mrballcb/setup_winrm.txt

## setup_winrm.txt
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# set administrator password
net user Administrator some_default_password_that_you_pick_for_your_org
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig '-transport:http'
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>

## setup_winrm_win_2008.txt
<powershell>

write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

## Downloading/installing WinRS memory HotFix
(new-object System.Net.WebClient).DownloadFile('https://s3-us-west-1.amazonaws.com/YOURBUCKET/software/MicrosoftUpdates/Windows6.1-KB2842230-x64.msu','C:\\Windows\\Temp\\Windows6.1-KB2842230-x64.msu')
#C:\\Windows\\Temp\\Windows6.1-KB2842230-x64.msu /quiet /passive /norestart
$p = Start-Process wusa.exe -ArgumentList 'C:\\Windows\\Temp\\Windows6.1-KB2842230-x64.msu /quiet /passive /norestart' -wait -NoNewWindow -PassThru

## Downloading/installing DotNet 4.5.1
(New-Object System.Net.WebClient).DownloadFile('https://s3-us-west-1.amazonaws.com/YOURBUCKET/NDP451-KB2858728-x86-x64-AllOS-ENU.exe', 'C:\Windows\Temp\NDP451-KB2858728-x86-x64-AllOS-ENU.exe')
Start-Process 'C:\Windows\Temp\NDP451-KB2858728-x86-x64-AllOS-ENU.exe' -ArgumentList '/q /norestart' -Wait -PassThru

## Downloading/installing PowerShell 4
(New-Object System.Net.WebClient).DownloadFile('https://s3-us-west-1.amazonaws.com/YOURBUCKET/Windows6.1-KB2819745-x64-MultiPkg.msu', 'C:\Windows\Temp\Windows6.1-KB2819745-x64-MultiPkg.msu')
Start-Process 'C:\Windows\Temp\Windows6.1-KB2819745-x64-MultiPkg.msu' -ArgumentList '/quiet /norestart' -Wait -PassThru

wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig -q '-transport:http'
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

</powershell>

## template.json
{
  "builders": [
    {
      "type": "amazon-ebs",
      "region": "us-east-1",
      "source_ami_filter": {
        "filters": {
          "virtualization-type": "hvm",
          "name": "Windows_Server-2016-English-Full-Base-*",
          "root-device-type": "ebs"
        },
        "owners": ["amazon"],
        "most_recent": true
      },
      "instance_type": "m3.medium",
      "ami_name": "windows-ami {{timestamp}}",
      "user_data_file": "{{template_dir}}/setup_winrm.txt",
   // if using an HVM type, will need to add VPC info. Must already exist.
   /* "vpc_id": "vpc-NNNNNN",
      "subnet_id": "subnet-MMMMM",
      "security_group_id" : "sg-XXXXXX",
    */
      "communicator": "winrm",
      "winrm_username": "Administrator"
    }
  ],

    "provisioners": [
        {
            "type": "powershell",
            "inline": [
                "dir c:\\"
            ]
        }
    ]
}
	<powershell>
	write-output "Running User Data Script"
	write-host "(host) Running User Data Script"

	Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

	# Don't set this before Set-ExecutionPolicy as it throws an error
	$ErrorActionPreference = "stop"

	# Remove HTTP listener
	Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

	# set administrator password
	net user Administrator some_default_password_that_you_pick_for_your_org
	wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

	# WinRM
	write-output "Setting up WinRM"
	write-host "(host) setting up WinRM"

	cmd.exe /c winrm quickconfig -q
	cmd.exe /c winrm quickconfig '-transport:http'
	cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
	cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
	cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
	cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
	cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
	cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
	cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
	cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
	cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
	cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"
	cmd.exe /c net stop winrm
	cmd.exe /c sc config winrm start= auto
	cmd.exe /c net start winrm
	</powershell>
	{
	"builders": [
	{
	"type": "amazon-ebs",
	"region": "us-east-1",
	"source_ami_filter": {
	"filters": {
	"virtualization-type": "hvm",
	"name": "Windows_Server-2016-English-Full-Base-*",
	"root-device-type": "ebs"
	},
	"owners": ["amazon"],
	"most_recent": true
	},
	"instance_type": "m3.medium",
	"ami_name": "windows-ami {{timestamp}}",
	"user_data_file": "{{template_dir}}/setup_winrm.txt",
	// if using an HVM type, will need to add VPC info. Must already exist.
	/* "vpc_id": "vpc-NNNNNN",
	"subnet_id": "subnet-MMMMM",
	"security_group_id" : "sg-XXXXXX",
	*/
	"communicator": "winrm",
	"winrm_username": "Administrator"
	}
	],

	"provisioners": [
	{
	"type": "powershell",
	"inline": [
	"dir c:\\"
	]
	}
	]
	}