In my daily work, I am an SME responsible for building infrastructure based on vRealize without using vRealize LCM. To avoid wasting time checking the servers provided by other teams, I decided to create a simple script that based on the official requirements of the VMware documentation sets the required parameters.
Currently, the script is under development so you can consider it as a beta version but it meets your expectations. The element that has to be improved is integration with the user
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
# Domain Check
Write-host "Checking if Computer is in Domain " -Foregroundcolor Yellow
(Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain
#IEESC
Write-host "Disabling IE ESC " -Foregroundcolor Yellow
function Disable-ieESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Stop-Process -Name Explorer -Force
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
Disable-ieESC
# Install .NET 3.5
Write-host "Install .NET 3.5 " -Foregroundcolor Yellow
Install-WindowsFeature -name Net-Framework-core
# .NET 4.5
Write-host "Install .NET 4.5 " -Foregroundcolor Yellow
Install-WindowsFeature -name Net-Framework-45-core
# DTC Setup
Write-host "Setup DTC for vRA " -Foregroundcolor Yellow
Uninstall-Dtc -confirm:$false #required because VM was deployed from Template
Install-Dtc
Set-DtcNetworkSetting -DtcName "Local" -RemoteAdministrationAccessEnabled:$True -RemoteClientAccessEnabled:$True -InboundTransactionsEnabled:$True -OutboundTransactionsEnabled:$True -LUTransactionsEnabled:$True -XATransactionsEnabled:$False -AuthenticationLevel Mutual -Confirm:$False
# Run Secondary Logon
Write-host "Start Secondary Logon Service" -Foregroundcolor Yellow
Get-Service -Name seclogon | Start-Service
#JAVA
Write-host "Setup JAVA " -Foregroundcolor Yellow
#Create Folder
New-Item -ItemType directory -Path C:\JAVA
#Download JAVA
$url=Read-Host -Prompt 'Provide Host name vRA Node'
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile("https://"+$url+":5480/i/jre-win64.zip","c:\JAVA\JRE.zip")
#Unzip
Add-Type -AssemblyName System.IO.Compression.FileSystem
function Unzip
{
param([string]$zipfile, [string]$outpath)
[System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
}
Unzip "c:\JAVA\JRE.zip" "C:\JAVA"
# Setup Path
Write-host "Setup JAVA HOME " -Foregroundcolor Yellow
Invoke-Command -ScriptBlock{setx /M JAVA_HOME "C:\JAVA\bin";}
Invoke-Command -ScriptBlock{setx /M PATH "$Env:PATH;C:\JAVA\bin";}
Write-host "Install IIS " -Foregroundcolor Yellow
$valid=Read-Host -Prompt 'Is this WEB? Provide Yes or No'
If ($valid -eq "Yes")
{
Add-WindowsFeature -Name Web-Webserver,Web-Http-Redirect,Web-Asp-Net,Web-Windows-Auth,Web-Mgmt-Console,Web-Mgmt-Compat, web-metabase
Install-WindowsFeature -name net-wcf-http-activation45
Add-windowsfeature -name was, was-config-apis, was-Net-Environment,NET-Non-HTTP-Activ
if (Get-Module -ListAvailable WebAdministration)
{
Write-host "Importing Web Admin module " -Foregroundcolor Yellow
Import-Module WebAdministration
}
else
{
throw "Webadministration is not installed on this system"
}
Write-Host "Setting authentication values for IIS" -ForegroundColor Yellow
Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/AnonymousAuthentication -Name Enabled -Value $true
Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/AnonymousAuthentication -Name Enabled -Value $false
Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/windowsAuthentication -Name Enabled -Value $false
Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/windowsAuthentication -Name Enabled -Value $true
Write-Host "Removing & Re-Adding Windows authentication providers" -ForegroundColor Yellow
Get-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection | Select-Object -ExpandProperty Value | ForEach-Object {Remove-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtElement @{value=$_}}
Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtIndex 0 -Value "Negotiate"
Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtIndex 1 -Value "NTLM"
Write-Host "Enabling and disabling Extended Protection" -ForegroundColor Yellow
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name extendedProtection.tokenChecking -Value 'Allow'
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name extendedProtection.tokenChecking -Value 'None'
Write-Host "Resetting Kernel Mode" -ForegroundColor Yellow
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name useKernelMode -Value $false
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name useKernelMode -Value $true
Write-Host "Resetting IIS" -ForegroundColor Yellow
$Command = "IISRESET"
Invoke-Expression -Command $Command
}
You can download this file and change extension to .ps1 from .txt