############################################## # Before -ConfigrationDatabase REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spconfig" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spconfig" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spcontent" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spcontent" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spservices" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spservices" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib' '/v' "Encrypt" '/t' 'REG_DWORD' /f '/d' 1 REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spconfig" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spconfig" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spcontent" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spcontent" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSSQLServer\Client\ConnectTo' '/v' "spservices" '/t' 'REG_SZ' /f /d "DBMSSOCN,db1\spservices" REG ADD 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSSQLServer\Client\SuperSocketNetLib' '/v' "Encrypt" '/t' /f 'REG_DWORD' '/d' 1 & $env:windir\system32\inetsrv\appcmd.exe delete site "default web site" & $env:windir\system32\inetsrv\appcmd.exe list apppool '/xml' | & $env:windir\system32\inetsrv\appcmd.exe delete apppool /in & $env:windir\system32\inetsrv\appcmd.exe set config '/section:httpLogging' '/dontLog:FAlse' '/selectiveLogging:LogAll' & $env:windir\system32\inetsrv\appcmd.exe set config '/section:sites' '-siteDefaults.logFile.logExtFileFlags:Date,Time,ClientIP,UserName,SiteName,ComputerName,ServerIP,Method,UriStem,UriQuery,HttpStatus,Win32Status,BytesSent,BytesRecv,TimeTaken,ServerPort,UserAgent,Cookie,Referer,ProtocolVersion,Host,HttpSubStatus' & $env:windir\system32\inetsrv\appcmd.exe set config '/section:sites' '-siteDefaults.logFile.logFormat:W3C' & $env:windir\system32\inetsrv\appcmd.exe set config '/section:sites' '-siteDefaults.logFile.Directory:E:\IIS-Logs' ############################################## # After -ConfigrationDatabase # function Set-RegPermissions ( [string] $key, [string] $user ) { $keyObj = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($key, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::ChangePermissions) $acl = $keyObj.GetAccessControl() $inherit = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($user, "FullControl", $inherit, 'None', "Allow") $acl.SetAccessRule($rule) $keyObj.SetAccessControl($acl) } function Adjust-Privilege ( [int] $privilege, [bool] $enable ) { $adjustPrivilege = @" using System; using System.Runtime.InteropServices; namespace Win32Api { public class NtDll { [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")] public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled); } } "@ Add-Type -TypeDefinition $adjustPrivilege -PassThru $enabledBool = $enable $res = [Win32Api.NtDll]::RtlAdjustPrivilege($privilege, $true, $false, [ref] $enabledBool) } function Take-RegOwnership ( [string] $key ) { Adjust-Privilege 9 $true $keyObj = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($key, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::TakeOwnership) $acl = $keyObj.GetAccessControl() $acl.SetOwner([System.Security.Principal.NTAccount] ".\Administrators") $keyObj.SetAccessControl($acl) } REG ADD 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPSearch4 VSS Writer' /ve /f REG ADD 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\SharePoint Services Writer' /ve /f REG ADD 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SQMServiceList' /ve /f Set-RegPermissions 'SYSTEM\CurrentControlSet\Services\VSS\Diag\SPSearch4 VSS Writer' "WSS_ADMIN_WPG" Set-RegPermissions 'SYSTEM\CurrentControlSet\Services\VSS\Diag\SharePoint Services Writer' "WSS_ADMIN_WPG" Set-RegPermissions 'SYSTEM\CurrentControlSet\Control\SQMServiceList' "Administrators" Take-RegOwnership 'Software\Classes\AppId\{000C101C-0000-0000-C000-000000000046}' Take-RegOwnership 'Software\Classes\AppId\{61738644-F196-11D0-9953-00C04FD919C1}' Set-RegPermissions 'Software\Classes\AppId\{000C101C-0000-0000-C000-000000000046}' "Administrators" Set-RegPermissions 'Software\Classes\AppId\{61738644-F196-11D0-9953-00C04FD919C1}' "Administrators" function Set-DCOMLaunchPermissions ( [string] $appID, [string] $userOrSid, [string] $domain ) { $app = Get-WmiObject -Query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE AppId = "{0}"' -f $appId) -EnableAllPrivileges $sdRes = $app.GetLaunchSecurityDescriptor() "Current launch descriptor:" $sdRes $sd = $sdRes.Descriptor "Creating trustee..." $trustee = ([wmiclass] 'Win32_Trustee').CreateInstance() if ($domain -eq 'nt authority') { $sid = [wmi] "\\.\root\cimv2:Win32_SID.SID='$userOrSid'" $sid $trustee.SID = $sid.BinaryRepresentation $trustee.SIDLength = $sid.SIDLength $trustee.SIDString = $userOrSid $trustee.Domain = $sid.ReferencedDomainName $trustee.Name = $sid.AccountName } else { $trustee.Domain = $domain $trustee.Name = $userOrSid } $trustee $fullControl = 31 $localLaunchActivate = 11 $ace = ([wmiclass] 'Win32_ACE').CreateInstance() $ace.AccessMask = $localLaunchActivate $ace.AceFlags = 0 $ace.AceType = 0 $ace.Trustee = $trustee [System.Management.ManagementBaseObject[]] $newDACL = $sd.DACL + @($ace) $sd.DACL = $newDACL $app.SetLaunchSecurityDescriptor($sd) } Set-DCOMLaunchPermissions '{000C101C-0000-0000-C000-000000000046}' 'S-1-5-20' "NT Authority" Set-DCOMLaunchPermissions '{000C101C-0000-0000-C000-000000000046}' 'WSS_ADMIN_WPG' $null Set-DCOMLaunchPermissions '{61738644-F196-11D0-9953-00C04FD919C1}' 'WSS_ADMIN_WPG' $null icacls e: /Grant wss_wpg:R Set-SPDiagnosticConfig -LogLocation E:\SP-Logs Initialize-SPResourceSecurity Install-SPHelpCollection -All Install-SPService Install-SPFeature -AllExistingFeatures Install-SPApplicationContent #########################33 # Taxonomy picker error resolution $txnmToFind = 'Microsoft.SharePoint.Portal.WebControls.TaxonomyPicker,Microsoft.SharePoint.Portal' $txnmReplaceWith = 'Microsoft.SharePoint.Portal.WebControls.TaxonomyPicker,Microsoft.SharePoint.Portal' $txnmFile = "$env:SystemVolume\Program Files\common files\microsoft shared\web server extensions\14\template\controltemplates\TaxonomyPicker.ascx" $txnm = Get-Content $txnmFile $i = 0 while (($i -lt $txnm.Count) -and (-not $txnm[$i].Contains($txnmToFind))) { $i ++ } if ($i -lt $txnm.Count) { $txnm[$i] = $txnm[$i].Replace($txnmToFind, $txnmReplaceWith) } Copy-Item $txnmFile "$txnmFile.bak" $txnm | Set-Content $txnmFile