This PowerShell script will accomplish the following: 1. Install DEM Management Console 2. Create File share 3. Set all of the required permissions on file share ……………………………………………………………...
See more...
This PowerShell script will accomplish the following: 1. Install DEM Management Console 2. Create File share 3. Set all of the required permissions on file share ……………………………………………………………………………….. Param( [string]$Parameter1 ) ## v.01 ## Script to create the base folders for DEM install ## - Script needs to be run in the root of the Drive you will to install the folders ## -- # Check if script is running as Adminstrator and if not use RunAs Write-Host "Checking if the script is running as Administrator" $IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator") if (-not $IsAdmin){ $Parameter1 = (Get-Location).ToString() Write-Host "The script is NOT running as Administrator, restarting PowerShell as Administrator..." $cmd = $MyInvocation.MyCommand.Path + " -Parameter1 '$Parameter1' -Parameter2 $Parameter2 -Parameter3 $Parameter3" $arguments = "-NoProfile -Command ""& {$cmd} """ Get-Location $cmd $arguments Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList "$arguments" -WorkingDirectory (Get-Location).path -ErrorAction 'stop' Break } else{ Write-Host "The script is already running as Administrator" } Set-ExecutionPolicy RemoteSigned #Install DEM Management Console #ADDLOCAL options ALL,FlexEngine,FlexMigrate,FlexProfilesSelfSupport,FlexManagementConsole $dir1 = """C:\Temp\VMware-DEM-9.11-GA\VMware Dynamic Environment Manager 9.11 x64.msi""" $dir2 = """C:\Program Files\VMware DEM""" $argument = " /i $dir1 /qn+ INSTALLDIR=$dir2 ADDLOCAL=FlexManagementConsole" $install = (start-process msiexec.exe -argumentlist $argument -passthru -wait).exitcode #param($dir) cd $Parameter1 #echo $dir > d:\dir.txt $dir = $Parameter1 $dir3 = "$dir\DEM" #pause ## DEM New-Item -ItemType Directory -Name DEM $acltmp = Get-Acl DEM $acltmp.SetAccessRuleProtection($true, $false) $own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators") $acltmp.SetOwner($own) $DEMPerm = 'Domain Admins', 'FullControl', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'SYSTEM', 'FullControl', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'Domain Users', 'FullControl', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) Set-Acl DEM -AclObject $acltmp ## DEMConfig New-Item -ItemType Directory -Path "$dir\DEM\DEMConfig" $acltmp = Get-Acl -Path "$($DIR)DEM\DEMConfig" $acltmp.SetAccessRuleProtection($true, $false) $own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators") $acltmp.SetOwner($own) $DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'Domain Users', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) Set-Acl -Path "$($DIR)DEM\DEMConfig" -AclObject $acltmp New-SmbShare –Name DEMConfig$ –Path "$($DIR)DEM\DEMConfig" -FullAccess Everyone -CachingMode None ## /DEMConfig ## DEM Users New-Item -ItemType Directory -Path "$dir\DEM\DEMUsers" $acltmp = Get-Acl -Path "$($DIR)DEM\DEMUsers" $acltmp.SetAccessRuleProtection($true, $false) $own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators") $acltmp.SetOwner($own) $DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'Everyone', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'CREATOR OWNER', 'FullControl', 'ContainerInherit, ObjectInherit', 'InheritOnly', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) Set-Acl "$($DIR)DEM\DEMUsers" -AclObject $acltmp New-SmbShare –Name DEMUsers$ –Path "$($DIR)DEM\DEMUsers" -FullAccess Everyone ## /DEMUsers ## HDaaS Redirected Profiles New-Item -ItemType Directory -Name TSREDIRECT $acltmp = Get-Acl TSREDIRECT $acltmp.SetAccessRuleProtection($true, $false) $own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators") $acltmp.SetOwner($own) $DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) Set-Acl TSREDIRECT -AclObject $acltmp New-SmbShare –Name TSREDIRECT$ –Path "$($DIR)TSREDIRECT" -FullAccess Everyone -CachingMode None ## /DEMProfiles ## Audit Logs New-Item -ItemType Directory -Name AuditLogs $acltmp = Get-Acl AuditLogs $acltmp.SetAccessRuleProtection($true, $false) $own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators") $acltmp.SetOwner($own) $DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) $DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow' $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm $acltmp.SetAccessRule($rule) Set-Acl AuditLogs -AclObject $acltmp New-SmbShare –Name Logs$ –Path "$($DIR)AuditLogs" -FullAccess Everyone -CachingMode None ## /Auditlogs pause