Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- Name : Add-MBAM-Databases.ps1
- Version : 1.0
- Author : Henrik Rading, CT Global A/S
- Date : 2017-01-17
- Command : powershell.exe -executionpolicy bypass -file Add-MBAM-Databases.ps1
- Arguments : <n/a>
- Purpose : Creates MBAM databases on SQL server. can be run from any server with the MBAMServerSetup
- and SQL Server ScriptDom installed.
- #>
- # *** UPDATE THESE VARIABLES TO MATCH ENVIRONMENT ***
- #Enter the fqdn and port of the SQL server (port is only needed if port is different from 1433).
- $databaseServer = 'sql1.viamonstra.com,1433'
- #Name of the Recovery and Hardware database that is created.
- $RecoveryDBName = 'MBAM Recovery and Hardware'
- #Name of the Compliance database that is created.
- $ComplianceDBName = 'MBAM Compliance Status'
- #Name of the Active Directory group created for the "MBAM DataBase Read Write" group. In <domain>\<groupname> format.
- $GroupDataBaseRW = 'VIAMONSTRA\MBAM-DB Access Read_write'
- #Name of the Active Directory group created for the "MBAM DataBase Read Only" group. In <domain>\<groupname> format.
- $GroupDataBaseRO = 'VIAMONSTRA\MBAM-DB Access Read_only'
- # *** END OF USER VARIABLES, DO NOT MODIFY SCRIPT AFTER THIS LINE! ***
- #Enable Recovery database
- Enable-MbamDatabase -AccessAccount $GroupDataBaseRW -Recovery `
- -ConnectionString "Data Source=$($databaseServer);Integrated Security=True" -DatabaseName $RecoveryDBName
- #Enable compliance and audit database
- Enable-MbamDatabase -AccessAccount $GroupDataBaseRW -ComplianceAndAudit `
- -ConnectionString "Data Source=$($databaseServer);Integrated Security=True" -DatabaseName $ComplianceDBName `
- -ReportAccount $GroupDataBaseRO
- <#
- Name : Add-MBAM-Reports-and-CMintegration.ps1
- Version : 1.0
- Author : Henrik Rading, CT Global A/S
- Date : 2017-01-17
- Command : powershell.exe -executionpolicy bypass -file Add-MBAM-Reports-and-CMintegration.ps1
- Arguments : <n/a>
- Purpose : Creates MBAM reports on SQL Server Reporting Server and creates Configuration Manager items.
- The script must be run from the ConfigMgr Primary Site server with the MBAMServerSetup installed.
- #>
- # *** UPDATE THESE VARIABLES TO MATCH ENVIRONMENT ***
- #Name of the MBAM Compliance and Audit Database service account created in AD. Use <domain>\<groupname> format.
- $username = "VIAMONSTRA\MBAM-SVC-CA"
- #Password of the service account in clear text. remove this from script after execution
- # or change script to prompt for credentials.
- $password = 'MySecretPassword'
- #Name of the Active Directory group created for the "MBAM Audit Report". Use <domain>\<groupname> format.
- $ReadOnlyAccessGroup = 'VIAMONSTRA\MBAM-Role Audit Report Users'
- #Enter the fqdn and port of the SQL server (port is only needed if port is different from 1433).
- $databaseServer = 'sql1.viamonstra.com,1433'
- #Name of the Recovery and Hardware database that is created.
- $RecoveryDBName = 'MBAM Recovery and Hardware'
- #Name of the Compliance database that is created.
- $ComplianceDBName = 'MBAM Compliance Status'
- # *** END OF USER VARIABLES, DO NOT MODIFY SCRIPT AFTER THIS LINE! ***
- $password = $password | ConvertTo-SecureString -asPlainText -Force
- $credential = New-Object System.Management.Automation.PSCredential($username,$password)
- # Enable report feature
- Enable-MbamReport -ComplianceAndAuditDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($ComplianceDBName)';Integrated Security=True" `
- -ComplianceAndAuditDBCredential $credential -ReportsReadOnlyAccessGroup $ReadOnlyAccessGroup
- # Enable System Center Configuration Manager integration feature
- Enable-MbamCMIntegration
- <#
- Name : Add-MBAM-Websites.ps1
- Version : 1.0
- Author : Henrik Rading, CT Global A/S
- Date : 2017-01-17
- Command : powershell.exe -executionpolicy bypass -file Add-MBAM-Websites.ps1
- Arguments : <n/a>
- Purpose : Installs MBAM websites to IIS and configures SSL certificate and application pools.
