petemounce · August 30, 2022 13:43 · Jul 10, 2014 · Jul 10, 2014 · Apr 22, 2014 · Apr 22, 2014
diff --git a/userdata.ps1 b/userdata.ps1
@@ -0,0 +1,5 @@
+<powershell>
+Set-ExecutionPolicy Unrestricted
+netsh advfirewall set currentprofile state off
+icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Bootstrap-EC2-Windows-CloudInit.ps1')) -ArgumentList "adminPassword"
+</powershell>
diff --git a/a.ps1 b/a.ps1
@@ -51,10 +51,14 @@ winrm set winrm/config '@{MaxTimeoutms="1800000"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 Write-Host "WinRM has been configured and enabled." -ForegroundColor Green
-
+
+netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
+#netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow
+Write-Host "Opened 5985 for incoming winrm"
+
 # Step 8: Disable Windows Firewall
-&netsh "advfirewall" "set" "allprofiles" "state" "off"
-Write-Host "Windows Firewall has been disabled." -ForegroundColor Green
+#&netsh "advfirewall" "set" "allprofiles" "state" "off"
+#Write-Host "Windows Firewall has been disabled." -ForegroundColor Green
 
 # Step 9: Create local vagrant user 
 $userDirectory = [ADSI]"WinNT://localhost"
@@ -73,7 +77,8 @@ $puppetTempDir = Join-Path $env:TEMP "puppet"
 $tempDir = Join-Path $puppetTempDir "puppetInstall"
 if (![System.IO.Directory]::Exists($tempDir)) {[System.IO.Directory]::CreateDirectory($tempDir)}
 $file = Join-Path $tempDir "puppet-3.3.0.msi"
-
+
+#3.6.2 is later
 $url = "http://downloads.puppetlabs.com/windows/puppet-3.3.0.msi"
 Write-Host "Downloading $url to $file"
 $downloader = new-object System.Net.WebClient

diff --git a/VagrantFile b/VagrantFile
@@ -0,0 +1,44 @@
+require '../aws.rb'
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+name = 'windows2012'
+
+# pete-vagrant security group =
+# tcp 22 in 0.0.0.0/0
+# tcp 5985 in 0.0.0.0/0
+# tcp 3389 in 0.0.0.0/0
+# tcp 445 in 0.0.0.0/0
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "dummy"
+  config.vm.guest = :windows
+  config.windows.set_work_network = true
+
+  config.vm.provider :aws do |aws, override|
+    aws.access_key_id = @access_key_id
+    aws.secret_access_key = @secret_access_key
+    aws.keypair_name = "pete-vagrant"
+    aws.instance_type = 'm3.medium'
+    aws.region = @region
+    aws.security_groups = 'pete-vagrant'
+    aws.tags = {
+      'Name' => "pete-vagrant experiment #{name}"
+    }
+    aws.user_data = File.read("user_data.txt")
+    aws.ami = "ami-5f938e36"
+    aws.region_config 'eu-west-1', ami: 'ami-a1867dd6'
+
+    # aws.block_device_mapping = [
+    #   {
+    #     'DeviceName' => "/dev/sdl",
+    #     'VirtualName' => "root",
+    #     'Ebs.VolumeSize' => 32,
+    #     'Ebs.DeleteOnTermination' => true,
+    #     'Ebs.VolumeType' => 'standard'
+    #   }
+    # ]
+  end
+end
diff --git a/a.ps1 b/a.ps1
@@ -0,0 +1,104 @@
+# Powershell Script to prepare the windows install to be used with vagrant-windows
+
+Set-ExecutionPolicy -executionpolicy remotesigned -force
+
+# Step 1: Disable UAC
+New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -PropertyType DWord -Value 0 -Force | Out-Null
+Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green
+
+# Step 2: Disable IE ESC
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0 | Out-Null
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0 | Out-Null
+Stop-Process -Name Explorer | Out-Null
+Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
+
+# Step 3: Disable the shutdown tracker
+# Reference: http://www.askvg.com/how-to-disable-remove-annoying-shutdown-event-tracker-in-windows-server-2003-2008/
+If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability")) {
+  New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability"
+}
+New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonOn" -PropertyType DWord -Value 0 -Force -ErrorAction continue 
+New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonUI" -PropertyType DWord -Value 0 -Force -ErrorAction continue 
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonOn" -Value 0
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonUI" -Value 0
+Write-Host "Shutdown Tracker has been disabled." -ForegroundColor Green
+
+# Step 4: Disable Automatic Updates
+# Reference: http://www.benmorris.me/2012/05/1st-test-blog-post.html
+$AutoUpdate = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
+$AutoUpdate.NotificationLevel = 1
+$AutoUpdate.Save()
+Write-Host "Windows Update has been disabled." -ForegroundColor Green
+
+# Step 5: Disable Complex Passwords
+# Reference: http://vlasenko.org/2011/04/27/removing-password-complexity-requirements-from-windows-server-2008-core/
+$seccfg = [IO.Path]::GetTempFileName()
+secedit /export /cfg $seccfg
+(Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s*1", "PasswordComplexity=0"} | Set-Content $seccfg
+secedit /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY
+del $seccfg
+Write-Host "Complex Passwords have been disabled." -ForegroundColor Green
+
+# Step 6: Enable Remote Desktop
+# Reference: http://social.technet.microsoft.com/Forums/windowsserver/en-US/323d6bab-e3a9-4d9d-8fa8-dc4277be1729/enable-remote-desktop-connections-with-powershell
+(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) 
+(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) 
+
+# Step 7: Enable WinRM Control
+winrm quickconfig -q
+winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+Write-Host "WinRM has been configured and enabled." -ForegroundColor Green
+
+# Step 8: Disable Windows Firewall
+&netsh "advfirewall" "set" "allprofiles" "state" "off"
+Write-Host "Windows Firewall has been disabled." -ForegroundColor Green
+
+# Step 9: Create local vagrant user 
+$userDirectory = [ADSI]"WinNT://localhost"
+$user = $userDirectory.Create("User", "vagrant")
+$user.SetPassword("vagrant")
+$user.SetInfo()
+$user.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
+$user.SetInfo()
+$user.FullName = "vagrant"
+$user.SetInfo()
+&net "localgroup" "administrators" "/add" "vagrant"
+Write-Host "User: 'vagrant' has been created as a local administrator." -ForegroundColor Green
+
+# Install Puppet
+$puppetTempDir = Join-Path $env:TEMP "puppet"
+$tempDir = Join-Path $puppetTempDir "puppetInstall"
+if (![System.IO.Directory]::Exists($tempDir)) {[System.IO.Directory]::CreateDirectory($tempDir)}
+$file = Join-Path $tempDir "puppet-3.3.0.msi"
+
+$url = "http://downloads.puppetlabs.com/windows/puppet-3.3.0.msi"
+Write-Host "Downloading $url to $file"
+$downloader = new-object System.Net.WebClient
+$downloader.DownloadFile($url, $file)
+
+$localcommand="\\localhost\root\cimv2:Win32_Product"
+$msi = [wmiclass]"$localcommand"
+$result = $msi.Install($file, "quiet=true", $true)
+Write-Host "Puppet installed." -ForegroundColor Green
+
+$PuppetInstallPath = "$env:SystemDrive\Program Files (x86)\Puppet Labs\Puppet\bin"
+if (!(Test-Path $PuppetInstallPath)) {$PuppetInstallPath = "$env:SystemDrive\Program Files\Puppet Labs\Puppet\bin";}
+
+# get the PATH variable
+# https://github.com/ferventcoder/vagrant-windows-puppet/blob/master/boxes/win7x64pro-vagrant/shell/InstallPuppet.ps1#L27-L40
+$envPath = $env:PATH
+if (!$envPath.ToLower().Contains($PuppetInstallPath.ToLower())) {
+    Write-Host "PATH environment variable does not have `'$PuppetInstallPath`' in it. Adding..."
+    $ActualPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::Machine)
+    $StatementTerminator = ";"
+    $HasStatementTerminator = $ActualPath -ne $null -and $ActualPath.EndsWith($StatementTerminator)
+    If (!$HasStatementTerminator -and $ActualPath -ne $null) {$PuppetInstallPath = $StatementTerminator + $PuppetInstallPath}
+
+    [Environment]::SetEnvironmentVariable('Path', $ActualPath + $PuppetInstallPath, [System.EnvironmentVariableTarget]::Machine)
+}
+
+Write-Host "Restarting Computer." -force -ForegroundColor Yellow
+Restart-Computer
diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -120,6 +120,16 @@ Add-Content $log -value "Ran firewall config to allow incoming winrm/tcp:5985"
 &netsh firewall set portopening tcp 445 smb enable
 Add-Content $log -value "Ran firewall config to allow incoming smb/tcp:445"
 
+#run SMRemoting script to enable event log management, etc - available only on R2
+$remotingScript = [IO.Path]::Combine($systemPath, 'Configure-SMRemoting.ps1')
+if (-not (Test-Path $remotingScript)) { $remotingScript = [IO.Path]::Combine($sysNative, 'Configure-SMRemoting.ps1') }
+Add-Content $log -value "Found Remoting Script: [$(Test-Path $remotingScript)] at $remotingScript"
+if (Test-Path $remotingScript)
+{
+    . $remotingScript -force -enable
+    Add-Content $log -value 'Ran Configure-SMRemoting.ps1'
+}
+
 #chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
 iex $client.DownloadString('https://chocolatey.org/install.ps1')
 #SetX Path "${Env:Path};%systemdrive%\chocolatey\bin" /m

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -17,6 +17,8 @@ Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
 
 $log = 'c:\vagrant.log'
+$now = Get-Date
+Add-Content $log -value $now
 
 $systemPath = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)
 $sysNative = [IO.Path]::Combine($env:windir, "sysnative")
@@ -130,5 +132,7 @@ Uninstall-WindowsFeature Server-Gui-Shell,Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"
 
 Add-Content $log -value "Restarting"
+$now = Get-Date
+Add-Content $log -value $now
 
 Restart-Computer -force
diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -131,4 +131,4 @@ Add-Content $log -value "Upgraded to Windows Core from GUI"
 
 Add-Content $log -value "Restarting"
 
-Restart-Computer
+Restart-Computer -force
diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -34,6 +34,8 @@ cd $Env:USERPROFILE
 Set-Location -Path $Env:USERPROFILE
 [Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
 
+$client = new-object System.Net.WebClient
+
 #check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it
 $id = &winrm id
 if (($id -eq $null) -and (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -ErrorAction SilentlyContinue) -eq $null)

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -122,8 +122,9 @@ iex $client.DownloadString('https://chocolatey.org/install.ps1')
 #$env:Path += ';%systemdrive%\chocolatey\bin'
 Add-Content $log -value "Installed Chocolatey"
 
+Add-Content $log -value "Upgrading to windows core..."
 # http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/
-Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
+Uninstall-WindowsFeature Server-Gui-Shell,Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"
 
 Add-Content $log -value "Restarting"

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -93,6 +93,13 @@ Add-Content $log -value "Shutdown Tracker has been disabled."
 # Disable "Server Manager" Starting at login on Windows 2008/2012 Servers (except Core).
 # TODO.
 
