christrotter · May 1, 2018 17:55
diff --git a/winrm-for-packer.ps1 b/winrm-for-packer.ps1
 <#
  Much of this is direct from the Packer documentation:
  https://www.packer.io/intro/getting-started/build-image.html#a-windows-example
  
  Everything else from random other blogs.
  
  'PostToSlack' is one of our in-house functions, just sends stuff to a slack channel.
 #>

 Write-Output "Setting the administrator password to facilitate WinRM config."
 net user Administrator SuperS3cr3t!
 wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

 Write-Output "Turning off the firewall entirely, we use security groups for this."
 netsh advfirewall set allprofiles state off

 PostToSlack "Setting up WinRM for Packer..."
 Write-Output "Doing basic winrm configuration..."
 # Delete any existing WinRM listeners
 winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
 winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null

 # Create a new WinRM listener and configure
 winrm create winrm/config/listener?Address=*+Transport=HTTP
 winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
 winrm set winrm/config '@{MaxTimeoutms="7200000"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'
 winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 winrm set winrm/config/client/auth '@{Basic="true"}'

 set-item WSMan:\localhost\Client\AllowUnencrypted -Value True -Force
 set-item WSMan:\localhost\Client\Auth\Basic  -Value True -Force
 set-item WSMan:\localhost\Client\TrustedHosts -Value * -Force
 Enable-PSRemoting -force

 # Configure UAC to allow privilege elevation in remote shells
 $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
 $Setting = 'LocalAccountTokenFilterPolicy'
 Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force

 # Configure and restart the WinRM Service; Enable the required firewall exception
 Stop-Service -Name WinRM
 Set-Service -Name WinRM -StartupType Automatic
 # This isn't technically necessary, but I'm superstitious about WinRM at this point.
 netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
 Start-Service -Name WinRM

 $winrmServiceStatus = (Get-Service winrm).Status
 if ($winrmServiceStatus -ne 'Running') {
    PostToSlack ":red-x: WinRM not running!!"
 }
 else {
    PostToSlack ":white_check_mark: WinRM is running!!"
 }
	<#
	Much of this is direct from the Packer documentation:
	https://www.packer.io/intro/getting-started/build-image.html#a-windows-example

	Everything else from random other blogs.

	'PostToSlack' is one of our in-house functions, just sends stuff to a slack channel.
	#>

	Write-Output "Setting the administrator password to facilitate WinRM config."
	net user Administrator SuperS3cr3t!
	wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

	Write-Output "Turning off the firewall entirely, we use security groups for this."
	netsh advfirewall set allprofiles state off

	PostToSlack "Setting up WinRM for Packer..."
	Write-Output "Doing basic winrm configuration..."
	# Delete any existing WinRM listeners
	winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
	winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null

	# Create a new WinRM listener and configure
	winrm create winrm/config/listener?Address=*+Transport=HTTP
	winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
	winrm set winrm/config '@{MaxTimeoutms="7200000"}'
	winrm set winrm/config/service '@{AllowUnencrypted="true"}'
	winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
	winrm set winrm/config/service/auth '@{Basic="true"}'
	winrm set winrm/config/client/auth '@{Basic="true"}'

	set-item WSMan:\localhost\Client\AllowUnencrypted -Value True -Force
	set-item WSMan:\localhost\Client\Auth\Basic -Value True -Force
	set-item WSMan:\localhost\Client\TrustedHosts -Value * -Force
	Enable-PSRemoting -force

	# Configure UAC to allow privilege elevation in remote shells
	$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
	$Setting = 'LocalAccountTokenFilterPolicy'
	Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force

	# Configure and restart the WinRM Service; Enable the required firewall exception
	Stop-Service -Name WinRM
	Set-Service -Name WinRM -StartupType Automatic
	# This isn't technically necessary, but I'm superstitious about WinRM at this point.
	netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
	Start-Service -Name WinRM

	$winrmServiceStatus = (Get-Service winrm).Status
	if ($winrmServiceStatus -ne 'Running') {
	PostToSlack ":red-x: WinRM not running!!"
	}
	else {
	PostToSlack ":white_check_mark: WinRM is running!!"
	}