Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Create a command line pack for Windows Server with couple of actions to perform

Posted on 2016-10-07
4
Medium Priority
?
116 Views
Last Modified: 2016-10-28
Hi Experts,
Would like to create a pack for windows 2008 Server (hopefully compatible with Windows 2003 Server). Basically a windows powershell script which should perform below tasks in command line. Idea is to provide this script to a Windows Sys Admin to execute this script on target windows server.

1.      Create a windows Inbound Firewall rule to allow port 22 from any host.
2.      Create a bunch of directories and set ownership to a service account (e.g username = deployuser from Active Directory) by reading a comma separated property value “directoryToCreate” (e.g directoryToCreate=”c:/temp,c:/temp/stage,c:/temp/cache,c:/temp/src
3. Execute an EXE which will create a windows service
4. Verify Step 3 windows service has been created and STARTED and RUNNING fine.
5  Final report showing on all above activities.
      e.g directories created successfully
            Inbound Rule created successfully
            Exe execution and Windows Service verified successfully



Since I have to perform this pack on 30+ Servers, Any suggestion/advise on the best practice please?
Is powershell good enough?
Can I create and EXE Installer on top of powershell?
etc

Thanks in advance
0
Comment
Question by:enthuguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 1000 total points
ID: 41834935
Why use Powershell? You can use Group Policies and GPPs, with the Client-side extensions installed, to do the same thing!

Also, you can use the sysinternal tools for executing programs remotely onto other servers such as psexec.

https://technet.microsoft.com/en-us/sysinternals/bb795532
0
 

Author Comment

by:enthuguy
ID: 41835020
Thanks Peter,
Could you pls give me more insite on GP and GPPs? May be some links or Good ebooks which talks about how to define them especially inbound firewall setup.

also to automate remote execution, firstly i believe trust between two system has to be setup before I execute remote script. Is that ssh keys exchange? could you advise on this pls

reason I was thinking about powershell, we only need these to be enabled on 30 servers. if GP is the way to go...then I'll will read about it and request my Windows System Admin to create those. For my above requirement...can we acheive all of those thru GPs?

thanks
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1000 total points
ID: 41836159
You do not need a trust for remote execution, just a way to authenticate - usually by providing explicit credentials. So that is no obstacle.

Even if using GP(P) you'll need to run some code for checking and using special properties etc. So a single PowerShell script might indeed be better. However. that is nothing put together with ease, because of the different tasks to manage; and since W2008 does not allow for some network cmdlets in PowerShell, the firewall part needs to be done with netsh, which changes its syntax for each OS release more or less (so far about W2003 and W2008 compatiibility). Worth a try, though, maybe the syntax is the same ;-).

For taking ownership I would use icalcs. That's easier than having to deal with the ACLs in PowerShell.

Step 4 is easy, as far as possible: $svcRunning = get-service wudfsvc | ? { $_.Status -eq "Running" }
You then check e.g. if ($svcRunning) { # ...,
1
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 41856602
Here's an article on setting Firewall via Group Policy:
https://technet.microsoft.com/en-us/library/bb490626.aspx

For port 22 allowed in, try these steps:
1. Open Group Policy console.
2. Create or modify a policy for the servers to apply to.
3. Expand Computer Configuration, Windows, Settings, Security Settings
4. Expand Windows Firewall with Advanced Security
5. Inbound Rules
6. New Rule
7. Select Port
8. Select TCP (or UDP)
9. Specific port: 22
10. Select 'Allow the connection'
11. Select which connection to apply to (Domain, Public, Private)
12. Enter name of rule e.g. Allow Port 22
13. Click Finish
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question