powershell批量远程示例,批量给多台机器安装dotnet和iis

2024-09-14 17:42:05 浏览数 (3)

对服务端机器(被远程的机器),除过termservice服务正常运行、远程端口正常监听外,还要额外以管理员身份执行一句powershell命令:

代码语言:javascript复制
winrm quickconfig -q 2>&1> $null;winrm quickconfig -q -force 2>&1> $null;netstat -ano|findstr :5985;

确保5985是监听的才行。

以下代码兼容server2008r2/2012r2/2016/2019/2022

对客户端机器,如果5985端口不在会报错

powershell命令:

代码语言:javascript复制
reg delete "HKLMSOFTWAREPoliciesMicrosoftWindowsWinRM" /f 2>&1 >$null
#stop-service mpssvc 2>&1 > $null
winrm quickconfig -q 2>&1 > $null
winrm quickconfig -q -force 2>&1 > $null
restart-service winrm 2>&1 > $null
#Set-Item WSMan:localhostclienttrustedhosts -value * -force 2>&1 > $null
winrm set winrm/config/client '@{TrustedHosts="*"}' 2>&1 > $null
netstat -ato|findstr :5985
Set-Item WSMan:localhostclienttrustedhosts -value * -Force

如果上面这段代码配置winrm报错-2147024894 0x80070002就是得装补丁,参考我整理的文档https://cloud.tencent.com/developer/article/2043723

先打全补丁,参考我这篇文档里微软的更新脚本来更新:https://cloud.tencent.com/developer/article/2345790

然后检查注册表,删掉HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWinRM

代码语言:powershell复制
Registry Path:HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWinRM

powershell:reg delete "HKLMSOFTWAREPoliciesMicrosoftWindowsWinRM" /f 2>&1 >$null

cmd:reg delete "HKLMSOFTWAREPoliciesMicrosoftWindowsWinRM" /f 2>&1 >nul

如果上面都操作了,还是无法通过winrm访问,在服务端和客户端

参考https://developer.hashicorp.com/packer/docs/communicators/winrm#examples 启用winrm

代码语言:javascript复制
#密码换成自己的
#密码换成自己的
#密码换成自己的
net user Administrator "密码"


#适用2008R2/2012R2/2016/2019/2022

sc.exe stop mpssvc 2>&1 >$null
start-sleep 5
sc.exe config mpssvc start= disabled

#reg delete "HKLMSOFTWAREPoliciesMicrosoftWindowsWinRM" /f 2>&1 >$null
Remove-Item "HKLM:SOFTWAREPoliciesMicrosoftWindowsWinRM" -Recurse -ErrorAction SilentlyContinue

wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -EA 0
#Don't set this before Set-ExecutionPolicy as it throws an error
#$ErrorActionPreference = "stop"

# Remove listener
Remove-Item -Path WSMan:Localhostlistenerlistener* -Recurse -EA 0



$OSVersion = [System.Environment]::OSVersion.Version

if (($OSVersion.Major -gt 6) -or ($OSVersion.Major -eq 6 -and $OSVersion.Minor -gt 1)) {
    # 如果操作系统版本大于 Windows Server 2008 R2 或 Windows 7,执行以下操作
    Write-Host "操作系统版本大于 Windows Server 2008 R2 或 Windows 7"
    # 在此处添加您要执行的操作
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:LocalMachineMy -DnsName "packer"
New-Item -Path WSMan:LocalHostListener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force


} else {
    # 如果操作系统版本为 Windows Server 2008 R2 或 Windows 7 或更低版本,执行以下操作
    Write-Host "操作系统版本为 Windows Server 2008 R2 或 Windows 7 或更低版本"
    # 在此处添加您要执行的操作
#2008R2配winrm http,https暂不支持
}


# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

# Configure WinRM to allow unencrypted communication, and provide the
# self-signed cert to the WinRM listener.
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'

if (($OSVersion.Major -gt 6) -or ($OSVersion.Major -eq 6 -and $OSVersion.Minor -gt 1)) {
    # 如果操作系统版本大于 Windows Server 2008 R2 或 Windows 7,执行以下操作
    Write-Host "操作系统版本大于 Windows Server 2008 R2 或 Windows 7"
    # 在此处添加您要执行的操作
cmd.exe /c winrm set "winrm/config/listener?Address=* Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
#Make sure appropriate firewall port openings exist
#cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
#cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"

} else {
    # 如果操作系统版本为 Windows Server 2008 R2 或 Windows 7 或更低版本,执行以下操作
    Write-Host "操作系统版本为 Windows Server 2008 R2 或 Windows 7 或更低版本"
    # 在此处添加您要执行的操作
#2008R2配winrm http,暂不支持https
winrm quickconfig -q 2>&1 > $null
winrm quickconfig -q -force 2>&1 > $null
restart-service winrm 2>&1 > $null
winrm set winrm/config/client '@{TrustedHosts="*"}' 2>&1 > $null
netstat -ato|findstr :5985
Set-Item WSMan:localhostclienttrustedhosts -value * -force 2>&1 > $null

}


# Restart WinRM, and set it so that it auto-launches on startup.
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
netstat -ato|findstr ":5985 :5986"

#Remove-Item $MyInvocation.MyCommand.Path -force 2>$null

#执行完这段Powershell后要重启机器
#执行完这段Powershell后要重启机器
#执行完这段Powershell后要重启机器
#shutdown -r -t 0

powershell批量远程示例,批量给多台机器安装dotnet和iis:

代码语言:powershell复制
$Username = 'Administrator'
$Password = '明文密码'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass

$iparray = @('172.21.66.32','172.21.65.41','172.21.65.162')

for($i=0;$i -lt $iparray.Length;$i  ){
"`$iparray[" $i "]=" $iparray[$i] "`n"
Invoke-Command -ComputerName $iparray[$i] -Credential $Cred -ScriptBlock { 
Get-WindowsFeature -Name NET-*, Web-* | where {$_.Name -notmatch "Ftp|Web-Application-Proxy"} | Install-WindowsFeature;
}
}

上面黑体的部分就是要批量下发的指令,多行的话用英文分行隔开,比如要批量下发停止云监控组件和禁止云监控组件开机运行的命令

代码语言:powershell复制
sc.exe stop BaradAgentSvc 2>$null 1>$null;sc.exe stop StargateSvc 2>$null 1>$null;sc.exe config BaradAgentSvc start= disabled  2>$null 1>$null;sc.exe config StargateSvc start= disabled  2>$null 1>$null;

如果是批量删除C:Program FilesQCloudMonitorBaradntpdate.exe

那就批量下发

del C:progra~1QCloudMonitorBaradntpdate.exe 2>$null 1>$null;

0 人点赞