-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path2-AddFeatures.ps1
300 lines (208 loc) · 10.8 KB
/
2-AddFeatures.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
<#
.Script prupose
Add features to this windows instance
Configure DNS on this instance
.NOTES
Version: 1.0
DateModified: 31/May/2017
LasModifiedBy: Vicente Rodriguez Eguibar
Eguibar Information Technology S.L.
http://www.eguibarit.com
#>
<#
EGUIBARIT MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT. AS TO DOCUMENTS AND CODE, EGUIBARIT MAKES NO REPRESENTATION OR WARRANTY
THAT THE CONTENTS OF SUCH DOCUMENT OR CODE ARE FREE FROM ERROR OR SUITABLE FOR ANY PURPOSE; NOR THAT IMPLEMENTATION OF SUCH CONTENTS
WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS., provided that
You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Code is embedded;
(ii) to include a valid copyright notice on Your software product in which the Code is embedded; and
(iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys' fees,
that arise or result from the use or distribution of the Code.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script are subject to the terms specified at http://eguibarit.eu/copyright-notice-and-disclaimers/
#>
Start-Sleep -Seconds 5
# Clear any previous error
$error.clear()
Write-Verbose -Message 'Import the Module: EguibarIT & ServerManager'
Import-Module -Name EguibarIT -Verbose:$false | Out-Null
Import-Module -Name ServerManager -Verbose:$false | Out-Null
Import-Module -Name DnsServer -Verbose:$false | Out-Null
# Get Folder where all Delegation Model scripts & files
$DMscripts = ('{0}\PsScripts' -f $env:SystemDrive)
# Logging all output
Start-Transcript -Path ('{0}\2-AddFeatures-{1}.log' -f $DMscripts, (Get-Date -Format 'dd-MMM-yyyy')) -NoClobber -Append -Force
#$DebugPreference = 'SilentlyContinue'
$VerbosePreference = 'Continue'
#$InformationPreference = 'Continue'
#$ErrorActionPreference = 'Continue'
# Read Config.xml file. The file should be located on the same directory as this script
try {
# Check if Config.xml file is loaded. If not, proceed to load it.
If (!(Test-Path -Path variable:confXML)) {
# Check if the Config.xml file exist on the given path
If (Test-Path -Path (Join-Path -Path $DMscripts -ChildPath Config.xml -Resolve)) {
#Open the configuration XML file
$confXML = [xml](Get-Content (Join-Path -Path $DMscripts -ChildPath Config.xml -Resolve))
} #end if
} #end if
} Catch {
Get-CurrentErrorToDisplay -CurrentError $error[0]
} finally {
# Validate configuration file
if (-not (Test-Path -Path $DMscripts\Config.xml -PathType Leaf)) {
throw 'Config.xml file not found'
}
} #end try-catch-finally
#Get the OS Instalation Type
$OsInstalationType = Get-ItemProperty -Path 'HKLM:Software\Microsoft\Windows NT\CurrentVersion' | Select-Object -ExpandProperty InstallationType
############################################################
## START Add Windows Features
############################################################
#add some empty lines so the progress bar does not hide text
[System.Environment]::NewLine
[System.Environment]::NewLine
[System.Environment]::NewLine
[System.Environment]::NewLine
Write-Verbose -Message 'Add Windows Features DNS'
Add-WindowsFeature -Name DNS -IncludeAllSubFeature -Verbose:$False
If ($OsInstalationType -ne 'Server Core') {
Write-Verbose -Message 'Add Windows Features DNS Management Tools'
Add-WindowsFeature -Name RSAT-DNS-Server -Verbose:$False
}
Write-Verbose -Message 'Add Windows Features NET-Framework-Features'
Add-WindowsFeature -Name NET-Framework-Features -Verbose:$False
Write-Verbose -Message 'Add Windows Features NET-Framework-45-Features'
Add-WindowsFeature -Name NET-Framework-45-Features -Verbose:$False
<#
Write-Verbose -Message 'Add Windows Features AS-NET-Framework'
Add-WindowsFeature -Name AS-NET-Framework -IncludeAllSubFeature
#<<<<<<<<<< START Logging >>>>>>>>>>
if ($error.count -ne 0) { [int]$xLine = Get-LineNumber; Get-Error -xLine $xLine -ScriptName $myInvocation.MyCommand }
else { Set-LogEntry -ScriptName $myInvocation.MyCommand -LogText 'Add windows features - AS-NET-Framework.' -Status 0 }
#<<<<<<<<<< END Logging >>>>>>>>>>
#>
# Add .Net 3.5 Features
Write-Verbose -Message 'Add Windows Features FS-FileServer'
Add-WindowsFeature -Name FS-FileServer -IncludeAllSubFeature -Verbose:$False
If ($OsInstalationType -ne 'Server Core') {
Write-Verbose -Message 'Add Windows Features File-Services Management Tools'
Add-WindowsFeature -Name RSAT-File-Services -Verbose:$False
}
Write-Verbose -Message 'Add Windows Features FS-DFS-Namespace'
Add-WindowsFeature -Name FS-DFS-Namespace -IncludeAllSubFeature -Verbose:$False
If ($OsInstalationType -ne 'Server Core') {
Write-Verbose -Message 'Add Windows Features DFS Management Tools'
Add-WindowsFeature -Name RSAT-DFS-Mgmt-Con -Verbose:$False
}
Write-Verbose -Message 'Add Windows Features FS-DFS-Replication'
Add-WindowsFeature -Name FS-DFS-Replication -IncludeAllSubFeature -Verbose:$False
Write-Verbose -Message 'Add Windows Features FS-Resource-Manager'
Add-WindowsFeature -Name FS-Resource-Manager -Verbose:$False
Write-Verbose -Message 'Add Windows Features Group Policy Management'
Add-WindowsFeature -Name GPMC -IncludeAllSubFeature -Verbose:$False
Write-Verbose -Message 'Add Windows Features Backup'
Add-WindowsFeature -Name Windows-Server-Backup -IncludeAllSubFeature -Verbose:$False
Write-Verbose -Message 'Add AD-Domain-Services feature'
# Add AD feature and tools
Add-WindowsFeature -Name AD-Domain-Services
If ($OsInstalationType -ne 'Server Core') {
Write-Verbose -Message 'Add AD-Domain-Services Management Tools'
Add-WindowsFeature -Name RSAT-AD-Tools -Verbose:$False
}
############################################################
## END Add Windows Features
############################################################
############################################################
# START Add DNS zones
############################################################
Write-Verbose -Message 'Add DNS reverse lookup zones'
if (-not (([string]::IsNullOrEmpty($confXML.N.PCs.DC1.IPv4)) -or (([string]::IsNullOrEmpty($confXML.N.PCs.DC1.PrefixLengthIPv4))))) {
$NetworkAddress = ConvertTo-IPv4NetworkAddress -IPv4Address $confXML.N.PCs.DC1.IPv4 -PrefixLength $confXML.N.PCs.DC1.PrefixLengthIPv4
Add-DnsServerPrimaryZone -NetworkId ('{0}/{1}' -f ([String]$NetworkAddress).Substring(1), $confXML.N.PCs.DC1.PrefixLengthIPv4) -ZoneFile 'IPv4.dns'
}
# ToDo function to find IPv6 network address
#Add-DnsServerPrimaryZone -NetworkId ('{0}/{1}' -f $confXML.N.PCs.DC1.IPv6, $confXML.N.PCs.DC1.PrefixLengthIPv6) -ZoneFile 'IPv6.dns'
Add-DnsServerPrimaryZone -NetworkId 'fd36:46d4:a1a7:9d18::0/64' -ZoneFile 'IPv6.dns'
############################################################
## END Add DNS Zones
############################################################
###############################################################################
# START Set Autologon
###############################################################################
# Set the Key and the permission to AutoLogon
$regkeypath = 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
if (-not(Test-RegistryValue -Path $regkeypath -Value 'AutoAdminLogon')) {
New-ItemProperty -Path $regkeypath -Name 'AutoAdminLogon' -PropertyType String
}
Set-ItemProperty -Path $regkeyPath -Name 'AutoAdminLogon' -Value 1
# Set the User Name
if (-not(Test-RegistryValue -Path $regkeypath -Value 'DefaultUserName')) {
New-ItemProperty -Path $regkeypath -Name 'DefaultUserName' -PropertyType String
}
Set-ItemProperty -Path $regkeyPath -Name 'DefaultUserName' -Value $confXML.N.Admin.Users.Admin.Name
# Set the Domain Name (Dot if local machine)
if ($null -eq (Get-ItemProperty -Path $regkeypath).DefaultDomainName) {
New-ItemProperty -Path $regkeypath -Name 'DefaultDomainName' -PropertyType String
}
Set-ItemProperty -Path $regkeyPath -Name 'DefaultDomainName' -Value '.'
# Set the Password
if (-not(Test-RegistryValue -Path $regkeypath -Value 'DefaultPassword')) {
New-ItemProperty -Path $regkeypath -Name 'DefaultPassword' -PropertyType String
}
Set-ItemProperty -Path $regkeyPath -Name 'DefaultPassword' -Value $confXML.N.DefaultPassword
# Set the AutoLogon count to 1 time
if (-not(Test-RegistryValue -Path $regkeypath -Value 'AutoLogonCount')) {
New-ItemProperty -Path $regkeypath -Name 'AutoLogonCount' -PropertyType DWORD
}
Set-ItemProperty -Path $regkeyPath -Name 'AutoLogonCount' -Value 1
# Force Autologon
if (-not(Test-RegistryValue -Path $regkeypath -Value 'ForceAutoLogon')) {
New-ItemProperty -Path $regkeypath -Name 'ForceAutoLogon' -PropertyType DWORD
}
Set-ItemProperty -Path $regkeyPath -Name 'ForceAutoLogon' -Value 1
###############################################################################
# END Set Autologon
###############################################################################
###############################################################################
# START 3-PromoteDC.ps1 at next Logon (Scheduled Task)
###############################################################################
If (($null -eq $DMscripts) -or ($DMscripts -eq '')) {
$DMscripts = 'C:\PsScripts'
}
$File = '3-PromoteDC.ps1'
$NextFile = '{0}\{1}' -f $DMscripts, $file
$UserID = $confXML.N.Admin.Users.Admin.Name
$Arguments = '-NoLogo -NoExit -ExecutionPolicy Bypass -File {0}' -f $NextFile
$principal = New-ScheduledTaskPrincipal -UserId $UserID -LogonType Interactive -RunLevel Highest
$TaskAction = New-ScheduledTaskAction -Execute 'C:\Program Files\PowerShell\7\pwsh.exe' -Argument $Arguments
$TaskTrigger = New-ScheduledTaskTrigger -AtLogOn -User $UserID
$Stset = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopOnIdleEnd -Compatibility Win8
$Splat = @{
Action = $TaskAction
Description = 'Execute {0} on the next logon.' -f $file
Force = $true
Principal = $principal
Settings = $Stset
TaskName = $File
Trigger = $TaskTrigger
Verbose = $true
}
try {
Register-ScheduledTask @Splat
} catch {
throw
} Finally {
# Unregister previous scheduled task
Unregister-ScheduledTask -TaskName '2-AddFeatures.ps1' -Confirm:$false -Verbose
}
###############################################################################
# END
###############################################################################
Write-Verbose -Message '5 second pause to give Win a chance to catch up and reboot'
Start-Sleep -Seconds 5
# Stop Logging
Stop-Transcript
Write-Verbose -Message 'Reboot???'
Restart-Computer -Force