Last active
June 7, 2018 15:02
-
-
Save scarolan/5944447 to your computer and use it in GitHub Desktop.
This gist will create a new user with Administrator rights on a Windows server AWS instance, install Cygwin and SSHD, and open port 22 so that you can access the machine using SSH. This makes using Windows *much* more tolerable for the Unix administrator. Simply use the script below in your "User Data" field when deploying a new instance. The <p…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <powershell> | |
| # First we add our administrative user, replace username and password with your own | |
| $computer=$env:ComputerName | |
| $user="username" ## Change this! | |
| $password='password' ## And change this too! | |
| $objOu = [ADSI]"WinNT://$computer" | |
| $objGroup = [ADSI]"WinNT://$computer/Administrators,group" | |
| $objUser = $objOU.Create("User", $user) | |
| $objUser.setpassword($password) | |
| $objUser.SetInfo() | |
| $objUser.description = "Local Admin User $user" | |
| $objUser.SetInfo() | |
| $objGroup.Add("WinNT://$user,user") | |
| # Get the instance ready for Chef's knife bootstrap command | |
| winrm quickconfig -q | |
| winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' | |
| winrm set winrm/config '@{MaxTimeoutms="1800000"}' | |
| winrm set winrm/config/service '@{AllowUnencrypted="true"}' | |
| winrm set winrm/config/service/auth '@{Basic="true"}' | |
| netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any | |
| # Download and install cygwin SSHd | |
| function Install-Cygwin { | |
| param ( $TempCygDir="$env:temp\cygInstall" ) | |
| if(!(Test-Path -Path $TempCygDir -PathType Container)) | |
| { | |
| $null = New-Item -Type Directory -Path $TempCygDir -Force | |
| } | |
| $client = new-object System.Net.WebClient | |
| $client.DownloadFile("http://cygwin.com/setup.exe", "$TempCygDir\setup.exe" ) | |
| Start-Process -wait -FilePath "$TempCygDir\setup.exe" -ArgumentList "-q -n -l $TempCygDir -s http://mirrors.kernel.org/sourceware/cygwin/ -R c:\Cygwin" | |
| Start-Process -wait -FilePath "$TempCygDir\setup.exe" -ArgumentList "-q -n -l $TempCygDir -s http://mirrors.kernel.org/sourceware/cygwin/ -R c:\Cygwin -P openssh" | |
| Start-Process -wait -FilePath "$TempCygDir\setup.exe" -ArgumentList "-q -n -l $TempCygDir -s http://mirrors.kernel.org/sourceware/cygwin/ -R c:\Cygwin -P cygrunsrv" | |
| # You should change "password" on the next line to something more secure! | |
| Start-Process -wait -FilePath "C:\Cygwin\bin\bash.exe" -ArgumentList '--login -c "/bin/ssh-host-config -y --pwd password"' | |
| Start-Service sshd | |
| } | |
| Install-Cygwin | |
| # Open up port 22 on the firewall | |
| $fw = New-Object -ComObject hnetcfg.fwpolicy2 | |
| $rule = New-Object -ComObject HNetCfg.FWRule | |
| $rule.Name = "ssh" | |
| $rule.Protocol = 6 | |
| $rule.LocalPorts = 22 | |
| $rule.Enabled = $true | |
| $rule.Profiles = 7 # all | |
| $rule.Action = 1 # NET_FW_ACTION_ALLOW | |
| $rule.EdgeTraversal = $false | |
| $fw.Rules.Add($rule) | |
| </powershell> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment