maxlinc · August 29, 2015 14:02
diff --git a/setup_winrm.ps1 b/setup_winrm.ps1
 Function GetRDPCert
 {
  $srcStoreScope = "LocalMachine"
  $srcStoreName = "Remote Desktop"
  $srcStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $srcStoreName, $srcStoreScope
  $srcStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
  Write-Host "Existing certificates:"
  Write-Host $srcStore.Certificates | select -expand Subject
  return $srcStore.Certificates -match "${env:computername}"
 }

 Function SetWinRMCert([System.Security.Cryptography.X509Certificates.X509Certificate]$cert)
 {
  Write-Host "Adding certificate to WinRM:"
  Write-Host $cert
  $dstStoreScope = "LocalMachine"
  $dstStoreName = "My"

  $dstStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $dstStoreName, $dstStoreScope
  $dstStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  $dstStore.Add($cert)
 }

 Function SetupWinRM([String]$cert_thumbprint)
 {
  netsh advfirewall firewall set rule group="remote administration" new enable=yes
  netsh advfirewall firewall add rule name="WinRM HTTP" dir=in action=allow protocol=TCP localport=5985
  netsh advfirewall firewall add rule name="WinRM HTTPS" dir=in action=allow protocol=TCP localport=5986
  winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"${env:COMPUTERNAME}`"; CertificateThumbprint=`"${cert_thumbprint}`"}"
 }

 $cert = GetRDPCert
 SetWinRMCert($cert)
 SetupWinRM($cert.thumbprint)
	Function GetRDPCert
	{
	$srcStoreScope = "LocalMachine"
	$srcStoreName = "Remote Desktop"
	$srcStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $srcStoreName, $srcStoreScope
	$srcStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
	Write-Host "Existing certificates:"
	Write-Host $srcStore.Certificates \| select -expand Subject
	return $srcStore.Certificates -match "${env:computername}"
	}

	Function SetWinRMCert([System.Security.Cryptography.X509Certificates.X509Certificate]$cert)
	{
	Write-Host "Adding certificate to WinRM:"
	Write-Host $cert
	$dstStoreScope = "LocalMachine"
	$dstStoreName = "My"

	$dstStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $dstStoreName, $dstStoreScope
	$dstStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
	$dstStore.Add($cert)
	}

	Function SetupWinRM([String]$cert_thumbprint)
	{
	netsh advfirewall firewall set rule group="remote administration" new enable=yes
	netsh advfirewall firewall add rule name="WinRM HTTP" dir=in action=allow protocol=TCP localport=5985
	netsh advfirewall firewall add rule name="WinRM HTTPS" dir=in action=allow protocol=TCP localport=5986
	winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"${env:COMPUTERNAME}`"; CertificateThumbprint=`"${cert_thumbprint}`"}"
	}

	$cert = GetRDPCert
	SetWinRMCert($cert)
	SetupWinRM($cert.thumbprint)