Friday, May 4, 2012

PowerShell 2.0 and WMI remoting for Windows XP

This is how to install PowerShell 2.0 and WMI for Windows XP via batch file which minimizes the installation process replication.

1. Create a server share that all your computers can access (i.e. \\server\share$)
2. Download the full DotNet Framework 3.5 Service Pack 1 (dotnetfx35.exe)and place the file into the \\server\share$ location.
2. Download PS 2.0 for XP (WindowsXP-KB968930-x86-ENG.exe) and place the file into the \\server\share$ location.
3. You will create two new scripts in your \\server\share$ folder.  One will be the installation batch file and the other will be a WMI remote-enabling PowerShell script.


     First the batch file:
  1. if not exist "%SystemRoot%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\*.*" \\server\share$\dotnetfx35.exe (you will have to interact with this executable should it need to install)
  2. if not exist "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" \\server\share$\WindowsXP-KB968930-x86-ENG.exe /q (no interaction needed)
  3. regedit /i /s \\server\share$\unrestrictedps.reg (create a .reg file with:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="Unrestricted"
     4. "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" \\server\share$\XP-enableremote.ps1

     Then the PowerShell script:
  1. enable-psremoting -force
  2. set-item wsman:localhost\client\trustedhosts -value * -force
The file share can be read-only as there's no need to have the client write back to the location.  For step one of the batch file, you can use automation strings for the dotnet executable but I prefer to know if 3.5 SP1 is going to be installed.  Also, 3.5 SP1 needs Windows XP service pack 3 installed.  Step three of the batch file is to allow PowerShell scripts to run.  This is the equivalent to setting the Execution policy from inside of PowerShell.   Step two of the PowerShell script was necessary due to PS's innate security.  It won't allow anonymous WMI connections unless told to.  I set the value to * (everyone) but you may want to be more restrictive and actually create a valid trusted host list.

No comments: