Last active
February 2, 2020 20:48
-
-
Save jamesadjinwa/1d743c645539e595fef92552779e7e3d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$siteName = 'ChocolateyServer' | |
#$appPoolName = 'ChocolateyServerAppPool' | |
$sitePath = 'c:\tools\chocolatey.server' | |
function Add-Acl { | |
[CmdletBinding()] | |
Param ( | |
[string]$Path, | |
[System.Security.AccessControl.FileSystemAccessRule]$AceObject | |
) | |
Write-Verbose "Retrieving existing ACL from $Path" | |
$objACL = Get-ACL -Path $Path | |
$objACL.AddAccessRule($AceObject) | |
Write-Verbose "Setting ACL on $Path" | |
Set-ACL -Path $Path -AclObject $objACL | |
} | |
function New-AclObject { | |
[CmdletBinding()] | |
Param ( | |
[string]$SamAccountName, | |
[System.Security.AccessControl.FileSystemRights]$Permission, | |
[System.Security.AccessControl.AccessControlType]$AccessControl = 'Allow', | |
[System.Security.AccessControl.InheritanceFlags]$Inheritance = 'None', | |
[System.Security.AccessControl.PropagationFlags]$Propagation = 'None' | |
) | |
New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule($SamAccountName, $Permission, $Inheritance, $Propagation, $AccessControl) | |
} | |
if ($null -eq (Get-Command -Name 'choco.exe' -ErrorAction SilentlyContinue)) { | |
Write-Warning "Chocolatey not installed. Cannot install standard packages." | |
Exit 1 | |
} | |
# Install Chocolatey.Server prereqs | |
choco install IIS-WebServer --source windowsfeatures | |
choco install IIS-ASPNET45 --source windowsfeatures | |
# Install Chocolatey.Server | |
choco upgrade chocolatey.server -y | |
# Step by step instructions here https://chocolatey.org/docs/how-to-set-up-chocolatey-server#setup-normally | |
# Import the right modules | |
Import-Module WebAdministration | |
# Disable or remove the Default website | |
Get-Website -Name 'Default Web Site' | Stop-Website | |
Set-ItemProperty "IIS:\Sites\Default Web Site" serverAutoStart False # disables website | |
# Set up an app pool for Chocolatey.Server. Ensure 32-bit is enabled and the managed runtime version is v4.0 (or some version of 4). Ensure it is "Integrated" and not "Classic". | |
Write-Verbose "Set up an app pool for Chocolatey" | |
#New-WebAppPool -Name $appPoolName | |
if(Test-Path IIS:\AppPools\$appPoolName) | |
{ | |
Remove-WebAppPool $appPoolName | |
} | |
New-WebAppPool -Name $appPoolName -Force | |
Set-ItemProperty IIS:\AppPools\$appPoolName enable32BitAppOnWin64 True # Ensure 32-bit is enabled | |
Set-ItemProperty IIS:\AppPools\$appPoolName managedRuntimeVersion v4.0 # managed runtime version is v4.0 | |
Set-ItemProperty IIS:\AppPools\$appPoolName managedPipelineMode Integrated # Ensure it is "Integrated" and not "Classic" | |
Restart-WebAppPool -Name $appPoolName # likely not needed ... but just in case | |
# Set up an IIS website pointed to the install location and set it to use the app pool. | |
#New-Website -Name $siteName -ApplicationPool $appPoolName -PhysicalPath $sitePath | |
New-Website -ErrorAction Ignore -Name $siteName -ApplicationPool $appPoolName -PhysicalPath $sitePath | |
# Add permissions to c:\tools\chocolatey.server: | |
'IIS_IUSRS', 'IUSR', "IIS APPPOOL\$appPoolName" | ForEach-Object { | |
$obj = New-AclObject -SamAccountName $_ -Permission 'ReadAndExecute' -Inheritance 'ContainerInherit','ObjectInherit' | |
Add-Acl -Path $sitePath -AceObject $obj | |
} | |
# Add the permissions to the App_Data subfolder: | |
$appdataPath = Join-Path -Path $sitePath -ChildPath 'App_Data' | |
'IIS_IUSRS', "IIS APPPOOL\$appPoolName" | ForEach-Object { | |
$obj = New-AclObject -SamAccountName $_ -Permission 'Modify' -Inheritance 'ContainerInherit', 'ObjectInherit' | |
Add-Acl -Path $appdataPath -AceObject $obj | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment