Forked from masterzen/Bootstrap-EC2-Windows-CloudInit.ps1
Last active
August 29, 2015 14:01
-
-
Save annymsMthd/d08ba5e45067e05e45e8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Windows AMIs don't have WinRM enabled by default -- this script will enable WinRM | |
# AND install 7-zip, curl and .NET 4 if its missing. | |
# Then use the EC2 tools to create a new AMI from the result, and you have a system | |
# that will execute user-data as a PowerShell script after the instance fires up! | |
# This has been tested on Windows 2008 SP2 64bits AMIs provided by Amazon | |
# | |
# Inject this as user-data of a Windows 2008 AMI, like this (edit the adminPassword to your needs): | |
# | |
# <powershell> | |
# Set-ExecutionPolicy Unrestricted | |
# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/masterzen/6714787/raw')) -ArgumentList "adminPassword" | |
# </powershell> | |
# | |
param( | |
[Parameter(Mandatory=$true)] | |
[string] | |
$AdminPassword | |
) | |
Start-Transcript -Path 'c:\bootstrap-transcript.txt' -Force | |
Set-StrictMode -Version Latest | |
Set-ExecutionPolicy Unrestricted | |
$log = 'c:\Bootstrap.txt' | |
while (($AdminPassword -eq $null) -or ($AdminPassword -eq '')) | |
{ | |
$AdminPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((Read-Host "Enter a non-null / non-empty Administrator password" -AsSecureString))) | |
} | |
# move to home, PS is incredibly complex :) | |
cd $Env:USERPROFILE | |
Set-Location -Path $Env:USERPROFILE | |
[Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath | |
#change admin password | |
net user Administrator $AdminPassword | |
Add-Content $log -value "Changed Administrator password" | |
$client = new-object System.Net.WebClient | |
#check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it | |
$id = &winrm id | |
if (($id -eq $null) -and (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -ErrorAction SilentlyContinue) -eq $null) | |
{ | |
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -value 1 -propertyType dword | |
Add-Content $log -value "Added LocalAccountTokenFilterPolicy since winrm id could not be executed" | |
} | |
&winrm quickconfig `-q | |
&winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1000"}' | |
&winrm set winrm/config '@{MaxTimeoutms="1800000"}' | |
&winrm set winrm/config/client/auth '@{Basic="true"}' | |
&winrm set winrm/config/service/auth '@{Basic="true"}' | |
&winrm set winrm/config/service '@{AllowUnencrypted="true"}' | |
Add-Content $log -value "Ran quickconfig for winrm" | |
&netsh advfirewall firewall add rule name="WinRM" dir=in action=allow protocol=TCP localport=5985 profile=public | |
Add-Content $log -value "Ran firewall config to allow incoming winrm" | |
Stop-Transcript |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment