Powershell - Security installers on new VM build (VM customization)

1. <#  
2.  .SYNOPSIS  
3.   Script to install required apps to a recently deployed VM template
4.    
5.  .DESCRIPTION
6.   This script installs required applications to a newly deployed server.
7.   It's executed from the VM deployment scripts in vCenter.
8.  
9.  .NOTES  
10.  
11. #>
12.  
13. #--------------------------------
14. # Variables
15. #--------------------------------
16. $InstallersDir = "\\VMAUTOserver\Installers"
17. $WorkingDir = "C:\VMTemplateDeploymentTemp"
18.  
19.  
20. #--------------------------------
21. # Create temp working directory
22. #--------------------------------
23. Write-Host "Creating $WorkingDir"
24. New-Item -ItemType directory -Path "$WorkingDir"
25.  
26.  
27. #--------------------------------
28. # Copy installers
29. #--------------------------------
30. Write-Host "Copying Red Cloak Installer to working directory."
31. Copy-Item "$InstallersDir\redcloak.msi" -Destination "$WorkingDir"
32.  
33. Write-Host "Copying Cisco Amp Installer to working directory."
34. Copy-Item "$InstallersDir\amp_Server.exe" -Destination "$WorkingDir"
35.  
36.  
37. #--------------------------------
38. # Install Apps
39. #--------------------------------
40. ### Install Red Cloak
41. Write-Host "Installing Red Cloak"
42. Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"$WorkingDir\redcloak.msi`" /qn /passive" -Wait
43.  
44.  
45. ### Install Cisco AMP with Server Policy
46. Write-Host "Installing Cisco Amp"
47. Start-Process -FilePath "$WorkingDir\amp_Server.exe" -ArgumentList '/S'
48.  
49. ### Wait for the Cisco amp service to be created and running
50. $AmpService = "CiscoAmp*"
51. If ((Get-Service $AmpService).Status -ne 'Running') {
52.    do {
53.        Write-Host 'Waiting for Cisco Amp service to be created and get to a Running state.'
54.        Start-Sleep 5
55.    } until ((Get-Service $AmpService).Status -eq 'Running')
56. }
57. Write-Host "Cisco Amp service has STARTED"
58. Start-Sleep -seconds 5
59.  
60.  
61. #--------------------------------
62. # Clean it all up
63. #--------------------------------
64. Write-Host "Cleaning up and deleting installers from C:"
65. #Remove-Item -Path "$WorkingDir\amp_Server.exe"
66. #Remove-Item -Path "$WorkingDir\redcloak.msi"
67. Remove-Item -LiteralPath "$WorkingDir\" -Recurse -Force
68.  
69.  
70. #--------------------------------
71. # Windows Updates
72. #--------------------------------
73. ### Check if PSWindowsUpdate module exists. Install if not.
74. if (Get-Module -ListAvailable -Name PSWindowsUpdate) {
75.     Write-Host "PSWindowsUpdate module exists."
76. } else {
77.     Write-Host "PSWindowsUpdate module does not exist. Installing now."
78.     Install-Module -Name PSWindowsUpdate -Force
79. }
80.  
81. Write-Host "Windows Updates - Installing all..."
82. Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot
83.  
84. # Clean up the WinSxS component store and optimize the image with DISM
85. Write-Host "Cleaning up the WinSxS component store and optimizing the image with DISM"
86. Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase
87.  
88. #--------------------------------
89. # Reboot Server
90. #--------------------------------
91. Write-Host "Rebooting $env:computername"
92. shutdown.exe /r /t 60