github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-ec2-windows-example/packer/scripts/bootstrap_windows.txt

github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-ec2-windows-example/packer/scripts/bootstrap_windows.txt (about)

     1  <powershell>
     2  # This script is adapted from: https://learn.hashicorp.com/tutorials/packer/aws-windows-image?in=packer/integrations
     3  
     4  # Set administrator password
     5  net user Administrator SuperS3cr3t!!!!
     6  wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE
     7  
     8  # First, make sure WinRM can't be connected to
     9  netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
    10  
    11  # Delete any existing WinRM listeners
    12  winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
    13  winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
    14  
    15  # Disable group policies which block basic authentication and unencrypted login
    16  
    17  Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
    18  Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
    19  Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
    20  Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1
    21  
    22  
    23  # Create a new WinRM listener and configure
    24  winrm create winrm/config/listener?Address=*+Transport=HTTP
    25  winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
    26  winrm set winrm/config '@{MaxTimeoutms="7200000"}'
    27  winrm set winrm/config/service '@{AllowUnencrypted="true"}'
    28  winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
    29  winrm set winrm/config/service/auth '@{Basic="true"}'
    30  winrm set winrm/config/client/auth '@{Basic="true"}'
    31  
    32  # Configure UAC to allow privilege elevation in remote shells
    33  $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
    34  $Setting = 'LocalAccountTokenFilterPolicy'
    35  Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
    36  
    37  # Configure and restart the WinRM Service; Enable the required firewall exception
    38  Stop-Service -Name WinRM
    39  Set-Service -Name WinRM -StartupType Automatic
    40  netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
    41  Start-Service -Name WinRM
    42  </powershell>
    43