- The script must be run from the MBAM IIS server with the MBAMServerSetup installed.
- #>
- # *** UPDATE THESE VARIABLES TO MATCH ENVIRONMENT ***
- #Webservice credentials
- #Name of the MBAM Web Application Pool service account created in AD. Use <domain>\<groupname> format.
- $wsusername = "VIAMONSTRA\MBAM-SVC-AppPool"
- #Password of the service account in clear text. remove this from script after execution
- #or change script to prompt for credentials.
- $wspassword = 'MySecretPassword'
- #Name of the Active Directory group created for the "MBAM HelpDesk Users". Use <domain>\<groupname> format.
- $GroupHelpdesk = 'VIAMONSTRA\MBAM-Role HelpDesk Users'
- #Name of the Active Directory group created for the "MBAM Advanced HelpDesk Users". Use <domain>\<groupname> format.
- $GroupAdvancedHelpdesk = 'VIAMONSTRA\MBAM-Role Advanced HelpDesk Users'
- #Name of the Active Directory group created for the "MBAM Compliance Report Users". Use <domain>\<groupname> format.
- $GroupComplianceReport = 'VIAMONSTRA\MBAM-Role Compliance Report Users'
- #Name of the organzation as it should appear on the Self Service Portal.
- $CompanyName = 'ViaMonstra Inc.'
- #Name of the DNS alias created and used for the web server certificate.
- $hostname = 'mbam.viamonstra.com'
- #Enter the fqdn and port of the SQL server (port is only needed if port is different from 1433).
- $databaseServer = 'sql1.viamonstra.com,1433'
- #Name of the Recovery and Hardware database that is created.
- $RecoveryDBName = 'MBAM Recovery and Hardware'
- #Name of the Compliance database that is created.
- $ComplianceDBName = 'MBAM Compliance Status'
- #url to the SQL Server Report Server on the ConfigMgr server. in the format http(s)://<server fqdn>/reportserver
- $ReportUrl = 'http://cm1.viamonstra.com/reportserver'
- # *** END OF USER VARIABLES, DO NOT MODIFY SCRIPT AFTER THIS LINE! ***
- $wspassword = $wspassword | ConvertTo-SecureString -asPlainText -Force
- $wscredential = New-Object System.Management.Automation.PSCredential($wsusername,$wspassword)
- $Cert=Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -like "*$($hostname)*"}
- # Enable agent service feature
- Enable-MbamWebApplication -AgentService -Certificate $Cert `
- -ComplianceAndAuditDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($ComplianceDBName)';Integrated Security=True" `
- -DataMigrationAccessGroup $GroupDataMigration -HostName $hostname -InstallationPath 'C:\inetpub' -Port 443 `
- -RecoveryDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($RecoveryDBName)';Integrated Security=True" `
- -WebServiceApplicationPoolCredential $wscredential
- # Enable administration web portal feature
- Enable-MbamWebApplication -AdministrationPortal -AdvancedHelpdeskAccessGroup $GroupAdvancedHelpdesk -Certificate $Cert `
- -ComplianceAndAuditDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($ComplianceDBName)';Integrated Security=True" `
- -HelpdeskAccessGroup $GroupHelpdesk -HostName $hostname -InstallationPath 'C:\inetpub' -Port 443 `
- -RecoveryDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($RecoveryDBName)';Integrated Security=True" `
- -ReportsReadOnlyAccessGroup $GroupComplianceReport -ReportUrl $ReportUrl -VirtualDirectory 'HelpDesk' `
- -WebServiceApplicationPoolCredential $wscredential
- # Enable self service web portal feature
- Enable-MbamWebApplication -Certificate $Cert -CompanyName $CompanyName `
- -ComplianceAndAuditDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($ComplianceDBName)';Integrated Security=True" `
- -DisableNoticePage -HelpdeskUrlText 'Contact Helpdesk or IT department.' -HostName $hostname `
- -InstallationPath 'C:\inetpub' -Port 443 `
- -RecoveryDBConnectionString "Data Source=$($databaseServer);Initial Catalog='$($RecoveryDBName)';Integrated Security=True" `
- -SelfServicePortal -VirtualDirectory 'SelfService' -WebServiceApplicationPoolCredential $wscredential
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