+# Disable Automatic Updates
+# Reference: http://www.benmorris.me/2012/05/1st-test-blog-post.html
+$AutoUpdate = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
+$AutoUpdate.NotificationLevel = 1
+$AutoUpdate.Save()
+Add-Content $log -value "Windows Update has been disabled."
+
 # Enable and configure WinRM (see below)
 &winrm quickconfig `-q
 &winrm set winrm/config/client/auth '@{Basic="true"}'

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -17,7 +17,6 @@ Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
 
 $log = 'c:\vagrant.log'
-get-date | add-content $log
 
 $systemPath = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)
 $sysNative = [IO.Path]::Combine($env:windir, "sysnative")
@@ -54,41 +53,6 @@ if ($IsCore)
     Add-Content $log -value "Enabled .NET frameworks 2 and 3 for x86 and x64"
 }
 
-#7zip
-$7zUri = if ($Is32Bit) { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922.msi/download' } `
-    else { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922-x64.msi/download' }
-$client = new-object System.Net.WebClient
-$client.DownloadFile( $7zUri, '7z922.msi')
-Start-Process -FilePath "msiexec.exe" -ArgumentList '/i 7z922.msi /norestart /q INSTALLDIR="c:\program files\7-zip"' -Wait
-SetX Path "${Env:Path};C:\Program Files\7-zip" /m
-$Env:Path += ';C:\Program Files\7-Zip'
-del 7z922.msi
-Add-Content $log -value "Installed 7-zip from $7zUri and updated path"
-
-#curl
-$curlUri = if ($Is32Bit) { 'http://www.paehl.com/open_source/?download=curl_724_0_ssl.zip' } `
-    else { 'http://curl.haxx.se/download/curl-7.23.1-win64-ssl-sspi.zip' }
-
-$client.DownloadFile( $curlUri, 'curl.zip')
-&7z e curl.zip `-o`"c:\program files\curl`"
-if ($Is32Bit) 
-{
-    $client.DownloadFile( 'http://www.paehl.com/open_source/?download=libssl.zip', 'libssl.zip')
-    &7z e libssl.zip `-o`"c:\program files\curl`"
-    del libssl.zip
-}
-SetX Path "${Env:Path};C:\Program Files\Curl" /m
-$Env:Path += ';C:\Program Files\Curl'
-del curl.zip
-Add-Content $log -value "Installed Curl from $curlUri and updated path"
-
-#chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
-iex $client.DownloadString('https://chocolatey.org/install.ps1')
-#SetX Path "${Env:Path};%systemdrive%\chocolatey\bin" /m
-#$env:Path += ';%systemdrive%\chocolatey\bin'
-Add-Content $log -value "Installed Chocolatey"
-
-
 # Disable Complex Passwords
 # Reference: http://vlasenko.org/2011/04/27/removing-password-complexity-requirements-from-windows-server-2008-core/
 $seccfg = [IO.Path]::GetTempFileName()
@@ -114,7 +78,6 @@ Add-Content $log -value "Added vagrant user to local administrators"
 New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
 Add-Content $log -value "Turned off UAC"
 
-
 # Disable Shutdown Tracker on Windows 2008/2012 Servers (except Core).
 # Step 3: Disable the shutdown tracker
 # Reference: http://www.askvg.com/how-to-disable-remove-annoying-shutdown-event-tracker-in-windows-server-2003-2008/
@@ -127,8 +90,8 @@ Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability
 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonUI" -Value 0
 Add-Content $log -value "Shutdown Tracker has been disabled."
 
-
 # Disable "Server Manager" Starting at login on Windows 2008/2012 Servers (except Core).
+# TODO.
 
 # Enable and configure WinRM (see below)
 &winrm quickconfig `-q
@@ -143,32 +106,19 @@ Add-Content $log -value "Started winrm"
 &netsh firewall set portopening TCP 5985 "Port 5985: winrm"
 Add-Content $log -value "Ran firewall config to allow incoming winrm/tcp:5985"
 
-# install puppet
-#https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi
-curl -# -G -k -L https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi -o puppet-3.5.1.msi 2>&1 > "$log"
-Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.5.1.msi /norestart' -Wait
-SetX Path "${Env:Path};C:\Program Files\Puppet Labs\Puppet\bin" /m
-&sc.exe config puppet start= demand
-Add-Content $log -value "Installed Puppet"
-
 &netsh firewall set portopening tcp 445 smb enable
-Add-Content $log -value "Ran firewall config to allow incoming smb/tcp"
+Add-Content $log -value "Ran firewall config to allow incoming smb/tcp:445"
 
-#run SMRemoting script to enable event log management, etc - available only on R2
-$remotingScript = [IO.Path]::Combine($systemPath, 'Configure-SMRemoting.ps1')
-if (-not (Test-Path $remotingScript)) { $remotingScript = [IO.Path]::Combine($sysNative, 'Configure-SMRemoting.ps1') }
-Add-Content $log -value "Found Remoting Script: [$(Test-Path $remotingScript)] at $remotingScript"
-if (Test-Path $remotingScript)
-{
-    . $remotingScript -force -enable
-    Add-Content $log -value 'Ran Configure-SMRemoting.ps1'
-}
+#chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
+iex $client.DownloadString('https://chocolatey.org/install.ps1')
+#SetX Path "${Env:Path};%systemdrive%\chocolatey\bin" /m
+#$env:Path += ';%systemdrive%\chocolatey\bin'
+Add-Content $log -value "Installed Chocolatey"
 
 # http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/
 Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"
 
 Add-Content $log -value "Restarting"
-get-date | add-content $log
 
 Restart-Computer
diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -17,11 +17,11 @@ param(
 	$AdminPassword
 )
 
-Start-Transcript -Path 'c:\bootstrap-transcript.txt' -Force
+Start-Transcript -Path 'c:\bootstrap-transcript.log' -Force
 Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
 
-$log = 'c:\Bootstrap.txt'
+$log = 'c:\Bootstrap.log'
 
 while (($AdminPassword -eq $null) -or ($AdminPassword -eq ''))
 {

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -12,11 +12,11 @@ param(
 	[string]
 	$AdminPassword
 )
-Start-Transcript -Path 'c:\vagrant-transcript.txt' -Force
+Start-Transcript -Path 'c:\vagrant-transcript.log' -Force
 Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
 
-$log = 'c:\vagrant.txt'
+$log = 'c:\vagrant.log'
 get-date | add-content $log
 
 $systemPath = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -17,6 +17,7 @@ Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
 
 $log = 'c:\vagrant.txt'
+get-date | add-content $log
 
 $systemPath = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)
 $sysNative = [IO.Path]::Combine($env:windir, "sysnative")
@@ -168,4 +169,6 @@ Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"
 
 Add-Content $log -value "Restarting"
+get-date | add-content $log
+
 Restart-Computer
diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -82,29 +82,9 @@ del curl.zip
 Add-Content $log -value "Installed Curl from $curlUri and updated path"
 
 #chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
-if (-not $IsCore)
-{
-    Invoke-Expression ((new-object net.webclient).DownloadString('http://bit.ly/psChocInstall'))
-}
-else
-{
-    #[Environment]::SetEnvironmentVariable('ChocolateyInstall', 'c:\nuget', [System.EnvironmentVariableTarget]::User)
-    #if (![System.IO.Directory]::Exists('c:\nuget')) {[System.IO.Directory]::CreateDirectory('c:\nuget')}
-
-    $tempDir = Join-Path $env:TEMP "chocInstall"
-    if (![System.IO.Directory]::Exists($tempDir)) {[System.IO.Directory]::CreateDirectory($tempDir)}
-    $file = Join-Path $tempDir "chocolatey.zip"
-    $client.DownloadFile("http://chocolatey.org/api/v1/package/chocolatey", $file)
-
-    &7z x $file `-o`"$tempDir`"
-    Add-Content $log -value 'Extracted Chocolatey'
-    $chocInstallPS1 = Join-Path (Join-Path $tempDir 'tools') 'chocolateyInstall.ps1'
-
-    & $chocInstallPS1
-
-    Add-Content $log -value 'Installed Chocolatey / Verifying Paths'
-}
-
+iex $client.DownloadString('https://chocolatey.org/install.ps1')
+#SetX Path "${Env:Path};%systemdrive%\chocolatey\bin" /m
+#$env:Path += ';%systemdrive%\chocolatey\bin'
 Add-Content $log -value "Installed Chocolatey"
 
 

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -56,7 +56,7 @@ if ($IsCore)
 #7zip
 $7zUri = if ($Is32Bit) { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922.msi/download' } `
     else { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922-x64.msi/download' }
-
+$client = new-object System.Net.WebClient
 $client.DownloadFile( $7zUri, '7z922.msi')
 Start-Process -FilePath "msiexec.exe" -ArgumentList '/i 7z922.msi /norestart /q INSTALLDIR="c:\program files\7-zip"' -Wait
 SetX Path "${Env:Path};C:\Program Files\7-zip" /m

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -64,6 +64,23 @@ $Env:Path += ';C:\Program Files\7-Zip'
 del 7z922.msi
 Add-Content $log -value "Installed 7-zip from $7zUri and updated path"
 
+#curl
+$curlUri = if ($Is32Bit) { 'http://www.paehl.com/open_source/?download=curl_724_0_ssl.zip' } `
+    else { 'http://curl.haxx.se/download/curl-7.23.1-win64-ssl-sspi.zip' }
+
+$client.DownloadFile( $curlUri, 'curl.zip')
+&7z e curl.zip `-o`"c:\program files\curl`"
+if ($Is32Bit) 
+{
+    $client.DownloadFile( 'http://www.paehl.com/open_source/?download=libssl.zip', 'libssl.zip')
+    &7z e libssl.zip `-o`"c:\program files\curl`"
+    del libssl.zip
+}
+SetX Path "${Env:Path};C:\Program Files\Curl" /m
+$Env:Path += ';C:\Program Files\Curl'
+del curl.zip
+Add-Content $log -value "Installed Curl from $curlUri and updated path"
+
 #chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
 if (-not $IsCore)
 {

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -142,6 +142,8 @@ Add-Content $log -value "Shutdown Tracker has been disabled."
 Add-Content $log -value "Ran quickconfig for winrm"
 Set-Service winrm -startuptype "auto"
 Add-Content $log -value "Started winrm"
+&netsh firewall set portopening TCP 5985 "Port 5985: winrm"
+Add-Content $log -value "Ran firewall config to allow incoming winrm/tcp:5985"
 
 # install puppet
 #https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -34,7 +34,7 @@ cd $Env:USERPROFILE
 Set-Location -Path $Env:USERPROFILE
 [Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
 
-check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it
+#check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it
 $id = &winrm id
 if (($id -eq $null) -and (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -ErrorAction SilentlyContinue) -eq $null)
 {
@@ -143,6 +143,27 @@ Add-Content $log -value "Ran quickconfig for winrm"
 Set-Service winrm -startuptype "auto"
 Add-Content $log -value "Started winrm"
 
+# install puppet
+#https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi
+curl -# -G -k -L https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi -o puppet-3.5.1.msi 2>&1 > "$log"
+Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.5.1.msi /norestart' -Wait
+SetX Path "${Env:Path};C:\Program Files\Puppet Labs\Puppet\bin" /m
+&sc.exe config puppet start= demand
+Add-Content $log -value "Installed Puppet"
+
+&netsh firewall set portopening tcp 445 smb enable
+Add-Content $log -value "Ran firewall config to allow incoming smb/tcp"
+
+#run SMRemoting script to enable event log management, etc - available only on R2
+$remotingScript = [IO.Path]::Combine($systemPath, 'Configure-SMRemoting.ps1')
+if (-not (Test-Path $remotingScript)) { $remotingScript = [IO.Path]::Combine($sysNative, 'Configure-SMRemoting.ps1') }
+Add-Content $log -value "Found Remoting Script: [$(Test-Path $remotingScript)] at $remotingScript"
+if (Test-Path $remotingScript)
+{
+    . $remotingScript -force -enable
+    Add-Content $log -value 'Ran Configure-SMRemoting.ps1'
+}
+
 # http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/
 Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -34,12 +34,78 @@ cd $Env:USERPROFILE
 Set-Location -Path $Env:USERPROFILE
 [Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
 
+check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it
+$id = &winrm id
+if (($id -eq $null) -and (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -ErrorAction SilentlyContinue) -eq $null)
+{
+    New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -value 1 -propertyType dword
+    Add-Content $log -value "Added LocalAccountTokenFilterPolicy since winrm id could not be executed"
+}
+
+#enable powershell servermanager cmdlets (only for 2008 r2 + above)
+if ($IsCore)
+{
+    DISM /Online /Enable-Feature /FeatureName:MicrosoftWindowsPowerShell /FeatureName:ServerManager-PSH-Cmdlets /FeatureName:BestPractices-PSH-Cmdlets
+    Add-Content $log -value "Enabled ServerManager and BestPractices Cmdlets"
+
+    #enable .NET flavors - on server core only -- errors on regular 2008
+    DISM /Online /Enable-Feature /FeatureName:NetFx2-ServerCore /FeatureName:NetFx2-ServerCore-WOW64 /FeatureName:NetFx3-ServerCore /FeatureName:NetFx3-ServerCore-WOW64
+    Add-Content $log -value "Enabled .NET frameworks 2 and 3 for x86 and x64"
+}
+
+#7zip
+$7zUri = if ($Is32Bit) { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922.msi/download' } `
+    else { 'http://sourceforge.net/projects/sevenzip/files/7-Zip/9.22/7z922-x64.msi/download' }
+
+$client.DownloadFile( $7zUri, '7z922.msi')
+Start-Process -FilePath "msiexec.exe" -ArgumentList '/i 7z922.msi /norestart /q INSTALLDIR="c:\program files\7-zip"' -Wait
+SetX Path "${Env:Path};C:\Program Files\7-zip" /m
+$Env:Path += ';C:\Program Files\7-Zip'
+del 7z922.msi
+Add-Content $log -value "Installed 7-zip from $7zUri and updated path"
+
+#chocolatey - standard one line installer doesn't work on Core b/c Shell.Application can't unzip
+if (-not $IsCore)
+{
+    Invoke-Expression ((new-object net.webclient).DownloadString('http://bit.ly/psChocInstall'))
+}
+else
+{
+    #[Environment]::SetEnvironmentVariable('ChocolateyInstall', 'c:\nuget', [System.EnvironmentVariableTarget]::User)
+    #if (![System.IO.Directory]::Exists('c:\nuget')) {[System.IO.Directory]::CreateDirectory('c:\nuget')}
+
+    $tempDir = Join-Path $env:TEMP "chocInstall"
+    if (![System.IO.Directory]::Exists($tempDir)) {[System.IO.Directory]::CreateDirectory($tempDir)}
+    $file = Join-Path $tempDir "chocolatey.zip"
+    $client.DownloadFile("http://chocolatey.org/api/v1/package/chocolatey", $file)
+
+    &7z x $file `-o`"$tempDir`"
+    Add-Content $log -value 'Extracted Chocolatey'
+    $chocInstallPS1 = Join-Path (Join-Path $tempDir 'tools') 'chocolateyInstall.ps1'
+
+    & $chocInstallPS1
+
+    Add-Content $log -value 'Installed Chocolatey / Verifying Paths'
+}
+
+Add-Content $log -value "Installed Chocolatey"
+
+
+# Disable Complex Passwords
+# Reference: http://vlasenko.org/2011/04/27/removing-password-complexity-requirements-from-windows-server-2008-core/
+$seccfg = [IO.Path]::GetTempFileName()
+secedit /export /cfg $seccfg
+(Get-Content $seccfg) | Foreach-Object {$_ -replace "PasswordComplexity\s*=\s*1", "PasswordComplexity=0"} | Set-Content $seccfg
+secedit /configure /db $env:windir\security\new.sdb /cfg $seccfg /areas SECURITYPOLICY
+del $seccfg
+Add-Content $log -value "Complex Passwords have been disabled."
+
 #change admin password
 net user Administrator $AdminPassword
 Add-Content $log -value "Changed Administrator password"
 
 #create vagrant user
-net user vagrant Abcd1024$12 /add
+net user vagrant vagrant /add
 Add-Content $log -value "Created vagrant user"
 net localgroup administrators vagrant /add
 Add-Content $log -value "Added vagrant user to local administrators"
@@ -50,11 +116,20 @@ Add-Content $log -value "Added vagrant user to local administrators"
 New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
 Add-Content $log -value "Turned off UAC"
 
-# Disable complex passwords
-# http://serverfault.com/a/134098/3374
 
 # Disable Shutdown Tracker on Windows 2008/2012 Servers (except Core).
-# HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability ShutdownReasonOn -> 0
+# Step 3: Disable the shutdown tracker
+# Reference: http://www.askvg.com/how-to-disable-remove-annoying-shutdown-event-tracker-in-windows-server-2003-2008/
+If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability")) {
+  New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability"
+}
+New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonOn" -PropertyType DWord -Value 0 -Force -ErrorAction continue 
+New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonUI" -PropertyType DWord -Value 0 -Force -ErrorAction continue 
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonOn" -Value 0
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" -Name "ShutdownReasonUI" -Value 0
+Add-Content $log -value "Shutdown Tracker has been disabled."
+
+
 # Disable "Server Manager" Starting at login on Windows 2008/2012 Servers (except Core).
 
 # Enable and configure WinRM (see below)

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -39,7 +39,7 @@ net user Administrator $AdminPassword
 Add-Content $log -value "Changed Administrator password"
 
 #create vagrant user
-net user vagrant 'Abcd1024$' /add
+net user vagrant Abcd1024$12 /add
 Add-Content $log -value "Created vagrant user"
 net localgroup administrators vagrant /add
 Add-Content $log -value "Added vagrant user to local administrators"

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -39,7 +39,7 @@ net user Administrator $AdminPassword
 Add-Content $log -value "Changed Administrator password"
 
 #create vagrant user
-net user vagrant vagrant /add
+net user vagrant 'Abcd1024$' /add
 Add-Content $log -value "Created vagrant user"
 net localgroup administrators vagrant /add
 Add-Content $log -value "Added vagrant user to local administrators"
@@ -69,7 +69,6 @@ Set-Service winrm -startuptype "auto"
 Add-Content $log -value "Started winrm"
 
 # http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/
-import-module servermanager
 Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
 Add-Content $log -value "Upgraded to Windows Core from GUI"
 

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -39,7 +39,7 @@ net user Administrator $AdminPassword
 Add-Content $log -value "Changed Administrator password"
 
 #create vagrant user
-net user vagrant vagrant /expires:never /add
+net user vagrant vagrant /add
 Add-Content $log -value "Created vagrant user"
 net localgroup administrators vagrant /add
 Add-Content $log -value "Added vagrant user to local administrators"

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -65,7 +65,7 @@ Add-Content $log -value "Turned off UAC"
 &winrm set winrm/config '@{MaxTimeoutms="1800000"}'
 &winrm set winrm/config/service '@{AllowUnencrypted="true"}'
 Add-Content $log -value "Ran quickconfig for winrm"
-&sc config WinRM start= auto
+Set-Service winrm -startuptype "auto"
 Add-Content $log -value "Started winrm"
 
 # http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -5,9 +5,13 @@
 # 
 # <powershell>
 # set-executionpolicy unrestricted
-# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Enable-Vagrant.ps1'))
+# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Enable-Vagrant.ps1')) -ArgumentList "Abcd1234$"
 # </powershell>
-
+param(
+	[Parameter(Mandatory=$true)]
+	[string]
+	$AdminPassword
+)
 Start-Transcript -Path 'c:\vagrant-transcript.txt' -Force
 Set-StrictMode -Version Latest
 Set-ExecutionPolicy Unrestricted
@@ -30,23 +34,44 @@ cd $Env:USERPROFILE
 Set-Location -Path $Env:USERPROFILE
 [Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
 
+#change admin password
+net user Administrator $AdminPassword
+Add-Content $log -value "Changed Administrator password"
+
 #create vagrant user
 net user vagrant vagrant /expires:never /add
 Add-Content $log -value "Created vagrant user"
+net localgroup administrators vagrant /add
+Add-Content $log -value "Added vagrant user to local administrators"
 
-$env:windir\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
+# http://www.howtogeek.com/howto/windows-vista/enable-or-disable-uac-from-the-windows-vista-command-line/
+# $env:windir\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
+# http://stackoverflow.com/a/9573204/20971
+New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
 Add-Content $log -value "Turned off UAC"
 
-$client = new-object System.Net.WebClient
+# Disable complex passwords
+# http://serverfault.com/a/134098/3374
 
+# Disable Shutdown Tracker on Windows 2008/2012 Servers (except Core).
+# HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability ShutdownReasonOn -> 0
+# Disable "Server Manager" Starting at login on Windows 2008/2012 Servers (except Core).
 
+# Enable and configure WinRM (see below)
 &winrm quickconfig `-q
 &winrm set winrm/config/client/auth '@{Basic="true"}'
 &winrm set winrm/config/service/auth '@{Basic="true"}'
 &winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
 &winrm set winrm/config '@{MaxTimeoutms="1800000"}'
 &winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-&sc config WinRM start= auto
 Add-Content $log -value "Ran quickconfig for winrm"
+&sc config WinRM start= auto
+Add-Content $log -value "Started winrm"
 
+# http://www.danielclasson.com/how-to-change-between-a-full-installation-gui-and-server-core-in-windows-server-2012/
+import-module servermanager
+Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
+Add-Content $log -value "Upgraded to Windows Core from GUI"
 
+Add-Content $log -value "Restarting"
+Restart-Computer
diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -1,5 +1,5 @@
-# Windows AMIs don't have WinRM enabled by default -- this script will enable WinRM
-# AND install 7-zip, curl and .NET 4 if its missing.
+# install 7-zip, curl and vim
+# (Windows 2012 comes with .NET 4.5 out-of-the-box)
 # Then use the EC2 tools to create a new AMI from the result, and you have a system 
 # that will execute user-data as a PowerShell script after the instance fires up!
 # This has been tested on Windows 2012 64bits AMIs provided by Amazon (eu-west-1 ami-a1867dd6)

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -1,3 +1,8 @@
+# As much of https://github.com/WinRb/vagrant-windows#creating-a-base-box as possible
+# * Windows AMIs don't have WinRM enabled by default -- this script will enable WinRM
+# * vagrant user
+# * disable UAC
+# 
 # <powershell>
 # set-executionpolicy unrestricted
 # icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Enable-Vagrant.ps1'))
@@ -29,6 +34,8 @@ Set-Location -Path $Env:USERPROFILE
 net user vagrant vagrant /expires:never /add
 Add-Content $log -value "Created vagrant user"
 
+$env:windir\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
+Add-Content $log -value "Turned off UAC"
 
 $client = new-object System.Net.WebClient
 

diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -8,7 +8,7 @@
 #
 # <powershell>
 # Set-ExecutionPolicy Unrestricted
-# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/petemounce/11099158/raw')) -ArgumentList "adminPassword"
+# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Bootstrap-EC2-Windows-CloudInit.ps1')) -ArgumentList "adminPassword"
 # </powershell>
 #
 param(
@@ -144,15 +144,6 @@ SetX Path "${Env:Path};C:\Program Files\Puppet Labs\Puppet\bin" /m
 &sc.exe config puppet start= demand
 Add-Content $log -value "Installed Puppet"
 
-&winrm quickconfig `-q
-&winrm set winrm/config/client/auth '@{Basic="true"}'
-&winrm set winrm/config/service/auth '@{Basic="true"}'
-&winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
-&winrm set winrm/config '@{MaxTimeoutms="1800000"}'
-&winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-&sc config WinRM start= auto
-Add-Content $log -value "Ran quickconfig for winrm"
-
 &netsh firewall set portopening tcp 445 smb enable
 Add-Content $log -value "Ran firewall config to allow incoming smb/tcp"
 

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -1,6 +1,6 @@
 # <powershell>
 # set-executionpolicy unrestricted
-# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/petemounce/11099158/raw'))
+# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/petemounce/11099158/raw/Enable-Vagrant.ps1'))
 # </powershell>
 
 Start-Transcript -Path 'c:\vagrant-transcript.txt' -Force
@@ -25,5 +25,21 @@ cd $Env:USERPROFILE
 Set-Location -Path $Env:USERPROFILE
 [Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
 
+#create vagrant user
+net user vagrant vagrant /expires:never /add
+Add-Content $log -value "Created vagrant user"
+
+
 $client = new-object System.Net.WebClient
 
+
+&winrm quickconfig `-q
+&winrm set winrm/config/client/auth '@{Basic="true"}'
+&winrm set winrm/config/service/auth '@{Basic="true"}'
+&winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
+&winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+&winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+&sc config WinRM start= auto
+Add-Content $log -value "Ran quickconfig for winrm"
+
+
diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -8,7 +8,7 @@
 #
 # <powershell>
 # Set-ExecutionPolicy Unrestricted
-# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/masterzen/6714787/raw')) -ArgumentList "adminPassword"
+# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/petemounce/11099158/raw')) -ArgumentList "adminPassword"
 # </powershell>
 #
 param(
@@ -137,17 +137,20 @@ else
 Add-Content $log -value "Installed Chocolatey"
 
 # install puppet
-#https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi
-curl -# -G -k -L https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi -o puppet-3.2.4.msi 2>&1 > "$log"
-Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.2.4.msi /norestart' -Wait
+#https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi
+curl -# -G -k -L https://downloads.puppetlabs.com/windows/puppet-3.5.1.msi -o puppet-3.5.1.msi 2>&1 > "$log"
+Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.5.1.msi /norestart' -Wait
 SetX Path "${Env:Path};C:\Program Files\Puppet Labs\Puppet\bin" /m
 &sc.exe config puppet start= demand
 Add-Content $log -value "Installed Puppet"
 
 &winrm quickconfig `-q
 &winrm set winrm/config/client/auth '@{Basic="true"}'
 &winrm set winrm/config/service/auth '@{Basic="true"}'
+&winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
+&winrm set winrm/config '@{MaxTimeoutms="1800000"}'
 &winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+&sc config WinRM start= auto
 Add-Content $log -value "Ran quickconfig for winrm"
 
 &netsh firewall set portopening tcp 445 smb enable

diff --git a/Enable-Vagrant.ps1 b/Enable-Vagrant.ps1
@@ -0,0 +1,29 @@
+# <powershell>
+# set-executionpolicy unrestricted
+# icm $executioncontext.InvokeCommand.NewScriptBlock((New-Object Net.WebClient).DownloadString('https://gist.github.com/petemounce/11099158/raw'))
+# </powershell>
+
+Start-Transcript -Path 'c:\vagrant-transcript.txt' -Force
+Set-StrictMode -Version Latest
+Set-ExecutionPolicy Unrestricted
+
+$log = 'c:\vagrant.txt'
+
+$systemPath = [Environment]::GetFolderPath([Environment+SpecialFolder]::System)
+$sysNative = [IO.Path]::Combine($env:windir, "sysnative")
+#http://blogs.msdn.com/b/david.wang/archive/2006/03/26/howto-detect-process-bitness.aspx
+$Is32Bit = (($Env:PROCESSOR_ARCHITECTURE -eq 'x86') -and ($Env:PROCESSOR_ARCHITEW6432 -eq $null))
+Add-Content $log -value "Is 32-bit [$Is32Bit]"
+
+#http://msdn.microsoft.com/en-us/library/ms724358.aspx
+$coreEditions = @(0x0c,0x27,0x0e,0x29,0x2a,0x0d,0x28,0x1d)
+$IsCore = $coreEditions -contains (Get-WmiObject -Query "Select OperatingSystemSKU from Win32_OperatingSystem" | Select -ExpandProperty OperatingSystemSKU)
+Add-Content $log -value "Is Core [$IsCore]"
+
+# move to home, PS is incredibly complex :)
+cd $Env:USERPROFILE
+Set-Location -Path $Env:USERPROFILE
+[Environment]::CurrentDirectory=(Get-Location -PSProvider FileSystem).ProviderPath
+
+$client = new-object System.Net.WebClient
+
diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -2,9 +2,9 @@
 # AND install 7-zip, curl and .NET 4 if its missing.
 # Then use the EC2 tools to create a new AMI from the result, and you have a system 
 # that will execute user-data as a PowerShell script after the instance fires up!
-# This has been tested on Windows 2008 SP2 64bits AMIs provided by Amazon
+# This has been tested on Windows 2012 64bits AMIs provided by Amazon (eu-west-1 ami-a1867dd6)
 # 
-# Inject this as user-data of a Windows 2008 AMI, like this (edit the adminPassword to your needs):
+# Inject this as user-data of a Windows 2012 AMI, like this (edit the adminPassword to your needs):
 #
 # <powershell>
 # Set-ExecutionPolicy Unrestricted

diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -51,41 +51,6 @@ Add-Content $log -value "Changed Administrator password"
 
 $client = new-object System.Net.WebClient
 
-#.net 4
-if ((Test-Path "${Env:windir}\Microsoft.NET\Framework\v4.0.30319") -eq $false)
-{
-    $netUrl = if ($IsCore) {'http://download.microsoft.com/download/3/6/1/361DAE4E-E5B9-4824-B47F-6421A6C59227/dotNetFx40_Full_x86_x64_SC.exe' } `
-    else { 'http://download.microsoft.com/download/9/5/A/95A9616B-7A37-4AF6-BC36-D6EA96C8DAAE/dotNetFx40_Full_x86_x64.exe' }
-
-    $client.DownloadFile( $netUrl, 'dotNetFx40_Full.exe')
-    Start-Process -FilePath 'C:\Users\Administrator\dotNetFx40_Full.exe' -ArgumentList '/norestart /q  /ChainingPackage ADMINDEPLOYMENT' -Wait -NoNewWindow
-    del dotNetFx40_Full.exe
-    Add-Content $log -value "Found that .NET4 was not installed and downloaded / installed"
-}
-
-#configure powershell to use .net 4
-$config = @'
-<?xml version="1.0" encoding="utf-8" ?>
-<configuration>
-  <!-- http://msdn.microsoft.com/en-us/library/w4atty68.aspx -->
-  <startup useLegacyV2RuntimeActivationPolicy="true">
-    <supportedRuntime version="v4.0" />
-    <supportedRuntime version="v2.0.50727" />
-  </startup>
-</configuration>
-'@
-
-if (Test-Path "${Env:windir}\SysWOW64\WindowsPowerShell\v1.0\powershell.exe")
-{
-    $config | Set-Content "${Env:windir}\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config"
-    Add-Content $log -value "Configured 32-bit Powershell on x64 OS to use .NET 4"
-}
-if (Test-Path "${Env:windir}\system32\WindowsPowerShell\v1.0\powershell.exe")
-{
-    $config | Set-Content "${Env:windir}\system32\WindowsPowerShell\v1.0\powershell.exe.config"
-    Add-Content $log -value "Configured host OS specific Powershell at ${Env:windir}\system32\ to use .NET 4"
-}
-
 #check winrm id, if it's not valid and LocalAccountTokenFilterPolicy isn't established, do it
 $id = &winrm id
 if (($id -eq $null) -and (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -ErrorAction SilentlyContinue) -eq $null)
@@ -116,24 +81,6 @@ $Env:Path += ';C:\Program Files\7-Zip'
 del 7z922.msi
 Add-Content $log -value "Installed 7-zip from $7zUri and updated path"
 
-#vc 2010 redstributable
-$vcredist = if ($Is32Bit) { 'http://download.microsoft.com/download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe'} `
-    else { 'http://download.microsoft.com/download/3/2/2/3224B87F-CFA0-4E70-BDA3-3DE650EFEBA5/vcredist_x64.exe' }
-
-$client.DownloadFile( $vcredist, 'vcredist.exe')
-Start-Process -FilePath 'C:\Users\Administrator\vcredist.exe' -ArgumentList '/norestart /q' -Wait
-del vcredist.exe
-Add-Content $log -value "Installed VC++ 2010 Redistributable from $vcredist and updated path"
-
-#vc 2008 redstributable
-$vcredist = if ($Is32Bit) { 'http://download.microsoft.com/download/d/d/9/dd9a82d0-52ef-40db-8dab-95376989c03/vcredist_x86.exe'} `
-    else { 'http://download.microsoft.com/download/d/2/4/d242c3fb-da5a-4542-ad66-f9661d0a8d19/vcredist_x64.exe' }
-
-$client.DownloadFile( $vcredist, 'vcredist.exe')
-Start-Process -FilePath 'C:\Users\Administrator\vcredist.exe' -ArgumentList '/norestart /q' -Wait
-del vcredist.exe
-Add-Content $log -value "Installed VC++ 2008 Redistributable from $vcredist and updated path"
-
 #curl
 $curlUri = if ($Is32Bit) { 'http://www.paehl.com/open_source/?download=curl_724_0_ssl.zip' } `
     else { 'http://curl.haxx.se/download/curl-7.23.1-win64-ssl-sspi.zip' }

diff --git a/Bootstrap-EC2-Windows-CloudInit.ps1 b/Bootstrap-EC2-Windows-CloudInit.ps1
@@ -192,7 +192,7 @@ Add-Content $log -value "Installed Chocolatey"
 # install puppet
 #https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi
 curl -# -G -k -L https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi -o puppet-3.2.4.msi 2>&1 > "$log"
-Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.2.4.msi /norestart"' -Wait
+Start-Process -FilePath "msiexec.exe" -ArgumentList '/qn /passive /i puppet-3.2.4.msi /norestart' -Wait
 SetX Path "${Env:Path};C:\Program Files\Puppet Labs\Puppet\bin" /m
 &sc.exe config puppet start= demand
 Add-Content $log -value "Installed Puppet"
No results found