Last active
November 7, 2016 05:30
-
-
Save vinyar/d85c145e9dc471358aa6 to your computer and use it in GitHub Desktop.
powershell userdata to send to AWS Windows boxes to configure for Windows Fundamentals - in case cloudshare throws a tantrum.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <powershell> | |
| #https://gist.github.com/vinyar/6735863; | |
| # below two commands are known to fail for arbitrary reasons | |
| try { winrm quickconfig -q } | |
| catch {write-host "winrm quickconfig failed"} | |
| try { Enable-PSRemoting -force} | |
| catch {write-host "Enable-PSRemoting -force failed"} | |
| ##################################################### | |
| "Setting up WinRm" | |
| winrm set winrm/config '@{MaxTimeoutms="1800000"}'; | |
| winrm set winrm/config/client/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM | |
| winrm set winrm/config/client '@{AllowUnencrypted="true"}'; # per experiment to get 2012 running | |
| winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'; | |
| winrm set winrm/config/service '@{AllowUnencrypted="true"}'; # per https://github.com/WinRb/WinRM | |
| winrm set winrm/config/service/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM | |
| # needed for windows to manipulate centralized config files which live of a share. Such as AppFabric. | |
| winrm set winrm/config/service/auth '@{CredSSP="true"}'; | |
| write-host 'Attempting to enable built in 5985 firewall rule' | |
| netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 new remoteip=any; | |
| write-host 'Adding custom firewall rule for 5985' | |
| netsh advfirewall firewall add rule name="Opscode-Windows Remote Management (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=5985 remoteip=any; | |
| write-host 'adding 80-84 ports for training' | |
| netsh advfirewall firewall add rule name="Opscode-Windows IIS (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=80-84 remoteip=any; | |
| # todo: | |
| # for windows 7 firewall rules are different | |
| # "Remote Desktop (TCP-In)" | |
| # for windows 7 password login needs to be disabled via netplwiz manually | |
| # automate via ... google | |
| ##################################################### | |
| "Disabling complex password requirement." | |
| "[System Access]" | out-file c:\delete.cfg; | |
| "PasswordComplexity = 0" | out-file c:\delete.cfg -append; | |
| "[Version]" | out-file c:\delete.cfg -append; | |
| 'signature="$CHICAGO$"' | out-file c:\delete.cfg -append; | |
| write-host 'changing secedit policy' | |
| secedit /configure /db C:\Windows\security\new.sdb /cfg c:\delete.cfg /areas SECURITYPOLICY; | |
| # alternative to above | |
| # $seccfg = [IO.Path]::GetTempFileName() | |
| # secedit /export /cfg $seccfg | |
| # (Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s*1", "PasswordComplexity=0"} | Set-Content $seccfg | |
| # secedit /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY | |
| # del $seccfg | |
| ##################################################### | |
| "Setting up "Known" user for bootstrapping." | |
| $user="chef"; | |
| $password = "chef"; | |
| net user /add $user $password /yes; | |
| write-host 'adding user to admins' | |
| net localgroup Administrators /add $user; | |
| </powershell> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment