://download.microsoft.com/download/5/4/7/547A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/sharepointserver2016-kb5002494-fullfile-x64-glb.exe"
    }
    "2" = @{
        Name = "2019"
        TrialKey = "M692G-8N2JP-GG8B2-2W2P7-YY7J6"
        DownloadUrl = "https://download.microsoft.com/download/0/6/4/0640E0D7-4E0B-4E1C-9A0E-6B173DA458B2/OfficeServer.iso"
        UpdateKB = "KB5002472"
        UpdateUrl = "https://download.microsoft.com/download/3/8/2/382B0B8F-9B0B-4B8F-8F0B-6B173DA458B2/sharepointserver2019-kb5002472-fullfile-x64-glb.exe"
    }
    "3" = @{
        Name = "Subscription"
        TrialKey = "VW2FM-FN9FT-H22J4-WV9GT-H8VKF"
        DownloadUrl = "https://download.microsoft.com/download/2/4/7/247A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/OfficeServer.iso"
        UpdateKB = "KB5002474"
        UpdateUrl = "https://download.microsoft.com/download/4/7/2/472A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/sharepointsubscriptionserver-kb5002474-fullfile-x64-glb.exe"
    }
 }

 # Prompt user for SharePoint version
 Write-Host "Select SharePoint version to install:" -ForegroundColor Cyan
 Write-Host "1. SharePoint Server 2016"
 Write-Host "2. SharePoint Server 2019"
 Write-Host "3. SharePoint Server Subscription Edition"
 $choice = Read-Host "Enter choice (1-3)"

 if (-not $SP_VERSIONS.ContainsKey($choice)) {
    Write-Host "Invalid choice. Exiting." -ForegroundColor Red
    exit 1
 }

 $spInfo = $SP_VERSIONS[$choice]
 $spVersion = $spInfo.Name
 $trialKey = $spInfo.TrialKey
 $downloadUrl = $spInfo.DownloadUrl
 $updateKB = $spInfo.UpdateKB
 $updateUrl = $spInfo.UpdateUrl

 Write-Host "Selected SharePoint Server $spVersion with trial key: $trialKey" -ForegroundColor Green

 # Prompt for installation details
 $installPath = Read-Host "Enter installation path for SharePoint media (default: $DOWNLOAD_PATH)"
 if (-not $installPath) { $installPath = $DOWNLOAD_PATH }
 $databaseServer = Read-Host "Enter SQL Server name (e.g., localhost or SERVER\INSTANCE)"
 $passphrase = Read-Host "Enter farm passphrase" -AsSecureString
 $passphrase = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($passphrase))

 # Create download directory
 if (-not (Test-Path $installPath)) {
    New-Item -Path $installPath -ItemType Directory | Out-Null
 }

 # Download SharePoint installation media
 Write-Host "Downloading SharePoint Server $spVersion installation media..." -ForegroundColor Cyan
 $isoPath = Join-Path $installPath "OfficeServer.iso"
 try {
    Invoke-WebRequest -Uri $downloadUrl -OutFile $isoPath
    Write-Host "Download completed: $isoPath" -ForegroundColor Green
 }
 catch {
    Write-Host "Failed to download SharePoint media: $_" -ForegroundColor Red
    exit 1
 }

 # Mount ISO
 Write-Host "Mounting SharePoint ISO..." -ForegroundColor Cyan
 try {
    $mountResult = Mount-DiskImage -ImagePath $isoPath -PassThru
    $driveLetter = ($mountResult | Get-Volume).DriveLetter + ":\"
    Write-Host "ISO mounted at $driveLetter" -ForegroundColor Green
 }
 catch {
    Write-Host "Failed to mount ISO: $_" -ForegroundColor Red
    exit 1
 }

 # Install prerequisites
 Write-Host "Installing SharePoint prerequisites..." -ForegroundColor Cyan
 $prereqInstaller = Join-Path $driveLetter "PrerequisiteInstaller.exe"
 if (Test-Path $prereqInstaller) {
    Start-Process -FilePath $prereqInstaller -ArgumentList "/unattended" -Wait -NoNewWindow
    Write-Host "Prerequisites installed successfully" -ForegroundColor Green
 }
 else {
    Write-Host "PrerequisiteInstaller.exe not found" -ForegroundColor Red
    Dismount-DiskImage -ImagePath $isoPath
    exit 1
 }

 # Create config.xml for unattended installation
 Write-Host "Creating configuration file for SharePoint installation..." -ForegroundColor Cyan
 $configContent = @"
 <Configuration>
    <Package Id="sts">
        <Setting Id="SETUPTYPE" Value="CLEAN_INSTALL"/>
        <Setting Id="PIDKEY" Value="$trialKey"/>
    </Package>
    <Logging Type="standard" Path="$installPath\Logs" Template="SharePointSetup(*).log"/>
 </Configuration>
 "@
 $configContent | Out-File -FilePath $CONFIG_PATH -Encoding UTF8
 Write-Host "Configuration file created at $CONFIG_PATH" -ForegroundColor Green

 # Install SharePoint binaries
 Write-Host "Installing SharePoint Server $spVersion..." -ForegroundColor Cyan
 $setupExe = Join-Path $driveLetter "setup.exe"
 if (Test-Path $setupExe) {
    Start-Process -FilePath $setupExe -ArgumentList "/config `"$CONFIG_PATH`"" -Wait -NoNewWindow
    Write-Host "SharePoint Server installed successfully" -ForegroundColor Green
 }
 else {
    Write-Host "setup.exe not found" -ForegroundColor Red
    Dismount-DiskImage -ImagePath $isoPath
    exit 1
 }

 # Dismount ISO
 Dismount-DiskImage -ImagePath $isoPath
 Write-Host "ISO dismounted" -ForegroundColor Green

 # Configure SharePoint farm
 Write-Host "Configuring SharePoint farm..." -ForegroundColor Cyan
 try {
    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction Stop
    $configDb = "SharePoint_Config"
    $adminContentDb = "SharePoint_AdminContent"
    $credential = Get-Credential -Message "Enter farm account credentials (e.g., DOMAIN\sp_farm)"
    New-SPConfigurationDatabase -DatabaseName $configDb -DatabaseServer $databaseServer -AdministrationContentDatabaseName $adminContentDb -Passphrase (ConvertTo-SecureString $passphrase -AsPlainText -Force) -FarmCredentials $credential
    Write-Host "Configuration database created" -ForegroundColor Green

    # Run PSConfig
    PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
    Write-Host "Farm configuration completed" -ForegroundColor Green
 }
 catch {
    Write-Host "Failed to configure farm: $_" -ForegroundColor Red
    exit 1
 }

 # Download and install AMSI update
 Write-Host "Downloading AMSI update ($updateKB)..." -ForegroundColor Cyan
 $updatePath = Join-Path $installPath "$updateKB.exe"
 try {
    Invoke-WebRequest -Uri $updateUrl -OutFile $updatePath
    Write-Host "Update downloaded: $updatePath" -ForegroundColor Green
 }
 catch {
    Write-Host "Failed to download update: $_" -ForegroundColor Red
    exit 1
 }

 Write-Host "Installing AMSI update ($updateKB)..." -ForegroundColor Cyan
 Start-Process -FilePath $updatePath -ArgumentList "/quiet /norestart" -Wait -NoNewWindow
 Write-Host "AMSI update installed" -ForegroundColor Green

 # Run PSConfig to apply update
 Write-Host "Running PSConfig to apply AMSI update..." -ForegroundColor Cyan
 try {
    PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
    Write-Host "PSConfig completed for AMSI update" -ForegroundColor Green
 }
 catch {
    Write-Host "PSConfig failed: $_" -ForegroundColor Red
    exit 1
 }

 # Verify AMSI feature
 Write-Host "Verifying AMSI farm feature..." -ForegroundColor Cyan
 $amsiFeature = Get-SPFeature -Farm | Where-Object { $_.Id -eq $AMSI_FEATURE_GUID }
 if ($amsiFeature) {
    Write-Host "AMSI farm feature is installed" -ForegroundColor Green
 }
 else {
    Write-Host "AMSI feature not found. Check update installation." -ForegroundColor Red
    exit 1
 }

 # Enable AMSI for all web applications
 Write-Host "Enabling AMSI for all web applications..." -ForegroundColor Cyan
 try {
    $webApps = Get-SPWebApplication
    foreach ($webApp in $webApps) {
        Enable-SPFeature -Identity $AMSI_FEATURE_GUID -Url $webApp.Url -Force
        Write-Host "AMSI enabled for $($webApp.Url)" -ForegroundColor Green
    }
 }
 catch {
    Write-Host "Failed to enable AMSI: $_" -ForegroundColor Red
    exit 1
 }

 # Rotate ASP.NET machine keys
 Write-Host "Rotating ASP.NET machine keys..." -ForegroundColor Cyan
 try {
    $webApps = Get-SPWebApplication
    foreach ($webApp in $webApps) {
        Set-SPMachineKey -WebApplication $webApp
        Update-SPMachineKey -WebApplication $webApp
        Write-Host "Machine keys rotated for $($webApp.Url)" -ForegroundColor Green
    }
    iisreset
    Write-Host "IIS restarted" -ForegroundColor Green
 }
 catch {
    Write-Host "Failed to rotate machine keys: $_" -ForegroundColor Red
    exit 1
 }

 Write-Host "SharePoint Server $spVersion installed and AMSI integration configured successfully" -ForegroundColor Green
 exit 0
	# Install-SharePointWithAMSI.ps1
	# Downloads and installs SharePoint Server on-premises with trial keys and enables AMSI integration
	# Prompts user to choose SharePoint version: 2016, 2019, or Subscription Edition

	# Ensure script runs with elevated privileges
	if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	Write-Host "This script requires administrative privileges. Please run as Administrator." -ForegroundColor Red
	exit 1
	}

	# Constants
	$AMSI_FEATURE_GUID = "4cf046f3-38c7-495f-a7da-a1292d32e8e9"
	$DOWNLOAD_PATH = "C:\SharePointInstall"
	$CONFIG_PATH = "$DOWNLOAD_PATH\config.xml"

	# SharePoint version details
	$SP_VERSIONS = @{
	"1" = @{
	Name = "2016"
	TrialKey = "NQGJR-63HC8-XCRQH-MY22Y-G3F9T"
	DownloadUrl = "https://download.microsoft.com/download/0/0/4/004EE264-7043-45BF-99E3-3E3F2E4C8461/OfficeServer.iso"
	UpdateKB = "KB5002494"
	UpdateUrl = "https://download.microsoft.com/download/5/4/7/547A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/sharepointserver2016-kb5002494-fullfile-x64-glb.exe"
	}
	"2" = @{
	Name = "2019"
	TrialKey = "M692G-8N2JP-GG8B2-2W2P7-YY7J6"
	DownloadUrl = "https://download.microsoft.com/download/0/6/4/0640E0D7-4E0B-4E1C-9A0E-6B173DA458B2/OfficeServer.iso"
	UpdateKB = "KB5002472"
	UpdateUrl = "https://download.microsoft.com/download/3/8/2/382B0B8F-9B0B-4B8F-8F0B-6B173DA458B2/sharepointserver2019-kb5002472-fullfile-x64-glb.exe"
	}
	"3" = @{
	Name = "Subscription"
	TrialKey = "VW2FM-FN9FT-H22J4-WV9GT-H8VKF"
	DownloadUrl = "https://download.microsoft.com/download/2/4/7/247A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/OfficeServer.iso"
	UpdateKB = "KB5002474"
	UpdateUrl = "https://download.microsoft.com/download/4/7/2/472A0B8D-7A07-4C2E-B4B5-2B0B9F0E7B0E/sharepointsubscriptionserver-kb5002474-fullfile-x64-glb.exe"
	}
	}

	# Prompt user for SharePoint version
	Write-Host "Select SharePoint version to install:" -ForegroundColor Cyan
	Write-Host "1. SharePoint Server 2016"
	Write-Host "2. SharePoint Server 2019"
	Write-Host "3. SharePoint Server Subscription Edition"
	$choice = Read-Host "Enter choice (1-3)"

	if (-not $SP_VERSIONS.ContainsKey($choice)) {
	Write-Host "Invalid choice. Exiting." -ForegroundColor Red
	exit 1
	}

	$spInfo = $SP_VERSIONS[$choice]
	$spVersion = $spInfo.Name
	$trialKey = $spInfo.TrialKey
	$downloadUrl = $spInfo.DownloadUrl
	$updateKB = $spInfo.UpdateKB
	$updateUrl = $spInfo.UpdateUrl

	Write-Host "Selected SharePoint Server $spVersion with trial key: $trialKey" -ForegroundColor Green

	# Prompt for installation details
	$installPath = Read-Host "Enter installation path for SharePoint media (default: $DOWNLOAD_PATH)"
	if (-not $installPath) { $installPath = $DOWNLOAD_PATH }
	$databaseServer = Read-Host "Enter SQL Server name (e.g., localhost or SERVER\INSTANCE)"
	$passphrase = Read-Host "Enter farm passphrase" -AsSecureString
	$passphrase = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($passphrase))

	# Create download directory
	if (-not (Test-Path $installPath)) {
	New-Item -Path $installPath -ItemType Directory \| Out-Null
	}

	# Download SharePoint installation media
	Write-Host "Downloading SharePoint Server $spVersion installation media..." -ForegroundColor Cyan
	$isoPath = Join-Path $installPath "OfficeServer.iso"
	try {
	Invoke-WebRequest -Uri $downloadUrl -OutFile $isoPath
	Write-Host "Download completed: $isoPath" -ForegroundColor Green
	}
	catch {
	Write-Host "Failed to download SharePoint media: $_" -ForegroundColor Red
	exit 1
	}

	# Mount ISO
	Write-Host "Mounting SharePoint ISO..." -ForegroundColor Cyan
	try {
	$mountResult = Mount-DiskImage -ImagePath $isoPath -PassThru
	$driveLetter = ($mountResult \| Get-Volume).DriveLetter + ":\"
	Write-Host "ISO mounted at $driveLetter" -ForegroundColor Green
	}
	catch {
	Write-Host "Failed to mount ISO: $_" -ForegroundColor Red
	exit 1
	}

	# Install prerequisites
	Write-Host "Installing SharePoint prerequisites..." -ForegroundColor Cyan
	$prereqInstaller = Join-Path $driveLetter "PrerequisiteInstaller.exe"
	if (Test-Path $prereqInstaller) {
	Start-Process -FilePath $prereqInstaller -ArgumentList "/unattended" -Wait -NoNewWindow
	Write-Host "Prerequisites installed successfully" -ForegroundColor Green
	}
	else {
	Write-Host "PrerequisiteInstaller.exe not found" -ForegroundColor Red
	Dismount-DiskImage -ImagePath $isoPath
	exit 1
	}

	# Create config.xml for unattended installation
	Write-Host "Creating configuration file for SharePoint installation..." -ForegroundColor Cyan
	$configContent = @"
	<Configuration>
	<Package Id="sts">
	<Setting Id="SETUPTYPE" Value="CLEAN_INSTALL"/>
	<Setting Id="PIDKEY" Value="$trialKey"/>
	</Package>
	<Logging Type="standard" Path="$installPath\Logs" Template="SharePointSetup(*).log"/>
	</Configuration>
	"@
	$configContent \| Out-File -FilePath $CONFIG_PATH -Encoding UTF8
	Write-Host "Configuration file created at $CONFIG_PATH" -ForegroundColor Green

	# Install SharePoint binaries
	Write-Host "Installing SharePoint Server $spVersion..." -ForegroundColor Cyan
	$setupExe = Join-Path $driveLetter "setup.exe"
	if (Test-Path $setupExe) {
	Start-Process -FilePath $setupExe -ArgumentList "/config `"$CONFIG_PATH`"" -Wait -NoNewWindow
	Write-Host "SharePoint Server installed successfully" -ForegroundColor Green
	}
	else {
	Write-Host "setup.exe not found" -ForegroundColor Red
	Dismount-DiskImage -ImagePath $isoPath
	exit 1
	}

	# Dismount ISO
	Dismount-DiskImage -ImagePath $isoPath
	Write-Host "ISO dismounted" -ForegroundColor Green

	# Configure SharePoint farm
	Write-Host "Configuring SharePoint farm..." -ForegroundColor Cyan
	try {
	Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction Stop
	$configDb = "SharePoint_Config"
	$adminContentDb = "SharePoint_AdminContent"
	$credential = Get-Credential -Message "Enter farm account credentials (e.g., DOMAIN\sp_farm)"
	New-SPConfigurationDatabase -DatabaseName $configDb -DatabaseServer $databaseServer -AdministrationContentDatabaseName $adminContentDb -Passphrase (ConvertTo-SecureString $passphrase -AsPlainText -Force) -FarmCredentials $credential
	Write-Host "Configuration database created" -ForegroundColor Green

	# Run PSConfig
	PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
	Write-Host "Farm configuration completed" -ForegroundColor Green
	}
	catch {
	Write-Host "Failed to configure farm: $_" -ForegroundColor Red
	exit 1
	}

	# Download and install AMSI update
	Write-Host "Downloading AMSI update ($updateKB)..." -ForegroundColor Cyan
	$updatePath = Join-Path $installPath "$updateKB.exe"
	try {
	Invoke-WebRequest -Uri $updateUrl -OutFile $updatePath
	Write-Host "Update downloaded: $updatePath" -ForegroundColor Green
	}
	catch {
	Write-Host "Failed to download update: $_" -ForegroundColor Red
	exit 1
	}

	Write-Host "Installing AMSI update ($updateKB)..." -ForegroundColor Cyan
	Start-Process -FilePath $updatePath -ArgumentList "/quiet /norestart" -Wait -NoNewWindow
	Write-Host "AMSI update installed" -ForegroundColor Green

	# Run PSConfig to apply update
	Write-Host "Running PSConfig to apply AMSI update..." -ForegroundColor Cyan
	try {
	PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
	Write-Host "PSConfig completed for AMSI update" -ForegroundColor Green
	}
	catch {
	Write-Host "PSConfig failed: $_" -ForegroundColor Red
	exit 1
	}

	# Verify AMSI feature
	Write-Host "Verifying AMSI farm feature..." -ForegroundColor Cyan
	$amsiFeature = Get-SPFeature -Farm \| Where-Object { $_.Id -eq $AMSI_FEATURE_GUID }
	if ($amsiFeature) {
	Write-Host "AMSI farm feature is installed" -ForegroundColor Green
	}
	else {
	Write-Host "AMSI feature not found. Check update installation." -ForegroundColor Red
	exit 1
	}

	# Enable AMSI for all web applications
	Write-Host "Enabling AMSI for all web applications..." -ForegroundColor Cyan
	try {
	$webApps = Get-SPWebApplication
	foreach ($webApp in $webApps) {
	Enable-SPFeature -Identity $AMSI_FEATURE_GUID -Url $webApp.Url -Force
	Write-Host "AMSI enabled for $($webApp.Url)" -ForegroundColor Green
	}
	}
	catch {
	Write-Host "Failed to enable AMSI: $_" -ForegroundColor Red
	exit 1
	}

	# Rotate ASP.NET machine keys
	Write-Host "Rotating ASP.NET machine keys..." -ForegroundColor Cyan
	try {
	$webApps = Get-SPWebApplication
	foreach ($webApp in $webApps) {
	Set-SPMachineKey -WebApplication $webApp
	Update-SPMachineKey -WebApplication $webApp
	Write-Host "Machine keys rotated for $($webApp.Url)" -ForegroundColor Green
	}
	iisreset
	Write-Host "IIS restarted" -ForegroundColor Green
	}
	catch {
	Write-Host "Failed to rotate machine keys: $_" -ForegroundColor Red
	exit 1
	}

	Write-Host "SharePoint Server $spVersion installed and AMSI integration configured successfully" -ForegroundColor Green
	exit 0