CloudInit.NET script for Windows Core 2008 R2 with IIS, .NET 4 and WebDeploy 2.0

2/9/2012 - 2:03 AM
CloudInit.NET script for Windows Core 2008 R2 with IIS, .NET 4 and WebDeploy 2.0

#! /powershell/

Set-StrictMode -Version Latest
$log = 'c:\cloudfu.txt'

Add-Content $log -value "Initial Execution Policy: [$(Get-ExecutionPolicy)]"
Set-ExecutionPolicy Unrestricted
Add-Content $log -value "New Execution Policy: [$(Get-ExecutionPolicy)]"
Add-Content $log -value "Path variable [${env:Path}]"
Add-Content $log -value "PSModulePath variable [${env:PSModulePath}]"

Add-Content $log -value "Available Modules - $(get-module -listAvailable | select -ExpandProperty name)"
Import-Module ServerManager

$Is32Bit = (($Env:PROCESSOR_ARCHITECTURE -eq 'x86') -and ($Env:PROCESSOR_ARCHITEW6432 -eq $null))
Add-Content $log -value "Is System 32-Bit [$Is32Bit]"

$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

Add-Content $log -value "Running as ${env:USERNAME}"
Add-Content $log -value "Current thread principal [$([System.Threading.Thread]::CurrentPrincipal.Identity.Name)] - Admin [$isAdmin]"
$privileges = whoami /priv
Add-Content $log -value 'Token Privileges'
Add-Content $log -value $privileges
 
#http://stackoverflow.com/questions/5682270/disable-automatic-updates-with-powershell
#ensure auto-updates are on
$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
$AUSettings.NotificationLevel = 4 #Scheduled Installation
$AUSettings.ScheduledInstallationDay = 7 #Saturday
$AUSettings.ScheduledInstallationTime = 4 # 4 AM
$AUSettings.IncludeRecommendedUpdates = $true
$AUSettings.Save()
Stop-Service wuauserv
Start-Service wuauserv
Add-Content $log -value 'Enabled automatic Windows updates and restarts for Saturday at 4AM'

#enable IIS, Security, HTTP features, Windows Process Activation Services, .NET support
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Static-Content, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Http-Redirect, Web-App-Dev, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Custom-Logging, Web-Security, Web-Basic-Auth, Web-Url-Auth, Web-Filtering, Web-IP-Security, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Service, Web-Mgmt-Compat, Web-Metabase, Web-WMI, Web-Lgcy-Scripting, Web-WHC, WAS, WAS-Process-Model, WAS-NET-Environment, WAS-Config-APIs

Add-Content $log -value 'Enabled IIS, Security, HTTP features, Windows Process Activation Services, .NET support'
 
#shouldn't be necessary, but just in case
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -name EnableRemoteManagement -value 1 -propertyType dword -force
Add-Content $log -value 'Doctored EnableRemoteManagement registry key'

#start management service
Start-Process -FilePath 'netsh' -ArgumentList 'advfirewall firewall add rule name="WdeployAgent" dir=in action=allow protocol=TCP localport=8172' -Wait -NoNewWindow
Add-Content $log -value 'Poked hole in firewall for WdeployAgent'
Set-Service wmsvc -StartupType Automatic

#to use things like runCommand in msdeploy manifests the service must have higher privileges
#http://stackoverflow.com/questions/4380819/msdeploy-runcommand-priviliges
Start-Process 'sc.exe' -ArgumentList 'privs wmsvc SeChangeNotifyPrivilege/SeImpersonatePrivilege/SeAssignPrimaryTokenPrivilege/SeIncreaseQuotaPrivilege' -Wait -NoNewWindow

#allow using windows account credentials to push with msdeploy
New-ItemProperty -Path HKLM:\Software\Microsoft\WebManagement\Server -name WindowsAuthenticationEnabled -value 1 -propertyType dword -force

Stop-Service wmsvc
Start-Service wmsvc
Add-Content $log -value 'Reconfigured wmsvc and started it'

#install web deploy based on platform
$webDeployUri = if ($Is32Bit) { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_x86_en-US.msi' } `
    else { 'http://download.microsoft.com/download/8/9/B/89B754A5-56F7-45BD-B074-8974FD2039AF/WebDeploy_2_10_amd64_en-US.msi' }

Start-Process -FilePath 'curl.exe' -ArgumentList "-# -G -L $webDeployUri -o ${env:Temp}\WebDeploy.msi" -Wait -NoNewWindow
Add-Content $log -value "Downloaded file to ${env:Temp}\WebDeploy.msi [$(Test-Path ${env:Temp}\WebDeploy.msi)]"

#ms recommends MsDeployAgentService2 but check this - http://forums.iis.net/p/1182557/1999767.aspx
Start-Process -FilePath 'msiexec.exe' -ArgumentList "/i ${env:Temp}\WebDeploy.msi /l WebDeploy.log /norestart /q /passive ADDLOCAL=ALL LISTENURL=http://+:8080/MsDeployAgentService2/" -Wait -NoNewWindow
Add-Content $log -value 'Finished running WebDeploy installer'
del "${env:Temp}\WebDeploy.msi"
Start-Service msdepsvc

#make sure IIS uses .net 4 by default
Start-Process -FilePath "$env:windir\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" -ArgumentList '-i' -Wait -NoNewWindow
Add-Content $log -value 'Registered .NET 4 bindings for IIS'

Add-Content $log -value 'Checking for listening WebDeployAgent port 8172'
netstat `-A  | ? { $_ -match '8172' } | Add-Content $log

Add-Content $log -value 'Checking for listening MsDeployAgentService port 8080'
netstat `-A  | ? { $_ -match '8080' } | Add-Content $log
Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

CloudInit.NET script for Windows Core 2008 R2 with IIS, .NET 4 and WebDeploy 2.0
