-
-
Save vinyar/6735863 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<powershell> | |
#https://gist.github.com/vinyar/6735863 | |
# below two commands are known to fail for arbitrary reasons | |
try { winrm quickconfig -q } | |
catch {write-host "winrm quickconfig failed"} | |
try { Enable-PSRemoting -force} | |
catch {write-host "Enable-PSRemoting -force failed"} | |
write-host 'setting up WinRm'; | |
winrm set winrm/config '@{MaxTimeoutms="1800000"}'; | |
winrm set winrm/config/client/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM | |
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'; | |
winrm set winrm/config/service '@{AllowUnencrypted="true"}'; # per https://github.com/WinRb/WinRM | |
winrm set winrm/config/service/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM | |
# needed for windows to manipulate centralized config files which live of a share. Such as AppFabric. | |
winrm set winrm/config/service/auth '@{CredSSP="true"}'; | |
write-host 'Attempting to enable built in 5985 firewall rule'; | |
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 new remoteip=any; | |
write-host 'Adding custom firewall rule for 5985'; | |
netsh advfirewall firewall add rule name="Opscode-Windows Remote Management (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=5985 remoteip=any;; | |
write-host 'adding 80-84 ports for training'; | |
netsh advfirewall firewall add rule name="Opscode-Windows IIS (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=80-84 remoteip=any; | |
# Setting up "Known" user for bootstrapping. | |
write-host 'setting up secedit rule to disable complex passwords'; | |
"[System Access]" | out-file c:\delete.cfg; | |
"PasswordComplexity = 0" | out-file c:\delete.cfg -append; | |
"[Version]" | out-file c:\delete.cfg -append; | |
'signature="$CHICAGO$"' | out-file c:\delete.cfg -append; | |
write-host 'changing secedit policy'; | |
secedit /configure /db C:\Windows\security\new.sdb /cfg c:\delete.cfg /areas SECURITYPOLICY; | |
write-host 'Setting up "Known" user for bootstrapping.'; | |
$user="**********"; | |
$password = "**********"; | |
net user /add $user $password /yes; | |
write-host 'adding user to admins'; | |
net localgroup Administrators /add $user; | |
</powershell> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment