Created
February 9, 2012 02:03
-
-
Save Iristyle/1776477 to your computer and use it in GitHub Desktop.
CloudInit.NET script for Windows Core 2008 R2 with IIS, .NET 4 and WebDeploy 2.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /powershell/ | |
Set-StrictMode -Version Latest | |
$log = 'c:\cloudfu.txt' | |
Add-Content $log -value "Initial Execution Policy: [$(Get-ExecutionPolicy)]" | |
Set-ExecutionPolicy Unrestricted | |
Add-Content $log -value "New Execution Policy: [$(Get-ExecutionPolicy)]" | |
Add-Content $log -value "Path variable [${env:Path}]" | |
Add-Content $log -value "PSModulePath variable [${env:PSModulePath}]" | |
Add-Content $log -value "Available Modules - $(get-module -listAvailable | select -ExpandProperty name)" | |
Import-Module ServerManager | |
$Is32Bit = (($Env:PROCESSOR_ARCHITECTURE -eq 'x86') -and ($Env:PROCESSOR_ARCHITEW6432 -eq $null)) | |
Add-Content $log -value "Is System 32-Bit [$Is32Bit]" | |
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
Add-Content $log -value "Running as ${env:USERNAME}" | |
Add-Content $log -value "Current thread principal [$([System.Threading.Thread]::CurrentPrincipal.Identity.Name)] - Admin [$isAdmin]" | |
$privileges = whoami /priv | |
Add-Content $log -value 'Token Privileges' | |
Add-Content $log -value $privileges | |
#http://stackoverflow.com/questions/5682270/disable-automatic-updates-with-powershell | |
#ensure auto-updates are on | |
$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings | |
$AUSettings.NotificationLevel = 4 #Scheduled Installation | |
$AUSettings.ScheduledInstallationDay = 7 #Saturday | |
$AUSettings.ScheduledInstallationTime = 4 # 4 AM | |
$AUSettings.IncludeRecommendedUpdates = $true | |
$AUSettings.Save() | |
Stop-Service wuauserv | |
Start-Service wuauserv | |
Add-Content $log -value 'Enabled automatic Windows updates and restarts for Saturday at 4AM' | |
#enable IIS, Security, HTTP features, Windows Process Activation Services, .NET support | |
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Static-Content, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Http-Redirect, Web-App-Dev, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Custom-Logging, Web-Security, Web-Basic-Auth, Web-Url-Auth, Web-Filtering, Web-IP-Security, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Service, Web-Mgmt-Compat, Web-Metabase, Web-WMI, Web-Lgcy-Scripting, Web-WHC, WAS, WAS-Process-Model, WAS-NET-Environment, WAS-Config-APIs | |
Add-Content $log -value 'Enabled IIS, Security, HTTP features, Windows Process Activation Services, .NET support' | |
#shouldn't be necessary, but just in case | |
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -name EnableRemoteManagement -value 1 -propertyType dword -force | |
Add-Content $log -value 'Doctored EnableRemoteManagement registry key' | |
#start management service | |
Start-Process -FilePath 'netsh' -ArgumentList 'advfirewall firewall add rule name="WdeployAgent" dir=in action=allow protocol=TCP localport=8172' -Wait -NoNewWindow | |
Add-Content $log -value 'Poked hole in firewall for WdeployAgent' | |
Set-Service wmsvc -StartupType Automatic | |
#to use things like runCommand in msdeploy manifests the service must have higher privileges | |
#http://stackoverflow.com/questions/4380819/msdeploy-runcommand-priviliges | |
Start-Process 'sc.exe' -ArgumentList 'privs wmsvc SeChangeNotifyPrivilege/SeImpersonatePrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege' -Wait -NoNewWindow | |
#allow using windows account credentials to push with msdeploy | |
New-ItemProperty -Path HKLM:\Software\Microsoft\WebManagement\Server -name WindowsAuthenticationEnabled -value 1 -propertyType dword -force | |
Stop-Service wmsvc | |
Start-Service wmsvc | |
Add-Content $log -value 'Reconfigured wmsvc and started it' | |
#install web deploy based on platform | |
$webDeployUri = if ($Is32Bit) { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_x86_en-US.msi' } ` | |
else { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_amd64_en-US.msi' } | |
Start-Process -FilePath 'curl.exe' -ArgumentList "-# -G -L $webDeployUri -o ${env:Temp}\WebDeploy.msi" -Wait -NoNewWindow | |
Add-Content $log -value "Downloaded file to ${env:Temp}\WebDeploy.msi [$(Test-Path ${env:Temp}\WebDeploy.msi)]" | |
#ms recommends MsDeployAgentService2 but check this - http://forums.iis.net/p/1182557/1999767.aspx | |
Start-Process -FilePath 'msiexec.exe' -ArgumentList "/i ${env:Temp}\WebDeploy.msi /l WebDeploy.log /norestart /q /passive ADDLOCAL=ALL LISTENURL=http://+:8080/MsDeployAgentService2/" -Wait -NoNewWindow | |
Add-Content $log -value 'Finished running WebDeploy installer' | |
del "${env:Temp}\WebDeploy.msi" | |
Start-Service msdepsvc | |
#make sure IIS uses .net 4 by default | |
Start-Process -FilePath "$env:windir\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" -ArgumentList '-i' -Wait -NoNewWindow | |
Add-Content $log -value 'Registered .NET 4 bindings for IIS' | |
Add-Content $log -value 'Checking for listening WebDeployAgent port 8172' | |
netstat `-A | ? { $_ -match '8172' } | Add-Content $log | |
Add-Content $log -value 'Checking for listening MsDeployAgentService port 8080' | |
netstat `-A | ? { $_ -match '8080' } | Add-Content $log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment