Skip to content

Instantly share code, notes, and snippets.

@SwampDragons
Last active June 9, 2022 13:58
Show Gist options
  • Save SwampDragons/a0044e88c614a507a533ee9323cf8e0c to your computer and use it in GitHub Desktop.
Save SwampDragons/a0044e88c614a507a533ee9323cf8e0c to your computer and use it in GitHub Desktop.
{
"builders": [
{
"type": "amazon-ebs",
"region": "us-west-2",
"instance_type": "t2.micro",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "CIS Microsoft Windows Server 2016 Benchmark v1.1.0.*Level 1*",
"root-device-type": "ebs"
},
"owners": ["679593333241"],
"most_recent": true
},
"ami_name": "default-packer",
"user_data_file": "./user_data_file_bootstrap.txt",
"communicator": "winrm",
"force_deregister": true,
"winrm_username": "Administrator",
"winrm_insecure": true,
"winrm_use_ntlm": true,
"winrm_use_ssl": true
}],
"provisioners": [
{
"type": "powershell",
"inline": ["Write-Host \"HELLO I AM CONNECTED\""]
}
]
}
<powershell>
# MAKE SURE IN YOUR PACKER CONFIG TO SET:
#
#
# "winrm_username": "Administrator",
# "winrm_insecure": true,
# "winrm_use_ssl": true,
#
#
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment