Last active
October 11, 2024 12:55
-
-
Save BoxedBrain/b9451faeb622e33cb225ea1dfa6d2898 to your computer and use it in GitHub Desktop.
Netwrix Password Secure Cheat Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Some functions may require PS v6 or later - so let`s install it first | |
| iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI" | |
| # ------------------------------------------------------------ | |
| # add local service account | |
| $username = "svc_passwordsecure" | |
| $password = Read-Host -AsSecureString | |
| New-LocalUser -Name $username -Password $password -FullName "Netwrix Password Secure" -Description "Service account" | |
| Add-LocalGroupMember -Group Administrators -Member $username | |
| # ------------------------------------------------------------ | |
| # configure service to use service account | |
| $cred = Get-Credential -UserName ".\svc_passwordsecure" | |
| Set-Service -Name "PsrServer" -Credential $cred | |
| Set-Service -Name "PsrBackupService" -Credential $cred | |
| # ------------------------------------------------------------ | |
| # install iis | |
| Install-WindowsFeature -Name Web-Server -IncludeManagementTools | |
| # ------------------------------------------------------------ | |
| # add firewall rule | |
| New-NetFirewallRule -DisplayName "Allow inbound Netwrix Password Secure" -Direction Inbound -Action Allow -EdgeTraversalPolicy Allow -Protocol TCP -LocalPort 80,443,11011,11018 | |
| # ------------------------------------------------------------ | |
| # PowerShell script to generate a self-signed certificate using New-SelfSignedCertificate cmdlet | |
| # Parameters for the New-SelfSignedCertificate cmdlet | |
| $params = @{ | |
| Subject = "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" # Common Name (CN) for the certificate | |
| DnsName = "$env:COMPUTERNAME.$env:USERDNSDOMAIN", $env:COMPUTERNAME # List of DNS names for the certificate | |
| # Note: DnsName needs to contain the CN to be valid for modern browsers! | |
| KeyAlgorithm = 'RSA' # Key algorithm for the certificate | |
| KeyLength = 4096 # Key length in bits | |
| NotAfter = (Get-Date).AddMonths(24) # Expiration date for the certificate | |
| # Change certificate validity by adjusting the AddMonths value | |
| } | |
| # Generate a new self-signed certificate using the specified parameters | |
| New-SelfSignedCertificate @params |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment