DEM Management Console Install with file share install and configure permissions PowerShell script

This PowerShell script will accomplish the following:

1. Install DEM Management Console

2. Create File share

3. Set all of the required permissions on file share

………………………………………………………………………………..

Param(

  [string]$Parameter1

)

## v.01

## Script to create the base folders for DEM install

## - Script needs to be run in the root of the Drive you will to install the folders

## --

# Check if script is running as Adminstrator and if not use RunAs

Write-Host "Checking if the script is running as Administrator"

$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")

if (-not $IsAdmin){

    $Parameter1 = (Get-Location).ToString()

    Write-Host "The script is NOT running as Administrator, restarting PowerShell as Administrator..."

    $cmd = $MyInvocation.MyCommand.Path + " -Parameter1 '$Parameter1' -Parameter2 $Parameter2 -Parameter3 $Parameter3"

    $arguments = "-NoProfile -Command ""& {$cmd} """

    Get-Location

    $cmd

    $arguments

    Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList "$arguments" -WorkingDirectory (Get-Location).path -ErrorAction 'stop'

    Break             

}

else{

    Write-Host "The script is already running as Administrator"

}

Set-ExecutionPolicy RemoteSigned

#Install DEM Management Console

#ADDLOCAL options ALL,FlexEngine,FlexMigrate,FlexProfilesSelfSupport,FlexManagementConsole

$dir1 = """C:\Temp\VMware-DEM-9.11-GA\VMware Dynamic Environment Manager 9.11 x64.msi"""

$dir2 = """C:\Program Files\VMware DEM"""

$argument = " /i $dir1 /qn+ INSTALLDIR=$dir2 ADDLOCAL=FlexManagementConsole"

$install = (start-process msiexec.exe -argumentlist $argument -passthru -wait).exitcode

#param($dir)

cd $Parameter1

#echo $dir > d:\dir.txt

$dir = $Parameter1

$dir3 = "$dir\DEM"

#pause

## DEM

New-Item -ItemType Directory -Name DEM

$acltmp = Get-Acl DEM

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Domain Users', 'FullControl', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl DEM -AclObject $acltmp

## DEMConfig

New-Item -ItemType Directory -Path "$dir\DEM\DEMConfig"

$acltmp = Get-Acl -Path "$($DIR)DEM\DEMConfig"

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Domain Users', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl -Path "$($DIR)DEM\DEMConfig" -AclObject $acltmp

New-SmbShare –Name DEMConfig$ –Path "$($DIR)DEM\DEMConfig" -FullAccess Everyone -CachingMode None

## /DEMConfig

## DEM Users

New-Item -ItemType Directory -Path "$dir\DEM\DEMUsers"

$acltmp = Get-Acl -Path "$($DIR)DEM\DEMUsers"

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'AppendData,CreateDirectories,Read,ReadExtendedAttributes', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'FullControl', 'ContainerInherit, ObjectInherit', 'InheritOnly', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl "$($DIR)DEM\DEMUsers" -AclObject $acltmp

New-SmbShare –Name DEMUsers$ –Path "$($DIR)DEM\DEMUsers" -FullAccess Everyone

## /DEMUsers

## HDaaS Redirected Profiles

New-Item -ItemType Directory -Name TSREDIRECT

$acltmp = Get-Acl TSREDIRECT

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl TSREDIRECT -AclObject $acltmp

New-SmbShare –Name TSREDIRECT$ –Path "$($DIR)TSREDIRECT" -FullAccess Everyone -CachingMode None

## /DEMProfiles

## Audit Logs

New-Item -ItemType Directory -Name AuditLogs

$acltmp = Get-Acl AuditLogs

$acltmp.SetAccessRuleProtection($true, $false)

$own = New-Object System.Security.Principal.NTAccount("Builtin","Administrators")

$acltmp.SetOwner($own)

$DEMPerm = 'Domain Admins', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = [Environment]::UserName, 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'SYSTEM', 'FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'Everyone', 'Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData', 'none, none', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

$DEMPerm = 'CREATOR OWNER', 'Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile', 'ContainerInherit, ObjectInherit', 'None', 'Allow'

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

Set-Acl AuditLogs -AclObject $acltmp

New-SmbShare –Name Logs$ –Path "$($DIR)AuditLogs" -FullAccess Everyone -CachingMode None

## /Auditlogs

pause

0 Kudos