http://autospinstaller.codeplex.com/discussions/246532
http://todd-carter.com/post/2010/04/26/The-Wizard-Likes-His-GUIDs.aspx
创建Secure Store Service
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA SilentlyContinue
$serviceApplicationPool="Secure Store Service Pool" #name of the application pool under which the application should run
$secureStoreDatabaseName="SecureStoreServiceDB" #the sharepoint database where the service app will store the data
$secureStoreApplicationName="Secure Store Service" #name of the service application
$secureStoreApplicationProxyName="Secure Store Service Proxy" #name of the service application proxy
$targetAppID="GMAx SSS" #name of the service target application
$targetAppName="GMAxSecureStoreServiceTargetApp"
$secureStoreAdministrator="ibm\10010" #the administrator of the application
$secureStoreUser="ibm\domain user" #the group or user that will have access to service application. I use the group configuration
$secureStoreAdministratorEmail="Mingle.Lui@gmail.com" #email of the administrator
$serviceContext="http://www.ibm.com/" # the url for getting the service application context
$targetApplicationUserName="ibm\10010" #user name which will be used to access the external application
$targetApplicationUserPassword="Password_213"
#password which will be used to access the external application
$passPhrase="2012-Mar" #passphrase for securing the application
#Gettheserviceinstance
$SecureStoreServiceInstances=Get-SPServiceInstance|?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance])}
$SecureStoreServiceInstance=$SecureStoreServiceInstances|?{$_.Server.Address -eq $env:COMPUTERNAME}
If(-not$?){Throw "-FailedtofindSecureStoreserviceinstance" }
#StartServiceinstance
If($SecureStoreServiceInstance.Status -eq "Disabled")
{
Write-Host "-StartingSecureStoreServiceInstance..."
$SecureStoreServiceInstance.Provision()
If(-not$?){Throw"-FailedtostartSecureStoreserviceinstance"}
#Wait
Write-Host "-WaitingforSecureStoreservice..." -NoNewline
While($SecureStoreServiceInstance.Status -ne "Online")
{
Write-Host "." -NoNewline
Start-Sleep 1
$SecureStoreServiceInstances=Get-SPServiceInstance | ?{$_.GetType().ToString() -eq "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance"}
$SecureStoreServiceInstance=$SecureStoreServiceInstances | ?{$_.Server.Address -eq $env:COMPUTERNAME}
}
Write-Host $($SecureStoreServiceInstance.Status)
}
#CreateServiceApplication
$GetSPSecureStoreServiceApplication=Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}
If($GetSPSecureStoreServiceApplication -eq $Null)
{
Write-Host "-CreatingSecureStoreServiceApplication..."
New-SPSecureStoreServiceApplication -Name $secureStoreApplicationName -PartitionMode:$false -Sharing:$false -DatabaseName $secureStoreDatabaseName -ApplicationPool $serviceApplicationPool -AuditingEnabled:$true -AuditLogMaxSize 30 |Out-Null
Write-Host "-CreatingSecureStoreServiceApplicationProxy..."
Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}|New-SPSecureStoreServiceApplicationProxy -Name $secureStoreApplicationProxyName -DefaultProxyGroup|Out-Null
Write-Host "-DonecreatingSecureStoreServiceApplication."
}
Else{Write-Host "-SecureStoreServiceApplicationalreadyprovisioned."}
$secureStore=Get-SPServiceApplicationProxy|Where{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy])}
Start-Sleep 5
Write-Host "-CreatingtheMasterKey..."
Update-SPSecureStoreMasterKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase
Start-Sleep 5
Write-Host "-CreatingtheApplicationKey..."
Update-SPSecureStoreApplicationServerKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase -ErrorAction SilentlyContinue
$usernameField=New-SPSecureStoreApplicationField –Name "UserName" -Type UserName –Masked:$false
$passwordField=New-SPSecureStoreApplicationField –Name "Password" –Type Password –Masked:$true
$fields=$usernameField,$passwordField
$adminClaim=New-SPClaimsPrincipal –Identity $secureStoreAdministrator –IdentityType WindowsSamAccountName
$groupid = (New-Object System.Security.Principal.NTAccount("ibm", "domain users")).Translate([System.Security.Principal.SecurityIdentifier]).Value
$userClaim=New-SPClaimsPrincipal –Identity $groupid –IdentityType WindowsSecurityGroupSid
$targetApp=new-spsecurestoretargetapplication -name $targetAppID -friendlyname $targetAppName -contactemail $secureStoreAdministratorEmail -applicationtype Group -timeoutinminutes 3
$ssApp=New-SPSecureStoreApplication –ServiceContext $serviceContext –TargetApplication $targetApp –Field $fields –Administrator $adminClaim -CredentialsOwnerGroup $userClaim
$firstCredential=ConvertTo-SecureString $targetApplicationUserName –AsPlainText –Force
$secondCredential=ConvertTo-SecureString $targetApplicationUserPassword –AsPlainText –Force
$credentialValues=$firstCredential,$secondCredential
Update-SPSecureStoreGroupCredentialMapping –Identity $ssApp –Values $credentialValues