Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Script to Prep Win 2008 R2 for SMP Install

Created: 26 Jun 2012

The content for this PowerShell script is based on the steps in the Symantec™ ServiceDesk 7.1 SP2 Implementation Guide: 7 1 Upgrade and Install-Rev3.pdf.

For some reason the aspnet_regiis -ga command does not run when scripted. You can take the same syntax and put it on a command line and it works fine. Does anyone have any ideas?

Description: Make configuration changes to windows server in preparation for SMP Install
Date: 01 June 2012
Author: Dave Wagner

1. Powershell must be launced with the -ImportSystemModules option
2. This script is not signed. Powershell ExecutionPolicy must be set accordingly.

# ***** Add Server Roles *****
Add-WindowsFeature Application-Server, AS-Web-Support, NET-win-cfac
Add-WindowsFeature Web-WebServer, Web-Mgmt-Tools -IncludeAllSubFeature

# ***** Configure IE ESC Settings *****
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va

# ***** Disable UAC *****
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0

# ***** Define and Populate Variables for Pre-Reqs *****
Change the bitpath variable to match your environment
$bitspath = "<File Repository>"
$DBEngine = "$bitspath\AccessDatabaseEngine_x64.exe"
$Silver = "$bitspath\silverlight_x64.exe"
$JRE = "$bitspath\jre-6u18-windows-i586-s.exe"
$OWC = "$bitspath\owc11.exe"
$RptView = "$bitspath\ReportViewer.exe"

# ***** Install Pre-Reqs *****
(Start-Process msiexec.exe -ArgumentList /i, $bitspath\sqlncli_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_ADOMD_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_ASOLEDB9_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_XMO_x64.msi, /passive -Wait -Passthru).ExitCode
&$DBEngine /passive | Out-Host
&$Silver /q | Out-Host
&$JRE /passive | Out-Host
&$OWC /quiet | Out-Host
&$RptView /q | Out-Host

# ***** Register Service Acct With IIS *****
Change the domain and user info to match your environment
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis –ga <domain\ServiceAccount>"

# ***** Configure IIS AppPools *****
$appcmd = "c:\windows\system32\inetsrv\appcmd.exe"

&$appcmd set apppool "DefaultAppPool" -managedPipelineMode:Classic
&$appcmd set apppool "Classic .NET AppPool" -managedPipelineMode:Classic

# ***** Change the apppool user and password *****
Change the domain and user info to match your environment
&$appcmd set apppool "DefaultAppPool" /processModel.identityType:SpecificUser /processModel.userName:<domain\ServiceAccount> /processModel.password:<password>
&$appcmd set apppool "Classic .NET AppPool" /processModel.identityType:SpecificUser /processModel.userName:<domain\ServiceAccount> /processModel.password:<password>

# ***** Diable SSL 2.0 *****
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /ve /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"  /t REG_DWORD  /v Enabled  /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"  /t REG_DWORD  /v DisabledByDefault  /d 1 /f

# ***** Restart the server *****
shutdown /r /t 5