packer-cn/builder/amazon/ebs/acceptance/test-fixtures/scripts/bootstrap_win.txt

<powershell>
# Set administrator password
net user Administrator SuperS3cr3t!!!!
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

# First, make sure WinRM can't be connected to
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block

# Delete any existing WinRM listeners
winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null

# Disable group policies which block basic authentication and unencrypted login

Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1


# Create a new WinRM listener and configure
winrm create winrm/config/listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
winrm set winrm/config '@{MaxTimeoutms="7200000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'

# Configure UAC to allow privilege elevation in remote shells
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force

# Configure and restart the WinRM Service; Enable the required firewall exception
Stop-Service -Name WinRM
Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
Start-Service -Name WinRM
</powershell>
provisioner/powershell: Add basic Powershell provisioner acceptance tests * Modifies the amazon-ebs builder with a windows build configuration ``` ⇶ ACC_TEST_BUILDERS=amazon-ebs ACC_TEST_PROVISIONERS=powershell go test -v ./provisioner/powershell/... -run=TestPowershellProvisioner_Inline --- PASS: TestPowershellProvisioner_Inline (256.50s) --- PASS: TestPowershellProvisioner_Inline/testing_amazon-ebs_builder_against_powershell_provisioner (256.50s) PASS ok github.com/hashicorp/packer/provisioner/powershell 256.525s ``` 2020-04-03 14:53:32 -04:00			`<powershell>`
			`# Set administrator password`
			`net user Administrator SuperS3cr3t!!!!`
			`wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE`

			`# First, make sure WinRM can't be connected to`
			`netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block`

			`# Delete any existing WinRM listeners`
			`winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null`
			`winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null`

			`# Disable group policies which block basic authentication and unencrypted login`

			`Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1`
			`Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1`
			`Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1`
			`Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1`


			`# Create a new WinRM listener and configure`
			`winrm create winrm/config/listener?Address=*+Transport=HTTP`
			`winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'`
			`winrm set winrm/config '@{MaxTimeoutms="7200000"}'`
			`winrm set winrm/config/service '@{AllowUnencrypted="true"}'`
			`winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'`
			`winrm set winrm/config/service/auth '@{Basic="true"}'`
			`winrm set winrm/config/client/auth '@{Basic="true"}'`

			`# Configure UAC to allow privilege elevation in remote shells`
			`$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'`
			`$Setting = 'LocalAccountTokenFilterPolicy'`
			`Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force`

			`# Configure and restart the WinRM Service; Enable the required firewall exception`
			`Stop-Service -Name WinRM`
			`Set-Service -Name WinRM -StartupType Automatic`
			`netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any`
			`Start-Service -Name WinRM`
			`</powershell>`