ConfigureNetworkProtocolParameters
$local:CommandAppCmd = "$env:windirSystem32inetsrvappcmd.exe"
function local:Invoke-ExpressionWithConfiguredLogging([string]$expression)
{
if ((Get-Command Invoke-ExpressionWithLoggin[g] -CommandType Function) -ne $null)
{
# Executing as a part of workflow
Invoke-ExpressionWithLogging $expression
}
else
{
# Default PowerShell way
Invoke-Expression $expression
}
}
function local:Run-CommandWithConfiguredLogging([string]$exeName, [string]$parameters)
{
if ((Get-Command Start-SetupProces[s] -CommandType CmdLet) -ne $null)
{
# Executing as a part of setup
Start-SetupProcess -Name $exeName -Args $parameters
}
else
{
Invoke-ExpressionWithConfiguredLogging "$exeName $parameters"
}
}
function local:SetRegistryValueNoLogging([string]$key, [string]$valueName, [object]$value, [ScriptBlock]$keyDoesNotExist)
{
if (-not (Test-Path $key))
{
& $keyDoesNotExist
}
if ($value -ne $null)
{
Set-ItemProperty -path $key -name $valueName -value $value
}
else
{
Remove-ItemProperty -path $key -name $valueName
}
}
function script:Set-RegistryValue([string]$key, [string]$valueName, [object]$value, [ScriptBlock]$keyDoesNotExist = {[void](New-Item -path $key)})
{
$initialErrorCount = $error.Count
# $value can be of a variety of types and even $null
SetRegistryValueNoLogging $key $valueName $value $keyDoesNotExist
if ($error.Count -ne $initialErrorCount `
-and (Get-Command Write-ExchangeSetupLo[g] -CommandType CmdLet) -ne $null)
{
# Executing as a part of setup
$error[0..($error.Count - $initialErrorCount - 1)] `
| Write-ExchangeSetupLog $_ $_.Exception
# Reset the errors if the only thing that failed was a registry operation
if ($initialErrorCount -eq 0)
{
$error.Clear()
}
}
}
#########################################################################################################################
# Actual logic
#########################################################################################################################
# Configures a Global Catalog running on the current machine to listen
# on the standard NSPI Rpc-over-Http port 6004. This would enable Rpc-over-Http
# connections from Outlook clients to a GC, RpcProxy'ed by CAS boxes.
#
# For more information, see
# - http://technet.microsoft.com/en-us/library/bb124159(EXCHG.65).aspx
function Enable-NspiOverRpcOverHttpForGlobalCatalog
{
Set-RegistryValue `
'HKLM:SystemCurrentControlSetServicesNTDSParameters' `
'NSPI interface protocol sequences' `
([string[]]'ncacn_http:6004') `
{throw "This setting can only be enabled on Windows Domain Controllers"}
}
function Enable-RpcOverTcpPortScaling
{
Set-RegistryValue `
'HKLM:SOFTWAREPoliciesMicrosoftWindows NTRpc' `
'EnableTcpPortScaling' `
([int]1)
}
function Enable-ExtendedTcpPortRange([string[]]$protocols = ('ipv4', 'ipv6'))
{
# See http://support.microsoft.com/kb/929851 for details on this setting.
# Start from port 6005, as Exchange and SQL have assigned ports below.
$protocols | foreach {Run-CommandWithConfiguredLogging netsh "interface $_ set dynamicportrange protocol=tcp startport=6005 numberofports=59530"}
}
function Set-IisKernelModeAuthentication([bool]$isEnabled)
{
$mode = @{$true='true'; $false='false'}[$isEnabled]
Run-CommandWithConfiguredLogging $CommandAppCmd "set config /section:windowsAuthentication /useKernelMode:$mode"
}
function Set-IisApplicationPoolRecycling([string]$appPool, [TimeSpan]$idleTimeout, [TimeSpan]$periodicRestart)
{
Run-CommandWithConfiguredLogging $CommandAppCmd "set config /section:applicationPools `"/[name='$appPool'].processModel.idleTimeout:$idleTimeout`""
Run-CommandWithConfiguredLogging $CommandAppCmd "set config /section:applicationPools `"/[name='$appPool'].recycling.periodicRestart.time:$periodicRestart`""
}
function Set-AutoConfigureRpcProxyForGlobalCatalogs([bool]$isEnabled = $true)
{
Set-RegistryValue `
'HKLM:SYSTEMCurrentControlSetServicesMSExchangeServiceHostRpcHttpConfigurator' `
'ConfigureGCPorts' `
(@{$true=[int]1; $false=$null}[$isEnabled])
}
function Set-NtlmLoopbackCheck([bool]$isEnabled = $true)
{
# See http://support.microsoft.com/kb/896861 for details on this setting.
# Disables NTLM loopback check that prevents NTLM authentication from
# succeeding against a local server if an FQDN was used to address it.
Set-RegistryValue `
'HKLM:SYSTEMCurrentControlSetControlLsa' `
'DisableLoopbackCheck' `
(@{$true=$null; $false=[int]1}[$isEnabled])
}
[@more@]来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/23700676/viewspace-1052335/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/23700676/viewspace-1052335/
扫一扫
125
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
