[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } # Domain Check Write-host "Checking if Computer is in Domain " -Foregroundcolor Yellow (Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain #IEESC Write-host "Disabling IE ESC " -Foregroundcolor Yellow function Disable-ieESC { $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 Stop-Process -Name Explorer -Force Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green } Disable-ieESC # Install .NET 3.5 Write-host "Install .NET 3.5 " -Foregroundcolor Yellow Install-WindowsFeature -name Net-Framework-core # .NET 4.5 Write-host "Install .NET 4.5 " -Foregroundcolor Yellow Install-WindowsFeature -name Net-Framework-45-core # DTC Setup Write-host "Setup DTC for vRA " -Foregroundcolor Yellow Uninstall-Dtc -confirm:$false #required because VM was deployed from Template Install-Dtc Set-DtcNetworkSetting -DtcName "Local" -RemoteAdministrationAccessEnabled:$True -RemoteClientAccessEnabled:$True -InboundTransactionsEnabled:$True -OutboundTransactionsEnabled:$True -LUTransactionsEnabled:$True -XATransactionsEnabled:$False -AuthenticationLevel Mutual -Confirm:$False # Run Secondary Logon Write-host "Start Secondary Logon Service" -Foregroundcolor Yellow Get-Service -Name seclogon | Start-Service #JAVA Write-host "Setup JAVA " -Foregroundcolor Yellow #Create Folder New-Item -ItemType directory -Path C:\JAVA #Download JAVA $url=Read-Host -Prompt 'Provide Host name vRA Node' $WebClient = New-Object System.Net.WebClient $WebClient.DownloadFile("https://"+$url+":5480/i/jre-win64.zip","c:\JAVA\JRE.zip") #Unzip Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } Unzip "c:\JAVA\JRE.zip" "C:\JAVA" # Setup Path Write-host "Setup JAVA HOME " -Foregroundcolor Yellow Invoke-Command -ScriptBlock{setx /M JAVA_HOME "C:\JAVA\bin";} Invoke-Command -ScriptBlock{setx /M PATH "$Env:PATH;C:\JAVA\bin";} Write-host "Install IIS " -Foregroundcolor Yellow $valid=Read-Host -Prompt 'Is this WEB? Provide Yes or No' If ($valid -eq "Yes") { Add-WindowsFeature -Name Web-Webserver,Web-Http-Redirect,Web-Asp-Net,Web-Windows-Auth,Web-Mgmt-Console,Web-Mgmt-Compat, web-metabase Install-WindowsFeature -name net-wcf-http-activation45 Add-windowsfeature -name was, was-config-apis, was-Net-Environment,NET-Non-HTTP-Activ if (Get-Module -ListAvailable WebAdministration) { Write-host "Importing Web Admin module " -Foregroundcolor Yellow Import-Module WebAdministration } else { throw "Webadministration is not installed on this system" } Write-Host "Setting authentication values for IIS" -ForegroundColor Yellow Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/AnonymousAuthentication -Name Enabled -Value $true Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/AnonymousAuthentication -Name Enabled -Value $false Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/windowsAuthentication -Name Enabled -Value $false Set-WebConfigurationProperty -Location 'Default Web Site' -Filter /system.webServer/security/authentication/windowsAuthentication -Name Enabled -Value $true Write-Host "Removing & Re-Adding Windows authentication providers" -ForegroundColor Yellow Get-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection | Select-Object -ExpandProperty Value | ForEach-Object {Remove-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtElement @{value=$_}} Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtIndex 0 -Value "Negotiate" Add-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name providers.Collection -AtIndex 1 -Value "NTLM" Write-Host "Enabling and disabling Extended Protection" -ForegroundColor Yellow Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name extendedProtection.tokenChecking -Value 'Allow' Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name extendedProtection.tokenChecking -Value 'None' Write-Host "Resetting Kernel Mode" -ForegroundColor Yellow Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name useKernelMode -Value $false Set-WebConfigurationProperty -Filter system.webServer/security/authentication/WindowsAuthentication -Location 'Default Web Site' -Name useKernelMode -Value $true Write-Host "Resetting IIS" -ForegroundColor Yellow $Command = "IISRESET" Invoke-Expression -Command $Command }