DEM Management Console Install with file share install and configure permissions PowerShell script

DEM Management Console Install with file share install and configure permissions PowerShell script

This PowerShell script will accomplish the following:

1. Install DEM Management Console

2. Create File share

3. Set all of the required permissions on file share

………………………………………………………………………………..

Param(

  [string]$Parameter1

)

## v.01

## Script to create the base folders for DEM install

## - Script needs to be run in the root of the Drive you will to install the folders

## --

# Check if script is running as Adminstrator and if not use RunAs

Write-Host "Checking if the script is running as Administrator"

$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")

if (-not $IsAdmin){

    $Parameter1 = (Get-Location).ToString()

    Write-Host "The script is NOT running as Administrator, restarting PowerShell as Administrator..."

    $cmd = $MyInvocation.MyCommand.Path + " -Parameter1 '$Parameter1' -Parameter2 $Parameter2 -Parameter3 $Parameter3"

    $arguments = "-NoProfile -Command ""& {$cmd} """

    Get-Location

    $cmd

    $arguments

    Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList "$arguments" -WorkingDirectory (Get-Location).path -ErrorAction 'stop'

    Break             

}

else{

    Write-Host "The script is already running as Administrator"

}

Set-ExecutionPolicy RemoteSigned

#Install DEM Management Console

#ADDLOCAL options ALL,FlexEngine,FlexMigrate,FlexProfilesSelfSupport,FlexManagementConsole

$dir1 = """C:\Temp\VMware-DEM-9.11-GA\VMware Dynamic Environment Manager 9.11 x64.msi"""

$dir2 = """C:\Program Files\VMware DEM"""

$argument = " /i $dir1 /qn+ INSTALLDIR=$dir2 ADDLOCAL=FlexManagementConsole"

$install = (start-process msiexec.exe -argumentlist $argument -passthru -wait).exitcode

#param($dir)

cd $Parameter1

#echo $dir > d:\dir.txt

$dir = $Parameter1

$dir3 = "$dir\DEM"

#pause

## DEM

New-Item -ItemType Directory -Name DEM

$acltmp = Get-Acl DEM

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Domain Users', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl DEM -AclObject $acltmp

## DEMConfig

New-Item -ItemType Directory -Path "$dir\DEM\DEMConfig"

$acltmp = Get-Acl -Path "$($DIR)DEM\DEMConfig"

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Domain Users', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl -Path "$($DIR)DEM\DEMConfig" -AclObject $acltmp

New-SmbShare –Name DEMConfig$ –Path "$($DIR)DEM\DEMConfig" -FullAccess Everyone -CachingMode None

## /DEMConfig

## DEM Users

New-Item -ItemType Directory -Path "$dir\DEM\DEMUsers"

$acltmp = Get-Acl -Path "$($DIR)DEM\DEMUsers"

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'FullControl', 'ContainerInherit, ObjectInherit', 'InheritOnly', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl "$($DIR)DEM\DEMUsers" -AclObject $acltmp

New-SmbShare –Name DEMUsers$ –Path "$($DIR)DEM\DEMUsers" -FullAccess Everyone

## /DEMUsers

## HDaaS Redirected Profiles

New-Item -ItemType Directory -Name TSREDIRECT

$acltmp = Get-Acl TSREDIRECT

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl TSREDIRECT -AclObject $acltmp

New-SmbShare –Name TSREDIRECT$ –Path "$($DIR)TSREDIRECT" -FullAccess Everyone -CachingMode None

## /DEMProfiles

## Audit Logs

New-Item -ItemType Directory -Name AuditLogs

$acltmp = Get-Acl AuditLogs

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl AuditLogs -AclObject $acltmp

New-SmbShare –Name Logs$ –Path "$($DIR)AuditLogs" -FullAccess Everyone -CachingMode None

## /Auditlogs

pause

0 Kudos
Version history
Revision #:
1 of 1
Last update:
‎09-17-2020 10:02 AM
Updated by:
 
View Article History