Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Create a command line pack for Windows Server with couple of actions to perform

Posted on 2016-10-07
4
Medium Priority
?
132 Views
Last Modified: 2016-10-28
Hi Experts,
Would like to create a pack for windows 2008 Server (hopefully compatible with Windows 2003 Server). Basically a windows powershell script which should perform below tasks in command line. Idea is to provide this script to a Windows Sys Admin to execute this script on target windows server.

1.      Create a windows Inbound Firewall rule to allow port 22 from any host.
2.      Create a bunch of directories and set ownership to a service account (e.g username = deployuser from Active Directory) by reading a comma separated property value “directoryToCreate” (e.g directoryToCreate=”c:/temp,c:/temp/stage,c:/temp/cache,c:/temp/src
3. Execute an EXE which will create a windows service
4. Verify Step 3 windows service has been created and STARTED and RUNNING fine.
5  Final report showing on all above activities.
      e.g directories created successfully
            Inbound Rule created successfully
            Exe execution and Windows Service verified successfully



Since I have to perform this pack on 30+ Servers, Any suggestion/advise on the best practice please?
Is powershell good enough?
Can I create and EXE Installer on top of powershell?
etc

Thanks in advance
0
Comment
Question by:enthuguy
  • 2
4 Comments
 
LVL 20

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 1000 total points
ID: 41834935
Why use Powershell? You can use Group Policies and GPPs, with the Client-side extensions installed, to do the same thing!

Also, you can use the sysinternal tools for executing programs remotely onto other servers such as psexec.

https://technet.microsoft.com/en-us/sysinternals/bb795532
0
 

Author Comment

by:enthuguy
ID: 41835020
Thanks Peter,
Could you pls give me more insite on GP and GPPs? May be some links or Good ebooks which talks about how to define them especially inbound firewall setup.

also to automate remote execution, firstly i believe trust between two system has to be setup before I execute remote script. Is that ssh keys exchange? could you advise on this pls

reason I was thinking about powershell, we only need these to be enabled on 30 servers. if GP is the way to go...then I'll will read about it and request my Windows System Admin to create those. For my above requirement...can we acheive all of those thru GPs?

thanks
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1000 total points
ID: 41836159
You do not need a trust for remote execution, just a way to authenticate - usually by providing explicit credentials. So that is no obstacle.

Even if using GP(P) you'll need to run some code for checking and using special properties etc. So a single PowerShell script might indeed be better. However. that is nothing put together with ease, because of the different tasks to manage; and since W2008 does not allow for some network cmdlets in PowerShell, the firewall part needs to be done with netsh, which changes its syntax for each OS release more or less (so far about W2003 and W2008 compatiibility). Worth a try, though, maybe the syntax is the same ;-).

For taking ownership I would use icalcs. That's easier than having to deal with the ACLs in PowerShell.

Step 4 is easy, as far as possible: $svcRunning = get-service wudfsvc | ? { $_.Status -eq "Running" }
You then check e.g. if ($svcRunning) { # ...,
1
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 41856602
Here's an article on setting Firewall via Group Policy:
https://technet.microsoft.com/en-us/library/bb490626.aspx

For port 22 allowed in, try these steps:
1. Open Group Policy console.
2. Create or modify a policy for the servers to apply to.
3. Expand Computer Configuration, Windows, Settings, Security Settings
4. Expand Windows Firewall with Advanced Security
5. Inbound Rules
6. New Rule
7. Select Port
8. Select TCP (or UDP)
9. Specific port: 22
10. Select 'Allow the connection'
11. Select which connection to apply to (Domain, Public, Private)
12. Enter name of rule e.g. Allow Port 22
13. Click Finish
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question