huksley/winrmsetup.bat

## winrmsetup.bat
@echo off
REM Installs and configures WinRM in HTTPS mode
REM Execute this on target machine.
REM
REM xebialabs/overthere and rundeck-winrm-plugin
REM will work after this
REM
REM NOTE: You need accessible share with installation packages
REM and selfssl.exe and CertMgr.exe
REM Where to GET these?
REM - NetFx20SP2
REM - KB968930 x32, x64
REM - selfssl.exe - IIS 6.0 Resource Kit Tools - http://www.microsoft.com/en-us/download/details.aspx?id=17275
REM - CertMgr.exe - Windows SDK - http://msdn.microsoft.com/en-us/windowsserver/bb980924.aspx
set WINRMFILES=#ENTERYOURPATHHERE#

:install
IF EXIST "%ProgramFiles(x86)%" (
  goto install64
) ELSE (
  goto install32
)

:install32
echo Installing DotNet 2.0 SP2
%WINRMFILES%\NetFx20SP2_x86.exe /q /norestart
echo Installing KB968930
%WINRMFILES%\WindowsServer2003-KB968930-x86-ENG.exe /quiet /norestart
goto setup

:install64
echo Installing DotNet 2.0 SP2
%WINRMFILES%\NetFx20SP2_x64.exe /q /norestart
echo Installing KB968930
%WINRMFILES%\WindowsServer2003-KB968930-x64-ENG.exe /quiet /norestart
goto setup

:setup
call winrm qc -q
net stop winrm
net start winrm

echo Creating WinRM HTTP Listener
call winrm set winrm/config/service/Auth @{Basic="true"}
call winrm set winrm/config/service/Auth @{Kerberos="true"}
call winrm set winrm/config/service @{AllowUnencrypted="true"}
call winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"}
call winrm set winrm/config/client @{AllowUnencrypted="true"}
call winrm set winrm/config/client @{TrustedHosts="*"}

:findcert
set TOKEN=
FOR /F "skip=8 tokens=1-5" %%i IN ('%WINRMFILES%\certmgr -c -r localMachine -s my') DO (
  set TOKEN=%%i %%j %%k %%l %%m
	goto found
)

:found
if "%TOKEN%"=="" %WINRMFILES%\selfssl.exe /T /N:cn=%COMPUTERNAME% /V:3650 /Q && goto findcert

:setuphttps
echo Creating WinRM HTTPS Listener with certificate %TOKEN%
call winrm delete winrm/config/Listener?Address=*+Transport=HTTPS >nul 2>nul
call winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="%COMPUTERNAME%"; CertificateThumbprint="%TOKEN%"}
	@echo off
	REM Installs and configures WinRM in HTTPS mode
	REM Execute this on target machine.
	REM
	REM xebialabs/overthere and rundeck-winrm-plugin
	REM will work after this
	REM
	REM NOTE: You need accessible share with installation packages
	REM and selfssl.exe and CertMgr.exe
	REM Where to GET these?
	REM - NetFx20SP2
	REM - KB968930 x32, x64
	REM - selfssl.exe - IIS 6.0 Resource Kit Tools - http://www.microsoft.com/en-us/download/details.aspx?id=17275
	REM - CertMgr.exe - Windows SDK - http://msdn.microsoft.com/en-us/windowsserver/bb980924.aspx
	set WINRMFILES=#ENTERYOURPATHHERE#

	:install
	IF EXIST "%ProgramFiles(x86)%" (
	goto install64
	) ELSE (
	goto install32
	)

	:install32
	echo Installing DotNet 2.0 SP2
	%WINRMFILES%\NetFx20SP2_x86.exe /q /norestart
	echo Installing KB968930
	%WINRMFILES%\WindowsServer2003-KB968930-x86-ENG.exe /quiet /norestart
	goto setup

	:install64
	echo Installing DotNet 2.0 SP2
	%WINRMFILES%\NetFx20SP2_x64.exe /q /norestart
	echo Installing KB968930
	%WINRMFILES%\WindowsServer2003-KB968930-x64-ENG.exe /quiet /norestart
	goto setup

	:setup
	call winrm qc -q
	net stop winrm
	net start winrm

	echo Creating WinRM HTTP Listener
	call winrm set winrm/config/service/Auth @{Basic="true"}
	call winrm set winrm/config/service/Auth @{Kerberos="true"}
	call winrm set winrm/config/service @{AllowUnencrypted="true"}
	call winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"}
	call winrm set winrm/config/client @{AllowUnencrypted="true"}
	call winrm set winrm/config/client @{TrustedHosts="*"}

	:findcert
	set TOKEN=
	FOR /F "skip=8 tokens=1-5" %%i IN ('%WINRMFILES%\certmgr -c -r localMachine -s my') DO (
	set TOKEN=%%i %%j %%k %%l %%m
	goto found
	)

	:found
	if "%TOKEN%"=="" %WINRMFILES%\selfssl.exe /T /N:cn=%COMPUTERNAME% /V:3650 /Q && goto findcert

	:setuphttps
	echo Creating WinRM HTTPS Listener with certificate %TOKEN%
	call winrm delete winrm/config/Listener?Address=*+Transport=HTTPS >nul 2>nul
	call winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="%COMPUTERNAME%"; CertificateThumbprint="%TOKEN%"}