Add-xRDWeb_ADFSConfig.ps1
|
#Requires -RunAsAdministrator #Requires -Version 5.0 <# .SYNOPSIS Updates RDWeb Portal with ADFS configuration and installs WID Windows Identity Foundation service. .DESCRIPTION Updates RDWeb Portal with ADFS configuration and installs WID Windows Identity Foundation service. Dependencies: Script must be executed on a server with working MS RDWeb portal. .NOTES Version: 1.0.1.3 Author: SecureMfa.com Creation Date: 15/02/2021 Purpose/Change: Release .EXAMPLE Add-xRDWeb_ADFSConfig -RDP_WEBSITE_URL "https://ardswebl01.adatum.labnet/RDWeb/Pages/Default.aspx" -ADFS_ISSUER "https://fqdn/adfs/ls/" -ADFS_SERVICE_IDENTIFIER "http://fqdn/adfs/services/trust" -ADFS_SINGING_CERT_THUMBPRINT "B0F421A6F5E298175CE2369E4237A1FD4A619F82" This command will update RDWeb config with ADFS configuration values in web.config file. #> Function Add-xRDWeb_ADFSConfig { Param ( [Parameter(Mandatory=$false)][string]$RDP_WEBSITE_URL = "https://ardswebl01.adatum.labnet/RDWeb/Pages/Default.aspx", [Parameter(Mandatory=$false)][string]$ADFS_ISSUER = "https://adfs.adatum.labnet/adfs/ls/", [Parameter(Mandatory=$false)][string]$ADFS_SERVICE_IDENTIFIER = "http://adfs.adatum.labnet/adfs/services/trust", [Parameter(Mandatory=$false)][string]$ADFS_SINGING_CERT_THUMBPRINT = "B0F421A6F5E298175CE2369E4237A1FD4A619F82", [Parameter(Mandatory=$false)][string]$RDWebPortalPath = "C:\Windows\Web\RDWeb\Pages", [Parameter(Mandatory=$false)][string]$IISAppPoolName = "RDWebAccess", [Parameter(Mandatory=$false)][Switch]$Force ) if (!$Force) { $message = "Do you want add ADFS config for " + $RDWebPortalPath + "\Web.Config ? NOTE: This action restores default RD Web configuration with ADFS settings. Make sure you have a backup of the existing web.config file if you want to restore existing configuration later."; $question = 'Please confirm?' $choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription] $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes')) $choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No')) $decision_Validation = $Host.UI.PromptForChoice($message, $question, $choices, 0) if ($decision_Validation -eq 1 ) {Write-Host "Web.config update has been cancelled, exiting!" -ForegroundColor Yellow ; break} } try { $Error.Clear() Import-Module WebAdministration if (!(Test-Path $RDWebPortalPath -Type Container) ) { throw "$RDWebPortalPath does not exist" ; break} if(!(Test-Path ("IIS:\AppPools\" + $IISAppPoolName))) { throw "$IISAppPoolName IIS AppPool for RD WEb Server doesn't exsist on a server. Skipping configuration ..." ; break } $RDWebConfigSource = (Join-Path -Path $PSScriptRoot -ChildPath RDWeb.zip) $RDWebConfig = $RDWebPortalPath + '\Web.Config' #Start update #Install WID Windows Identity Foundation 3.5 Install-WindowsFeature Windows-Identity-Foundation #Set WID service to start automaticlly Set-Service -Name C2WTS -startuptype "automatic" #Configure Cryptographic Services Service to start before C2WTS by explicitly adding the following dependency in the service definition & SC.exe config c2wts depend=CryptSvc #Start WID servicer Start-Service -Name C2WTS #Update WID config $config = (Get-Content -path ('C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config') -Raw) $configValue = "<allowedCallers><clear /><add value= `"IIS APPPOOL\RDWebAccess`"/></allowedCallers>" $pattern = "(?s)<allowedCallers>(.*?)</allowedCallers>" $result0 = [regex]::match($config, $pattern).Groups[1].Value $result1 = [regex]::match($configValue, $pattern).Groups[1].Value $config -replace [regex]::Escape($result0), $result1.Replace('$', '$$') | Set-Content -Path ('C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config') #Start WID servicer Stop-Service -Name C2WTS Start-Service -Name C2WTS #Set load user profile to true Set-ItemProperty ("IIS:\AppPools\" + $IISAppPoolName) -Name "processModel.loadUserProfile" -Value "True" #Update RDWeb page properties Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site/RDWeb/Pages' -filter "system.web/authentication/forms" -name "loginUrl" -value "default.aspx" Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site/RDWeb/Pages' -filter "system.web/authentication/forms" -name "defaultUrl" -value "default.aspx" #Extract RDWeb config for ADFS Expand-Archive -LiteralPath $RDWebConfigSource -DestinationPath $RDWebPortalPath -Force #Add RD web site URL (Get-Content -path ($RDWebConfig) -Raw) -replace 'PLACEHOLDERRDPWEBSITEURL', $RDP_WEBSITE_URL| Set-Content -Path ($RDWebConfig) #Add ADFS Issuer endpoint (Get-Content -path ($RDWebConfig) -Raw) -replace 'PLACEHOLDERADFSISSUER', $ADFS_ISSUER| Set-Content -Path ($RDWebConfig) #Add ADFS Identifier (Get-Content -path ($RDWebConfig) -Raw) -replace 'PLACEHOLDERADFSSERVICEIDENTIFIER', $ADFS_SERVICE_IDENTIFIER| Set-Content -Path ($RDWebConfig) #Add ADFS Signing certificate thumbprint (Get-Content -path ($RDWebConfig) -Raw) -replace 'PLACEHOLDERADFSSINGINGCERTTHUMBPRINT', $ADFS_SINGING_CERT_THUMBPRINT| Set-Content -Path ($RDWebConfig) # Complete write-host "ADFS Update of $RDWebPortalPath Web.Config has been complete." -ForegroundColor Green write-host "RDWeb URL: $RDP_WEBSITE_URL" -ForegroundColor Cyan } catch { Write-Host "$($MyInvocation.InvocationName): $_" -ForegroundColor red } } |