Created
November 30, 2016 11:04
-
-
Save anonymous/126f6639f4e0a3efebec3057d7c21780 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #VARS | |
| $HgsGuardian = "C:\Shield\kpsmetadata.xml" | |
| $vscPath = "C:\Shield\disk_ID.vsc" | |
| $unattendPath = "C:\Shield\unattend.xml" #Answer File (if not exists, will be create) | |
| $CRTPath = "C:\Shield\myrdpcert.pfx" #RDP certificate (if not exists, will be create) | |
| $pdkPath = "C:\Shield\MyShieldData.pdk" #New PDK Path (will be create) | |
| ###Optional. Need for creating unattend.xml | |
| $VMadminpwd = ConvertTo-SecureString "ServerAdminP$wd" -AsPlainText -Force #VM administrator password | |
| $RDPCRTpwd = ConvertTo-SecureString "SertPasswd" -AsPlainText -Force #CRT password | |
| ###Optional. Need for creating RDP self-signed certificate | |
| $DNSname = "rdp.contoso.local" | |
| ##BODY | |
| #If unattend.xml file not exixts, create | |
| if (!(test-path $unattendPath)) { | |
| #Install GuardedFabricTools module | |
| if (!(Get-Command New-ShieldingDataAnswerFile -ErrorAction SilentlyContinue)) { | |
| Install-Module -Name GuardedFabricTools -Force | |
| } | |
| # If RDP certificate file not exists, create and export | |
| if (!(test-path $CRTPath)) { | |
| $SelfSignedCert = New-SelfSignedCertificate -DnsName $DNSname -CertStoreLocation Cert:\CurrentUser\My | |
| Export-PfxCertificate -Cert $SelfSignedCert -FilePath $CRTPath -Password $RDPCRTpwd | |
| } | |
| #Create answer file without joining a domain | |
| New-ShieldingDataAnswerFile -AdminPassword $VMadminpwd -RDPCertificateFilePath $CRTPath -RDPCertificatePassword $RDPCRTpwd -Path $unattendPath | |
| } | |
| Import-Module ShieldedVMDataFile | |
| Set-HgsClientConfiguration –EnableLocalMode | |
| Import-HgsGuardian -FilePath $HgsGuardian -Name ActivecloudFabric -AllowUntrustedRoot –ErrorAction SilentlyContinue | |
| New-HgsGuardian –Name DefaultOwner –GenerateCertificates –ErrorAction SilentlyContinue | |
| $pdkOwner = Get-HgsGuardian -Name DefaultOwner | |
| $pdkGuardian = Get-HgsGuardian -Name ActivecloudFabric | |
| $volumeIDQualifier = @(New-VolumeIDQualifier -VolumeSignatureCatalogFilePath $vscpath -VersionRule Equals) | |
| New-ShieldingDataFile -ShieldingDataFilePath $pdkPath -Owner $pdkOwner -Guardian $pdkGuardian -VolumeIDQualifier $volumeIDQualifier -WindowsUnattendFile $unattendPath -OtherFile $CRTPath |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment