Solved

Create a command line pack for Windows Server with couple of actions to perform

Posted on 2016-10-07
4
85 Views
Last Modified: 2016-10-28
Hi Experts,
Would like to create a pack for windows 2008 Server (hopefully compatible with Windows 2003 Server). Basically a windows powershell script which should perform below tasks in command line. Idea is to provide this script to a Windows Sys Admin to execute this script on target windows server.

1.      Create a windows Inbound Firewall rule to allow port 22 from any host.
2.      Create a bunch of directories and set ownership to a service account (e.g username = deployuser from Active Directory) by reading a comma separated property value “directoryToCreate” (e.g directoryToCreate=”c:/temp,c:/temp/stage,c:/temp/cache,c:/temp/src
3. Execute an EXE which will create a windows service
4. Verify Step 3 windows service has been created and STARTED and RUNNING fine.
5  Final report showing on all above activities.
      e.g directories created successfully
            Inbound Rule created successfully
            Exe execution and Windows Service verified successfully



Since I have to perform this pack on 30+ Servers, Any suggestion/advise on the best practice please?
Is powershell good enough?
Can I create and EXE Installer on top of powershell?
etc

Thanks in advance
0
Comment
Question by:enthuguy
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 250 total points
ID: 41834935
Why use Powershell? You can use Group Policies and GPPs, with the Client-side extensions installed, to do the same thing!

Also, you can use the sysinternal tools for executing programs remotely onto other servers such as psexec.

https://technet.microsoft.com/en-us/sysinternals/bb795532
0
 

Author Comment

by:enthuguy
ID: 41835020
Thanks Peter,
Could you pls give me more insite on GP and GPPs? May be some links or Good ebooks which talks about how to define them especially inbound firewall setup.

also to automate remote execution, firstly i believe trust between two system has to be setup before I execute remote script. Is that ssh keys exchange? could you advise on this pls

reason I was thinking about powershell, we only need these to be enabled on 30 servers. if GP is the way to go...then I'll will read about it and request my Windows System Admin to create those. For my above requirement...can we acheive all of those thru GPs?

thanks
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 250 total points
ID: 41836159
You do not need a trust for remote execution, just a way to authenticate - usually by providing explicit credentials. So that is no obstacle.

Even if using GP(P) you'll need to run some code for checking and using special properties etc. So a single PowerShell script might indeed be better. However. that is nothing put together with ease, because of the different tasks to manage; and since W2008 does not allow for some network cmdlets in PowerShell, the firewall part needs to be done with netsh, which changes its syntax for each OS release more or less (so far about W2003 and W2008 compatiibility). Worth a try, though, maybe the syntax is the same ;-).

For taking ownership I would use icalcs. That's easier than having to deal with the ACLs in PowerShell.

Step 4 is easy, as far as possible: $svcRunning = get-service wudfsvc | ? { $_.Status -eq "Running" }
You then check e.g. if ($svcRunning) { # ...,
1
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41856602
Here's an article on setting Firewall via Group Policy:
https://technet.microsoft.com/en-us/library/bb490626.aspx

For port 22 allowed in, try these steps:
1. Open Group Policy console.
2. Create or modify a policy for the servers to apply to.
3. Expand Computer Configuration, Windows, Settings, Security Settings
4. Expand Windows Firewall with Advanced Security
5. Inbound Rules
6. New Rule
7. Select Port
8. Select TCP (or UDP)
9. Specific port: 22
10. Select 'Allow the connection'
11. Select which connection to apply to (Domain, Public, Private)
12. Enter name of rule e.g. Allow Port 22
13. Click Finish
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question