Skip to content

Instantly share code, notes, and snippets.

@Iristyle
Created February 9, 2012 02:03
Show Gist options
  • Save Iristyle/1776477 to your computer and use it in GitHub Desktop.
Save Iristyle/1776477 to your computer and use it in GitHub Desktop.
CloudInit.NET script for Windows Core 2008 R2 with IIS, .NET 4 and WebDeploy 2.0
#! /powershell/
Set-StrictMode -Version Latest
$log = 'c:\cloudfu.txt'
Add-Content $log -value "Initial Execution Policy: [$(Get-ExecutionPolicy)]"
Set-ExecutionPolicy Unrestricted
Add-Content $log -value "New Execution Policy: [$(Get-ExecutionPolicy)]"
Add-Content $log -value "Path variable [${env:Path}]"
Add-Content $log -value "PSModulePath variable [${env:PSModulePath}]"
Add-Content $log -value "Available Modules - $(get-module -listAvailable | select -ExpandProperty name)"
Import-Module ServerManager
$Is32Bit = (($Env:PROCESSOR_ARCHITECTURE -eq 'x86') -and ($Env:PROCESSOR_ARCHITEW6432 -eq $null))
Add-Content $log -value "Is System 32-Bit [$Is32Bit]"
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
Add-Content $log -value "Running as ${env:USERNAME}"
Add-Content $log -value "Current thread principal [$([System.Threading.Thread]::CurrentPrincipal.Identity.Name)] - Admin [$isAdmin]"
$privileges = whoami /priv
Add-Content $log -value 'Token Privileges'
Add-Content $log -value $privileges
#http://stackoverflow.com/questions/5682270/disable-automatic-updates-with-powershell
#ensure auto-updates are on
$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
$AUSettings.NotificationLevel = 4 #Scheduled Installation
$AUSettings.ScheduledInstallationDay = 7 #Saturday
$AUSettings.ScheduledInstallationTime = 4 # 4 AM
$AUSettings.IncludeRecommendedUpdates = $true
$AUSettings.Save()
Stop-Service wuauserv
Start-Service wuauserv
Add-Content $log -value 'Enabled automatic Windows updates and restarts for Saturday at 4AM'
#enable IIS, Security, HTTP features, Windows Process Activation Services, .NET support
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Static-Content, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Http-Redirect, Web-App-Dev, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Custom-Logging, Web-Security, Web-Basic-Auth, Web-Url-Auth, Web-Filtering, Web-IP-Security, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Service, Web-Mgmt-Compat, Web-Metabase, Web-WMI, Web-Lgcy-Scripting, Web-WHC, WAS, WAS-Process-Model, WAS-NET-Environment, WAS-Config-APIs
Add-Content $log -value 'Enabled IIS, Security, HTTP features, Windows Process Activation Services, .NET support'
#shouldn't be necessary, but just in case
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -name EnableRemoteManagement -value 1 -propertyType dword -force
Add-Content $log -value 'Doctored EnableRemoteManagement registry key'
#start management service
Start-Process -FilePath 'netsh' -ArgumentList 'advfirewall firewall add rule name="WdeployAgent" dir=in action=allow protocol=TCP localport=8172' -Wait -NoNewWindow
Add-Content $log -value 'Poked hole in firewall for WdeployAgent'
Set-Service wmsvc -StartupType Automatic
#to use things like runCommand in msdeploy manifests the service must have higher privileges
#http://stackoverflow.com/questions/4380819/msdeploy-runcommand-priviliges
Start-Process 'sc.exe' -ArgumentList 'privs wmsvc SeChangeNotifyPrivilege/SeImpersonatePrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege' -Wait -NoNewWindow
#allow using windows account credentials to push with msdeploy
New-ItemProperty -Path HKLM:\Software\Microsoft\WebManagement\Server -name WindowsAuthenticationEnabled -value 1 -propertyType dword -force
Stop-Service wmsvc
Start-Service wmsvc
Add-Content $log -value 'Reconfigured wmsvc and started it'
#install web deploy based on platform
$webDeployUri = if ($Is32Bit) { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_x86_en-US.msi' } `
else { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_amd64_en-US.msi' }
Start-Process -FilePath 'curl.exe' -ArgumentList "-# -G -L $webDeployUri -o ${env:Temp}\WebDeploy.msi" -Wait -NoNewWindow
Add-Content $log -value "Downloaded file to ${env:Temp}\WebDeploy.msi [$(Test-Path ${env:Temp}\WebDeploy.msi)]"
#ms recommends MsDeployAgentService2 but check this - http://forums.iis.net/p/1182557/1999767.aspx
Start-Process -FilePath 'msiexec.exe' -ArgumentList "/i ${env:Temp}\WebDeploy.msi /l WebDeploy.log /norestart /q /passive ADDLOCAL=ALL LISTENURL=http://+:8080/MsDeployAgentService2/" -Wait -NoNewWindow
Add-Content $log -value 'Finished running WebDeploy installer'
del "${env:Temp}\WebDeploy.msi"
Start-Service msdepsvc
#make sure IIS uses .net 4 by default
Start-Process -FilePath "$env:windir\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" -ArgumentList '-i' -Wait -NoNewWindow
Add-Content $log -value 'Registered .NET 4 bindings for IIS'
Add-Content $log -value 'Checking for listening WebDeployAgent port 8172'
netstat `-A | ? { $_ -match '8172' } | Add-Content $log
Add-Content $log -value 'Checking for listening MsDeployAgentService port 8080'
netstat `-A | ? { $_ -match '8080' } | Add-Content $log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment