Video Screencast Help

Script to Prep Win 2008 R2 for SMP Install

Created: 26 Jun 2012

The content for this PowerShell script is based on the steps in the Symantec™ ServiceDesk 7.1 SP2 Implementation Guide: 7 1 Upgrade and Install-Rev3.pdf.

For some reason the aspnet_regiis -ga command does not run when scripted. You can take the same syntax and put it on a command line and it works fine. Does anyone have any ideas?

Description: Make configuration changes to windows server in preparation for SMP Install
Date: 01 June 2012
Author: Dave Wagner

1. Powershell must be launced with the -ImportSystemModules option
2. This script is not signed. Powershell ExecutionPolicy must be set accordingly.

# ***** Add Server Roles *****
Add-WindowsFeature Application-Server, AS-Web-Support, NET-win-cfac
Add-WindowsFeature Web-WebServer, Web-Mgmt-Tools -IncludeAllSubFeature

# ***** Configure IE ESC Settings *****
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va

# ***** Disable UAC *****
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0

# ***** Define and Populate Variables for Pre-Reqs *****
Change the bitpath variable to match your environment
$bitspath = "<File Repository>"
$DBEngine = "$bitspath\AccessDatabaseEngine_x64.exe"
$Silver = "$bitspath\silverlight_x64.exe"
$JRE = "$bitspath\jre-6u18-windows-i586-s.exe"
$OWC = "$bitspath\owc11.exe"
$RptView = "$bitspath\ReportViewer.exe"

# ***** Install Pre-Reqs *****
(Start-Process msiexec.exe -ArgumentList /i, $bitspath\sqlncli_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_ADOMD_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_ASOLEDB9_x64.msi, /passive -Wait -Passthru).ExitCode
(Start-Process msiexec -ArgumentList /i, $bitspath\SQLServer2005_XMO_x64.msi, /passive -Wait -Passthru).ExitCode
&$DBEngine /passive | Out-Host
&$Silver /q | Out-Host
&$JRE /passive | Out-Host
&$OWC /quiet | Out-Host
&$RptView /q | Out-Host

# ***** Register Service Acct With IIS *****
Change the domain and user info to match your environment
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis –ga <domain\ServiceAccount>"

# ***** Configure IIS AppPools *****
$appcmd = "c:\windows\system32\inetsrv\appcmd.exe"

&$appcmd set apppool "DefaultAppPool" -managedPipelineMode:Classic
&$appcmd set apppool "Classic .NET AppPool" -managedPipelineMode:Classic

# ***** Change the apppool user and password *****
Change the domain and user info to match your environment
&$appcmd set apppool "DefaultAppPool" /processModel.identityType:SpecificUser /processModel.userName:<domain\ServiceAccount> /processModel.password:<password>
&$appcmd set apppool "Classic .NET AppPool" /processModel.identityType:SpecificUser /processModel.userName:<domain\ServiceAccount> /processModel.password:<password>

# ***** Diable SSL 2.0 *****
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /ve /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"  /t REG_DWORD  /v Enabled  /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"  /t REG_DWORD  /v DisabledByDefault  /d 1 /f

# ***** Restart the server *****
shutdown /r /t 5