Solved

Create a command line pack for Windows Server with couple of actions to perform

Posted on 2016-10-07
4
70 Views
Last Modified: 2016-10-28
Hi Experts,
Would like to create a pack for windows 2008 Server (hopefully compatible with Windows 2003 Server). Basically a windows powershell script which should perform below tasks in command line. Idea is to provide this script to a Windows Sys Admin to execute this script on target windows server.

1.      Create a windows Inbound Firewall rule to allow port 22 from any host.
2.      Create a bunch of directories and set ownership to a service account (e.g username = deployuser from Active Directory) by reading a comma separated property value “directoryToCreate” (e.g directoryToCreate=”c:/temp,c:/temp/stage,c:/temp/cache,c:/temp/src
3. Execute an EXE which will create a windows service
4. Verify Step 3 windows service has been created and STARTED and RUNNING fine.
5  Final report showing on all above activities.
      e.g directories created successfully
            Inbound Rule created successfully
            Exe execution and Windows Service verified successfully



Since I have to perform this pack on 30+ Servers, Any suggestion/advise on the best practice please?
Is powershell good enough?
Can I create and EXE Installer on top of powershell?
etc

Thanks in advance
0
Comment
Question by:enthuguy
  • 2
4 Comments
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 250 total points
ID: 41834935
Why use Powershell? You can use Group Policies and GPPs, with the Client-side extensions installed, to do the same thing!

Also, you can use the sysinternal tools for executing programs remotely onto other servers such as psexec.

https://technet.microsoft.com/en-us/sysinternals/bb795532
0
 

Author Comment

by:enthuguy
ID: 41835020
Thanks Peter,
Could you pls give me more insite on GP and GPPs? May be some links or Good ebooks which talks about how to define them especially inbound firewall setup.

also to automate remote execution, firstly i believe trust between two system has to be setup before I execute remote script. Is that ssh keys exchange? could you advise on this pls

reason I was thinking about powershell, we only need these to be enabled on 30 servers. if GP is the way to go...then I'll will read about it and request my Windows System Admin to create those. For my above requirement...can we acheive all of those thru GPs?

thanks
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
ID: 41836159
You do not need a trust for remote execution, just a way to authenticate - usually by providing explicit credentials. So that is no obstacle.

Even if using GP(P) you'll need to run some code for checking and using special properties etc. So a single PowerShell script might indeed be better. However. that is nothing put together with ease, because of the different tasks to manage; and since W2008 does not allow for some network cmdlets in PowerShell, the firewall part needs to be done with netsh, which changes its syntax for each OS release more or less (so far about W2003 and W2008 compatiibility). Worth a try, though, maybe the syntax is the same ;-).

For taking ownership I would use icalcs. That's easier than having to deal with the ACLs in PowerShell.

Step 4 is easy, as far as possible: $svcRunning = get-service wudfsvc | ? { $_.Status -eq "Running" }
You then check e.g. if ($svcRunning) { # ...,
1
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41856602
Here's an article on setting Firewall via Group Policy:
https://technet.microsoft.com/en-us/library/bb490626.aspx

For port 22 allowed in, try these steps:
1. Open Group Policy console.
2. Create or modify a policy for the servers to apply to.
3. Expand Computer Configuration, Windows, Settings, Security Settings
4. Expand Windows Firewall with Advanced Security
5. Inbound Rules
6. New Rule
7. Select Port
8. Select TCP (or UDP)
9. Specific port: 22
10. Select 'Allow the connection'
11. Select which connection to apply to (Domain, Public, Private)
12. Enter name of rule e.g. Allow Port 22
13. Click Finish
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now