VMware

DEM Management Console Install with file share install and configure permissions PowerShell script

Leave a comment
This post was originally published on this site

This PowerShell script will accomplish the following:

 

1. Install DEM Management Console

2. Create File share

3. Set all of the required permissions on file share

 

 

………………………………………………………………………………..

 

 

Param(

  [string]$Parameter1

)

## v.01

## Script to create the base folders for DEM install

## – Script needs to be run in the root of the Drive you will to install the folders

## —

 

 

# Check if script is running as Adminstrator and if not use RunAs

Write-Host “Checking if the script is running as Administrator”

$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]”Administrator”)

if (-not $IsAdmin){

    $Parameter1 = (Get-Location).ToString()

    Write-Host “The script is NOT running as Administrator, restarting PowerShell as Administrator…”

    $cmd = $MyInvocation.MyCommand.Path + ” -Parameter1 ‘$Parameter1’ -Parameter2 $Parameter2 -Parameter3 $Parameter3″

    $arguments = “-NoProfile -Command “”& {$cmd} “””

    Get-Location

    $cmd

    $arguments

    Start-Process “$psHomepowershell.exe” -Verb Runas -ArgumentList “$arguments” -WorkingDirectory (Get-Location).path -ErrorAction ‘stop’

    Break             

}

else{

    Write-Host “The script is already running as Administrator”

}

 

Set-ExecutionPolicy RemoteSigned

 

#Install DEM Management Console

#ADDLOCAL options ALL,FlexEngine,FlexMigrate,FlexProfilesSelfSupport,FlexManagementConsole

 

$dir1 = “””C:TempVMware-DEM-9.11-GAVMware Dynamic Environment Manager 9.11 x64.msi”””

$dir2 = “””C:Program FilesVMware DEM”””

$argument = ” /i $dir1 /qn+ INSTALLDIR=$dir2 ADDLOCAL=FlexManagementConsole”

$install = (start-process msiexec.exe -argumentlist $argument -passthru -wait).exitcode

 

#param($dir)

cd $Parameter1

#echo $dir > d:dir.txt

$dir = $Parameter1

$dir3 = “$dirDEM”

#pause

 

## DEM

New-Item -ItemType Directory -Name DEM

$acltmp = Get-Acl DEM

$acltmp.SetAccessRuleProtection($true, $false)

 

$own = New-Object System.Security.Principal.NTAccount(“Builtin”,”Administrators”)

$acltmp.SetOwner($own)

 

$DEMPerm = ‘Domain Admins’, ‘FullControl’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = [Environment]::UserName, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘SYSTEM’, ‘FullControl’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘Domain Users’, ‘FullControl’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

Set-Acl DEM -AclObject $acltmp

 

 

## DEMConfig

New-Item -ItemType Directory -Path “$dirDEMDEMConfig”

$acltmp = Get-Acl -Path “$($DIR)DEMDEMConfig”

$acltmp.SetAccessRuleProtection($true, $false)

 

$own = New-Object System.Security.Principal.NTAccount(“Builtin”,”Administrators”)

$acltmp.SetOwner($own)

 

$DEMPerm = ‘Domain Admins’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = [Environment]::UserName, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘SYSTEM’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘Domain Users’, ‘AppendData,CreateDirectories,Read,ReadExtendedAttributes’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

Set-Acl -Path “$($DIR)DEMDEMConfig” -AclObject $acltmp

 

New-SmbShare –Name DEMConfig$ –Path “$($DIR)DEMDEMConfig” -FullAccess Everyone -CachingMode None

 

## /DEMConfig

 

## DEM Users

New-Item -ItemType Directory -Path “$dirDEMDEMUsers”

$acltmp = Get-Acl -Path “$($DIR)DEMDEMUsers”

$acltmp.SetAccessRuleProtection($true, $false)

 

$own = New-Object System.Security.Principal.NTAccount(“Builtin”,”Administrators”)

$acltmp.SetOwner($own)

 

$DEMPerm = ‘Domain Admins’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = [Environment]::UserName, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘SYSTEM’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘Everyone’, ‘AppendData,CreateDirectories,Read,ReadExtendedAttributes’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘CREATOR OWNER’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘InheritOnly’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

Set-Acl “$($DIR)DEMDEMUsers” -AclObject $acltmp

New-SmbShare –Name DEMUsers$ –Path “$($DIR)DEMDEMUsers” -FullAccess Everyone

 

## /DEMUsers

 

## HDaaS Redirected Profiles

New-Item -ItemType Directory -Name TSREDIRECT

$acltmp = Get-Acl TSREDIRECT

$acltmp.SetAccessRuleProtection($true, $false)

 

$own = New-Object System.Security.Principal.NTAccount(“Builtin”,”Administrators”)

$acltmp.SetOwner($own)

 

$DEMPerm = ‘Domain Admins’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = [Environment]::UserName, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘SYSTEM’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘Everyone’, ‘Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘CREATOR OWNER’, ‘Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

Set-Acl TSREDIRECT -AclObject $acltmp

New-SmbShare –Name TSREDIRECT$ –Path “$($DIR)TSREDIRECT” -FullAccess Everyone -CachingMode None

 

## /DEMProfiles

 

## Audit Logs

New-Item -ItemType Directory -Name AuditLogs

$acltmp = Get-Acl AuditLogs

$acltmp.SetAccessRuleProtection($true, $false)

 

$own = New-Object System.Security.Principal.NTAccount(“Builtin”,”Administrators”)

$acltmp.SetOwner($own)

 

$DEMPerm = ‘Domain Admins’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = [Environment]::UserName, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘SYSTEM’, ‘FullControl’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘Everyone’, ‘Traverse,ExecuteFile,ReadData,CreateDirectories,AppendData’, ‘none, none’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

$DEMPerm = ‘CREATOR OWNER’, ‘Read,Delete,WriteExtendedAttributes,WriteAttributes,CreateDirectories,AppendData,CreateFiles,WriteData,ReadExtendedAttributes,ReadAttributes,ListDirectory,Traverse,ExecuteFile’, ‘ContainerInherit, ObjectInherit’, ‘None’, ‘Allow’

$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $DEMPerm

$acltmp.SetAccessRule($rule)

 

Set-Acl AuditLogs -AclObject $acltmp

New-SmbShare –Name Logs$ –Path “$($DIR)AuditLogs” -FullAccess Everyone -CachingMode None

 

## /Auditlogs

 

 

pause

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.