【发布时间】:2017-11-14 16:25:30
【问题描述】:
PowerShell 会这样做:
- 在 CRM 服务器上禁用 UAC(您可以在安装后重新打开它)
- 关闭 CRM 服务器上的防火墙(您可以在安装并配置防火墙规则后将其重新打开) 将 CRM 应用程序帐户添加到前端服务器中的 IIS_IUSRS 和性能日志用户组
- 将 CRM 部署帐户添加到部署服务器中的 IIS_IUSRS 和本地管理员组
- 将 CRM 异步服务帐户添加到后端服务器中的性能日志用户组
- 向相应的服务帐户授予作为服务登录的权限
- 将 CRM 部署帐户添加到 SQL Server 中的本地管理员组
-
将 CRM 部署帐户作为系统管理员添加到 SQL Server
function Assign-Permissions { $fullRolesServers = "WDPWD99A0310" foreach($server in $fullRolesServers) { $session0 = New-PSSession -ComputerName $server -Credential Administrator; $output = Invoke-Command -ScriptBlock{ function Disable-Uac() { if((Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -ea 0).EnableLUA -eq 0) { Write-Host "UAC is disabled" -f darkcyan; } else { Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0 Write-Host "UAC has been disabled" -f darkGreen; } } Write-Host "Server:$env:computerName - Disabling UAC" -f darkcyan; Disable-Uac; Write-Host "Server:$env:computerName - Turning Off Firewall" -f darkcyan; netsh advfirewall set allprofiles state off; }; Remove-PSSession -Session $session0; $iisGroup = "WinNT://"+$server+"/IIS_IUSRS,group" $perfoGroup = "WinNT://"+$server+"/Performance Log Users,group" $adminGroup = "WinNT://"+$server+"/Administrators,group" Write-Host "Server:$server - Adding CRM Application Account to IIS_IUSRS and Performance Log Users groups" -ForegroundColor DarkCyan if(!(([ADSI]$iisGroup).IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path))) {([ADSI]$iisGroup).psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path);} if(!(([ADSI]$perfoGroup).IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path))) {([ADSI]$perfoGroup).psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path);} Write-Host "Server:$server - Adding CRM Deployment Account to IIS_IUSRS and Local Administrators groups" -ForegroundColor DarkCyan if(!(([ADSI]$iisGroup).IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path))) {([ADSI]$iisGroup).psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path);} if(!(([ADSI]$adminGroup).IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path))) {([ADSI]$adminGroup).psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path);} Write-Host "Server:$server - Adding CRM Async Service Account to Performance Log Users group" -ForegroundColor DarkCyan if(!(([ADSI]$perfoGroup).IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAsyncSvc").path))) {([ADSI]$perfoGroup).psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAsyncSvc").path);} $output=Invoke-Command -ComputerName $server -ScriptBlock{ function AddLogonAsAService($accountToAdd) { if( [string]::IsNullOrEmpty($accountToAdd) ) { Write-Host "no account specified" -f red; exit; } $sidstr = $null try { $ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd" $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier]) $sidstr = $sid.Value.ToString() } catch { $sidstr = $null } Write-Host "Server:$env:computerName - Adding ""Logon as a Service"" right to Account: $accountToAdd" -ForegroundColor DarkCyan if( [string]::IsNullOrEmpty($sidstr) ) { Write-Host "Account not found!" -ForegroundColor Red exit -1 } #Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan $tmp = [System.IO.Path]::GetTempFileName() #Write-Host "Export current Local Security Policy" -ForegroundColor DarkCyan secedit.exe /export /cfg "$($tmp)" $c = Get-Content -Path $tmp $currentSetting = "" foreach($s in $c) { if( $s -like "SeServiceLogonRight*") { $x = $s.split("=",[System.StringSplitOptions]::RemoveEmptyEntries) $currentSetting = $x[1].Trim() } } if( $currentSetting -notlike "*$($sidstr)*" ) { Write-Host "Modify Setting 'Logon as a Service'" -ForegroundColor DarkCyan if( [string]::IsNullOrEmpty($currentSetting) ) { $currentSetting = "*$($sidstr)" } else { $currentSetting = "*$($sidstr),$($currentSetting)" } #Write-Host "$currentSetting" $outfile = @" [Unicode] Unicode=yes [Version] signature="`$CHICAGO`$" Revision=1 [Privilege Rights] SeServiceLogonRight = $($currentSetting) "@ $tmp2 = [System.IO.Path]::GetTempFileName() #Write-Host "Import new settings to Local Security Policy" -ForegroundColor DarkCyan $outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force Push-Location (Split-Path $tmp2) try { secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS } finally { Pop-Location } } else { Write-Host "NO ACTIONS REQUIRED! Account already in ""Logon as a Service""" -ForegroundColor DarkGreen } Write-Host "Done." -ForegroundColor DarkGreen } AddLogonAsAService "TESTBIZTALK\CRMAsyncSvc"; AddLogonAsAService "TESTBIZTALK\CRMSandboxSvc"; AddLogonAsAService "TESTBIZTALK\CRMAppSvc"; AddLogonAsAService "TESTBIZTALK\CRMVssSvc"; AddLogonAsAService "TESTBIZTALK\CRMMonSvc"; } } if(!(([ADSI]"WinNT://WDVMA76A0530/Administrators,group").IsMember(([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path))) {([ADSI]"WinNT://WDVMA76A0530/Administrators,group").psbase.Invoke("Add",([ADSI]"WinNT://TESTBIZTALK/CRMAppSvc").path);} $output=Invoke-Command -ComputerName WDVMA76A0530 -ScriptBlock{ function createLogin() { try { $instanceName = "MSSQLSERVER" $LoginName = "TESTBIZTALK\CRMAppSvc" Import-Module SQLPS -DisableNameChecking if ($instanceName -eq "MSSQLSERVER") { $server = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server -ArgumentList WDVMA76A0530 } else { $server = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server -ArgumentList WDVMA76A0530\$instanceName } if ($server.Logins.Contains($LoginName)) { Write-Host $LoginName "Already exists..." } else { $SqlLogin = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Login -ArgumentList $server, "$LoginName" $SqlLogin.LoginType = 'WindowsUser' $SqlLogin.Create() $SqlLogin.AddToRole('sysadmin') Write-Host $LoginName "Login created successfully" -f darkgreen; } } catch { Write-Host "Could not create Login - Error: " $($_.Exception.Message) -f red; } } createLogin; } } Assign-Permissions;
开放建议那些对从本地计算机进行 powershell 远程处理和 CRM 2016 安装感兴趣的人。
环境细节: TestDC1 域控制器 WDPWD99A0310 客户关系管理 WDVMA76A0530 SQL
【问题讨论】:
标签: sql-server powershell dynamics-crm crm dynamics-crm-2016