modules/mu/clouds/aws/userdata/windows.erb in cloud-mu-3.1.4 vs modules/mu/clouds/aws/userdata/windows.erb in cloud-mu-3.1.5
- old
+ new
@@ -21,11 +21,11 @@
Add-Content "c:/Mu-Bootstrap-$([Environment]::UserName).log" "$(Get-Date -f MM-dd-yyyy_HH:mm:ss) $args"
Add-Content "c:/Mu-Bootstrap-GLOBAL.log" "$(Get-Date -f MM-dd-yyyy_HH:mm:ss) $args"
}
function fetchSecret([string]$file){
- log "Fetching s3://<%= $mu.adminBucketName %>/$file to $tmp/$file"
+ log "aws.cmd --region $region s3 cp s3://<%= $mu.adminBucketName %>/$file $tmp/$file"
aws.cmd --region $region s3 cp s3://<%= $mu.adminBucketName %>/$file $tmp/$file
}
function importCert([string]$cert, [string]$store){
fetchSecret($cert)
@@ -243,9 +243,10 @@
$ingroup = net localgroup WinRMRemoteWMIUsers__ | Where-Object {$_ -eq $admin_username}
if($ingroup -ne $admin_username){
net localgroup WinRMRemoteWMIUsers__ /add $admin_username
}
+importCert "$myname-winrm.crt" "root"
$winrmcert = importCert "$myname-winrm.crt" "TrustedPeople"
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name LocalAccountTokenFilterPolicy -Value 1
if($creds){
log "Enabling WinRM cert auth for $real_admin_user"