-
Notifications
You must be signed in to change notification settings - Fork 10
/
Install-SecureClientGateway.ps1
64 lines (52 loc) · 2.37 KB
/
Install-SecureClientGateway.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
## ==================================================================
##
## Copyright (c) 2005-2019 Parallels Software International, Inc.
## Released under the terms of MIT license (see LICENSE for details)
##
## ==================================================================
<#
.SYNOPSIS
Installs the RAS Secure Client Gateway prerequisites
.DESCRIPTION
Installs the RAS Secure Client Gateway prerequisites
.NOTES
File Name : Install-SecureClientGateway.ps1
Author : Freek Berson - rdsgurus.com
.EXAMPLE
.\Install-SecureClientGateway.ps1
#>
CLS
#Reading Variables
$adDomainName = $args[0]
$RasAdminPassword = $args[1]
$RasAdminUser = $args[2] + '@' + $args[0]
$hostNamePrefixPublishingAgent = $args[3]
$PrimaryPublishingAgent = $hostNamePrefixPublishingAgent + '01'
#Configure logging
function log
{
param([string]$message)
"`n`n$(get-date -f o) $message"
}
#Create a credential
log "Creating credentials"
$secAdminPassword = ConvertTo-SecureString $RasAdminPassword -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($RasAdminUser, $secAdminPassword)
#Impersonate user
log "Impersonate user '$AdminUser'"
.\New-ImpersonateUser.ps1 -Credential $mycreds
#Install .NET
Log "Install .NET Framework core"
Install-WindowsFeature Net-Framework-Core -source C:\Windows\WinSxS
#Create Firewall Rules
log "Create Firewall Rules"
New-NetFirewallRule -DisplayName "Allow TCP 80, 81, 135, 443, 445 and 20009, 200020, 49179 for RAS Administration" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 80, 81, 135, 443, 445, 20009, 20020, 49179
New-NetFirewallRule -DisplayName "Allow UDP 20009,20020" -Direction Inbound -Action Allow -Protocol UDP -LocalPort 20009,20020
#Disable UAC & Sharing Wizard to allow Remote Install of RAS Agent
Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0
Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SharingWizardOn -Name CheckedValue -Value 0
sleep -Seconds 3
#Force reboot to complete SCG Install
shutdown -r -f -t 1
log "All Done"