Solved

Create a command line pack for Windows Server with couple of actions to perform

Posted on 2016-10-07
4
56 Views
Last Modified: 2016-10-28
Hi Experts,
Would like to create a pack for windows 2008 Server (hopefully compatible with Windows 2003 Server). Basically a windows powershell script which should perform below tasks in command line. Idea is to provide this script to a Windows Sys Admin to execute this script on target windows server.

1.      Create a windows Inbound Firewall rule to allow port 22 from any host.
2.      Create a bunch of directories and set ownership to a service account (e.g username = deployuser from Active Directory) by reading a comma separated property value “directoryToCreate” (e.g directoryToCreate=”c:/temp,c:/temp/stage,c:/temp/cache,c:/temp/src
3. Execute an EXE which will create a windows service
4. Verify Step 3 windows service has been created and STARTED and RUNNING fine.
5  Final report showing on all above activities.
      e.g directories created successfully
            Inbound Rule created successfully
            Exe execution and Windows Service verified successfully



Since I have to perform this pack on 30+ Servers, Any suggestion/advise on the best practice please?
Is powershell good enough?
Can I create and EXE Installer on top of powershell?
etc

Thanks in advance
0
Comment
Question by:enthuguy
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 250 total points
Comment Utility
Why use Powershell? You can use Group Policies and GPPs, with the Client-side extensions installed, to do the same thing!

Also, you can use the sysinternal tools for executing programs remotely onto other servers such as psexec.

https://technet.microsoft.com/en-us/sysinternals/bb795532
0
 

Author Comment

by:enthuguy
Comment Utility
Thanks Peter,
Could you pls give me more insite on GP and GPPs? May be some links or Good ebooks which talks about how to define them especially inbound firewall setup.

also to automate remote execution, firstly i believe trust between two system has to be setup before I execute remote script. Is that ssh keys exchange? could you advise on this pls

reason I was thinking about powershell, we only need these to be enabled on 30 servers. if GP is the way to go...then I'll will read about it and request my Windows System Admin to create those. For my above requirement...can we acheive all of those thru GPs?

thanks
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
Comment Utility
You do not need a trust for remote execution, just a way to authenticate - usually by providing explicit credentials. So that is no obstacle.

Even if using GP(P) you'll need to run some code for checking and using special properties etc. So a single PowerShell script might indeed be better. However. that is nothing put together with ease, because of the different tasks to manage; and since W2008 does not allow for some network cmdlets in PowerShell, the firewall part needs to be done with netsh, which changes its syntax for each OS release more or less (so far about W2003 and W2008 compatiibility). Worth a try, though, maybe the syntax is the same ;-).

For taking ownership I would use icalcs. That's easier than having to deal with the ACLs in PowerShell.

Step 4 is easy, as far as possible: $svcRunning = get-service wudfsvc | ? { $_.Status -eq "Running" }
You then check e.g. if ($svcRunning) { # ...,
1
 
LVL 18

Expert Comment

by:Peter Hutchison
Comment Utility
Here's an article on setting Firewall via Group Policy:
https://technet.microsoft.com/en-us/library/bb490626.aspx

For port 22 allowed in, try these steps:
1. Open Group Policy console.
2. Create or modify a policy for the servers to apply to.
3. Expand Computer Configuration, Windows, Settings, Security Settings
4. Expand Windows Firewall with Advanced Security
5. Inbound Rules
6. New Rule
7. Select Port
8. Select TCP (or UDP)
9. Specific port: 22
10. Select 'Allow the connection'
11. Select which connection to apply to (Domain, Public, Private)
12. Enter name of rule e.g. Allow Port 22
13. Click Finish
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now