Automated Server Setup PowerShell Script

In this post we will be looking at creating a simple Power Shell setup script for the initial configuration of a newly imaged servers.

What the script does:

  • Enable Remote Desktop
  • Set IPV4 Network Adapter Settings
  • Join Domain and Rename Server

Don’t need Explanations? To see the full script – scroll to the bottom.     

How to get the script on a new virtual machine?

Check out my guide on How to Create an ISO to attach to your Virtual Machines. For physical servers, USB will do fine 😉


Lets get started –

Firstly you are going to want to input the command below. It will prompt for your domain admin password when the script runs and it will be stored in an encrypted .txt file on your set filepath. This is required for the $password and $cred variables further in the script.

Alternatively to avoid exporting the password to a .txt file you can use ‘$cred = new-object -typename System.Management.Automation.PSCredential’ or ‘$cred= Get-Credential’ and ignore $username,$password and the command below.

read-host -assecurestring | convertfrom-securestring | out-file C:\mysecurestring.txt


The command below will stop the script if an error occurs.

#Stop on first error {Stop|Continue}
$ErrorActionPreference = “Stop


Now for your variables, they require editing – these will be all the general settings a brand new OS requires to start functioning in it’s environment.

$Cname = “NewHostName  #New Host-name for your server
$Domain = “domain.local #Domain you intend to join the server to
$username = “Domain\Administrator #Domain account username with admin rights

$Adapter = “Ethernet#Name of the adapter attached
$IP = “192.168.0.20#Intended IP
$DefaultG = “192.168.0.1#Default Gateway
$DNS = “192.168.0.15#First DNS Entry
$DNS2 = “8.8.8.8#Second DNS Entry

and the ones that do not require editing – unless you changed the filepath of the encrypted password:

$OldCName = $env:COMPUTERNAME    #This will store the current host name
$password = cat C:\mysecurestring.txt | convertto-securestring    #Converts encrypted password to text
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password     #stores the cmd for imputing credentials, including both the username and password variables.


To enable remote desktop in the registry and firewall:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

#Change profile if required - profile={"domain,private,public"} 
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (TCP-In)" new enable =Yes profile="domain,private"
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (UDP-In)" new enable =Yes profile="domain,private"

Set adapter settings:

New-NetIPAddress -InterfaceAlias $Adapter -IPAddress $IP -PrefixLength 24 -DefaultGateway $DefaultG

Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses $DNS,$DNS2


Join the domain and rename the server:

Rename-Computer -NewName $Cname

sleep 5

Add-Computer -ComputerName $OldCName -DomainName “$Domain” -credential $cred -force -Options JoinWithNewName,AccountCreate

Remove-Item “C:\mysecurestring.txt

Restart-Computer


That’s it! Your script should now look similar to my personal one:

###############################################
# Installation/Configuration - Windows Server #
#             sysadminguides.org              #
###############################################

#Store encrypted domain password: 
#read-host -assecurestring | convertfrom-securestring | out-file C:\mysecurestring.txt

#Stop on first error {Stop|Continue}
$ErrorActionPreference = "Stop"

#New Computer Name
$Cname = "DC02"
$Domain = "Domain.local"
$username = "Domain\Administrator"

$Adapter = "Ethernet"
$IP = "192.168.0.20"
$DefaultG = "192.168.0.1"
$DNS = "192.168.0.15"
$DNS2 = "8.8.8.8"

$OldCName = $env:COMPUTERNAME
$password = cat C:\mysecurestring.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

#Enable remote desktop
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (TCP-In)" new enable =Yes profile="domain,private"
netsh advfirewall firewall set rule name="Remote Desktop - User Mode (UDP-In)" new enable =Yes profile="domain,private"
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

#Set adapter config
New-NetIPAddress -InterfaceAlias $Adapter -IPAddress $IP -PrefixLength 24 -DefaultGateway $DefaultG
Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses $DNS,$DNS2

#Join domain/Rename
Rename-Computer -NewName $Cname
sleep 5
Add-Computer -ComputerName $OldCName -DomainName "$Domain" -credential $cred -force -Options JoinWithNewName,AccountCreate -restart

 

 


Thanks for reading – feel free to follow and stay updated 🙂  View sysadminguides’s profile on Facebook View GuidesSysadmin’s profile on Twitter View 115372466162675927272’s profile on Google+

One thought on “Automated Server Setup PowerShell Script

  1. Pingback: Remove and automatically Re-add Computer from Domain using PowerShell scripts | Windows SysAdmin Hub

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s