一旦使用 Powershell 添加角色和功能，如何配置它们？

Question 1

类似这样的功能还有很多。当我升级我们的 WSUS 服务器时，我使用这个命令来识别自定义数据库位置：

& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

要完成到新服务器的迁移还需要许多其他步骤 - 在服务器上分配新的 guid 后，我第二次调用此实用程序。

另一个例子...安装管理工具包后，然后dism.exe使用使能够特定工具，如 Active Directory 用户和计算机。

编辑：好的……这是我用来启动新 WSUS 服务器的脚本。请记住，它是针对我们环境的，可能需要进行一些调整才能运行您的环境：

<#
Initial setup script for WSUS 6.3 (Server 2012)
Created : 12/02/2014
#>

$oldserver = "[enter DNS name of old server]"
$newserver = $env:ComputerName

$WID = "\\.\pipe\Microsoft##WID\tsql\query"
$WIDService = "MSSQL`$MICROSOFT##WID"

Function Create-Group ([String]$name, [String]$desc) {
   $objOu = [ADSI]"WinNT://$newserver"
   $objGroup = $objOU.Create("group", $name)
   $objGroup.SetInfo()
   $objGroup.Description = $desc
   $objGroup.SetInfo()
}

Function Confirm($message) {
   $caption = "Confirm"
   $yes = new-Object System.Management.Automation.Host.ChoiceDescription "&Yes","help"
   $no = new-Object System.Management.Automation.Host.ChoiceDescription "&No","help"
   $choices = [System.Management.Automation.Host.ChoiceDescription[]]($yes,$no)
   $host.ui.PromptForChoice($caption,$message,$choices,0)
}

If (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
   Write-Host "Script needs to be run as Administartor"
   Exit 0
} Else {
   If (Confirm("You are about to run the WSUS setup script. Do you want to continue?") -eq 1) {
      Exit 0
   }
}

Import-Module SQLPS

# Add the WSUS role to the server
Write-Host "Installing the WSUS Server Role - post-install configuration will be run as part of this script"
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools -WhatIf
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools

# Copy WSUS patches to new server
Write-Host "Copying patch repository from \\$oldserver\E$\WSUS"
Copy-Item "\\$oldserver\E$\WSUS" "\\$newserver\E$\" -Recurse

# Copy WSUS database to new server
Write-Host "Copying WSUS Database from \\$oldserver\E$\WSUS DB Backups\Backup.bak"
Copy-Item "\\$oldserver\E$\WSUS DB Backups\Backup.bak" "\\$newserver\E$\TEMP"

# Create WSUS Security groups on new server
Write-Host "Creating WSUS access groups"
Create-Group "WSUS Administrators" "WSUS Administrators can administer the Windows Server Update Services server."
Create-Group "WSUS Reporters" "WSUS Administrators who can only run reports on the Windows Server Update Services server."
# Populate groups via group policy
gpupdate /force

# Ensure the Windows Internal Database (WID) is running and set to auto startup
Write-Host "Checking Windows Internal Database"
(Get-Service -Name $WIDService -ComputerName $newserver).Start
Set-Service -Name $WIDService -ComputerName $newserver -StartupType Automatic
Start-Sleep -s 5

# Create a blank DB for new WSUS instance
Write-Host "Creating blank DB for WSUS"
$sql = New-Object Microsoft.SqlServer.Management.Smo.Server($WID)
$db = New-Object Microsoft.SqlServer.Management.Smo.Database($sql, "SUSDB")
$db.Create()
Write-Host "DB created on " $db.CreateDate
Start-Sleep -s 5

Write-Host "Restoring \\$newserver\E$\WSUS DB Backups\Backup.bak to new server"
Write-Host "Note: there WILL be one warning"
# Drop the newly created DB
Invoke-SqlCmd -InputFile ".\SUSDB_Drop.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5
# Restore the previous DB over the blank DB
Invoke-SqlCmd -InputFile ".\SUSDB_Restore.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5

# Run the WSUS postinstall command with the patch folder
Write-Host "Identifying WSUS repository as E:\WSUS"
& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

# Give the WSUS instance a new identity (powershell)
Write-Host "Creating new ID for WSUS server"
$updateServer = Get-WsusServer -Name $newserver -Port 8530
$config = $updateServer.GetConfiguration()
$config.ServerId = [System.Guid]::NewGuid()
$config.Save()

# Re-run the postinstall with the new identity
Write-Host "Running WSUS postinstall with for ID"
& "$env:ProgramFiles\Update Services\Tools\wsusutil.exe" postinstall

# Change the WSUS service to run on port 80 (as per current server)
Write-Host "Changing default WSUS port to port 80"
& "$env:programfiles\update services\tools\wsusutil.exe" usecustomwebsite false

# Replicate SQL security using query provided by DST
Write-Host "Restoring SQL permissions"
Invoke-SqlCmd -InputFile ".\SUSDB_RoleUsers.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose

Answer

类似这样的功能还有很多。当我升级我们的 WSUS 服务器时，我使用这个命令来识别自定义数据库位置：

& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

要完成到新服务器的迁移还需要许多其他步骤 - 在服务器上分配新的 guid 后，我第二次调用此实用程序。

另一个例子...安装管理工具包后，然后dism.exe使用使能够特定工具，如 Active Directory 用户和计算机。

编辑：好的……这是我用来启动新 WSUS 服务器的脚本。请记住，它是针对我们环境的，可能需要进行一些调整才能运行您的环境：

<#
Initial setup script for WSUS 6.3 (Server 2012)
Created : 12/02/2014
#>

$oldserver = "[enter DNS name of old server]"
$newserver = $env:ComputerName

$WID = "\\.\pipe\Microsoft##WID\tsql\query"
$WIDService = "MSSQL`$MICROSOFT##WID"

Function Create-Group ([String]$name, [String]$desc) {
   $objOu = [ADSI]"WinNT://$newserver"
   $objGroup = $objOU.Create("group", $name)
   $objGroup.SetInfo()
   $objGroup.Description = $desc
   $objGroup.SetInfo()
}

Function Confirm($message) {
   $caption = "Confirm"
   $yes = new-Object System.Management.Automation.Host.ChoiceDescription "&Yes","help"
   $no = new-Object System.Management.Automation.Host.ChoiceDescription "&No","help"
   $choices = [System.Management.Automation.Host.ChoiceDescription[]]($yes,$no)
   $host.ui.PromptForChoice($caption,$message,$choices,0)
}

If (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
   Write-Host "Script needs to be run as Administartor"
   Exit 0
} Else {
   If (Confirm("You are about to run the WSUS setup script. Do you want to continue?") -eq 1) {
      Exit 0
   }
}

Import-Module SQLPS

# Add the WSUS role to the server
Write-Host "Installing the WSUS Server Role - post-install configuration will be run as part of this script"
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools -WhatIf
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools

# Copy WSUS patches to new server
Write-Host "Copying patch repository from \\$oldserver\E$\WSUS"
Copy-Item "\\$oldserver\E$\WSUS" "\\$newserver\E$\" -Recurse

# Copy WSUS database to new server
Write-Host "Copying WSUS Database from \\$oldserver\E$\WSUS DB Backups\Backup.bak"
Copy-Item "\\$oldserver\E$\WSUS DB Backups\Backup.bak" "\\$newserver\E$\TEMP"

# Create WSUS Security groups on new server
Write-Host "Creating WSUS access groups"
Create-Group "WSUS Administrators" "WSUS Administrators can administer the Windows Server Update Services server."
Create-Group "WSUS Reporters" "WSUS Administrators who can only run reports on the Windows Server Update Services server."
# Populate groups via group policy
gpupdate /force

# Ensure the Windows Internal Database (WID) is running and set to auto startup
Write-Host "Checking Windows Internal Database"
(Get-Service -Name $WIDService -ComputerName $newserver).Start
Set-Service -Name $WIDService -ComputerName $newserver -StartupType Automatic
Start-Sleep -s 5

# Create a blank DB for new WSUS instance
Write-Host "Creating blank DB for WSUS"
$sql = New-Object Microsoft.SqlServer.Management.Smo.Server($WID)
$db = New-Object Microsoft.SqlServer.Management.Smo.Database($sql, "SUSDB")
$db.Create()
Write-Host "DB created on " $db.CreateDate
Start-Sleep -s 5

Write-Host "Restoring \\$newserver\E$\WSUS DB Backups\Backup.bak to new server"
Write-Host "Note: there WILL be one warning"
# Drop the newly created DB
Invoke-SqlCmd -InputFile ".\SUSDB_Drop.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5
# Restore the previous DB over the blank DB
Invoke-SqlCmd -InputFile ".\SUSDB_Restore.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5

# Run the WSUS postinstall command with the patch folder
Write-Host "Identifying WSUS repository as E:\WSUS"
& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

# Give the WSUS instance a new identity (powershell)
Write-Host "Creating new ID for WSUS server"
$updateServer = Get-WsusServer -Name $newserver -Port 8530
$config = $updateServer.GetConfiguration()
$config.ServerId = [System.Guid]::NewGuid()
$config.Save()

# Re-run the postinstall with the new identity
Write-Host "Running WSUS postinstall with for ID"
& "$env:ProgramFiles\Update Services\Tools\wsusutil.exe" postinstall

# Change the WSUS service to run on port 80 (as per current server)
Write-Host "Changing default WSUS port to port 80"
& "$env:programfiles\update services\tools\wsusutil.exe" usecustomwebsite false

# Replicate SQL security using query provided by DST
Write-Host "Restoring SQL permissions"
Invoke-SqlCmd -InputFile ".\SUSDB_RoleUsers.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose

Question 2

一旦通过 PowerShell 安装了某个功能，就可以使用该功能的 PowerShell 模块完成配置。

但是并非所有 Windows 功能都具有完整的模块，您的 WSUS 任务（移动 WSUS 数据库位置）就是这样一个例子。但这并不意味着不能使用 PowerShell 来完成任务，只是需要额外的步骤。

微软有一篇 Technet 文章这里演示如何使用 wsusutil 命令行程序设置数据库位置。

Answer

一旦通过 PowerShell 安装了某个功能，就可以使用该功能的 PowerShell 模块完成配置。

但是并非所有 Windows 功能都具有完整的模块，您的 WSUS 任务（移动 WSUS 数据库位置）就是这样一个例子。但这并不意味着不能使用 PowerShell 来完成任务，只是需要额外的步骤。

微软有一篇 Technet 文章这里演示如何使用 wsusutil 命令行程序设置数据库位置。

一旦使用 Powershell 添加角色和功能，如何配置它们？

答案1

答案2

相关内容