vinyar/aws_user_data.ps1

## aws_user_data.ps1
<powershell>
  #https://gist.github.com/vinyar/6735863

 # below two commands are known to fail for arbitrary reasons
  try { winrm quickconfig -q }
  catch {write-host "winrm quickconfig failed"}
  try { Enable-PSRemoting -force}
  catch {write-host "Enable-PSRemoting -force failed"}

  write-host 'setting up WinRm';
  winrm set winrm/config '@{MaxTimeoutms="1800000"}';
  winrm set winrm/config/client/auth '@{Basic="true"}';            # per https://github.com/WinRb/WinRM
  winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}';
  winrm set winrm/config/service '@{AllowUnencrypted="true"}';     # per https://github.com/WinRb/WinRM
  winrm set winrm/config/service/auth '@{Basic="true"}';           # per https://github.com/WinRb/WinRM

  # needed for windows to manipulate centralized config files which live of a share. Such as AppFabric.
  winrm set winrm/config/service/auth '@{CredSSP="true"}';

  write-host 'Attempting to enable built in 5985 firewall rule';
  netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 new remoteip=any;
  write-host 'Adding custom firewall rule for 5985';
  netsh advfirewall firewall add rule name="Opscode-Windows Remote Management (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=5985 remoteip=any;;
  write-host 'adding 80-84 ports for training';
  netsh advfirewall firewall add rule name="Opscode-Windows IIS (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=80-84 remoteip=any;

  # Setting up "Known" user for bootstrapping.
  write-host 'setting up secedit rule to disable complex passwords';
  "[System Access]" | out-file c:\delete.cfg;
  "PasswordComplexity = 0" | out-file c:\delete.cfg -append;
  "[Version]"  | out-file c:\delete.cfg -append;
  'signature="$CHICAGO$"'  | out-file c:\delete.cfg -append;

  write-host 'changing secedit policy';
  secedit /configure /db C:\Windows\security\new.sdb /cfg c:\delete.cfg /areas SECURITYPOLICY;

  write-host 'Setting up "Known" user for bootstrapping.';
  $user="**********";
  $password = "**********";
  net user /add $user $password /yes;
  write-host 'adding user to admins';
  net localgroup Administrators /add $user;

</powershell>
	<powershell>
	#https://gist.github.com/vinyar/6735863

	# below two commands are known to fail for arbitrary reasons
	try { winrm quickconfig -q }
	catch {write-host "winrm quickconfig failed"}
	try { Enable-PSRemoting -force}
	catch {write-host "Enable-PSRemoting -force failed"}

	write-host 'setting up WinRm';
	winrm set winrm/config '@{MaxTimeoutms="1800000"}';
	winrm set winrm/config/client/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM
	winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}';
	winrm set winrm/config/service '@{AllowUnencrypted="true"}'; # per https://github.com/WinRb/WinRM
	winrm set winrm/config/service/auth '@{Basic="true"}'; # per https://github.com/WinRb/WinRM

	# needed for windows to manipulate centralized config files which live of a share. Such as AppFabric.
	winrm set winrm/config/service/auth '@{CredSSP="true"}';

	write-host 'Attempting to enable built in 5985 firewall rule';
	netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 new remoteip=any;
	write-host 'Adding custom firewall rule for 5985';
	netsh advfirewall firewall add rule name="Opscode-Windows Remote Management (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=5985 remoteip=any;;
	write-host 'adding 80-84 ports for training';
	netsh advfirewall firewall add rule name="Opscode-Windows IIS (HTTP-In)" dir=in action=allow enable=yes profile=any protocol=tcp localport=80-84 remoteip=any;

	# Setting up "Known" user for bootstrapping.
	write-host 'setting up secedit rule to disable complex passwords';
	"[System Access]" \| out-file c:\delete.cfg;
	"PasswordComplexity = 0" \| out-file c:\delete.cfg -append;
	"[Version]" \| out-file c:\delete.cfg -append;
	'signature="$CHICAGO$"' \| out-file c:\delete.cfg -append;

	write-host 'changing secedit policy';
	secedit /configure /db C:\Windows\security\new.sdb /cfg c:\delete.cfg /areas SECURITYPOLICY;

	write-host 'Setting up "Known" user for bootstrapping.';
	$user="**********";
	$password = "**********";
	net user /add $user $password /yes;
	write-host 'adding user to admins';
	net localgroup Administrators /add $user;

	</powershell>