Downloads:

947

Downloads of v 1.1.8-alpha1:

86

Last Update:

6/21/2018

Package Maintainer(s):

Software Author(s):

  • DarwinJS

Tags:

undo-winrmconfig-during-shutdown winrm packer admin

undo-winrmconfig-during-shutdown (Install)

This is a prerelease version of undo-winrmconfig-during-shutdown (Install).

1.1.8-alpha1 | Updated: 6/21/2018

Downloads:

947

Downloads of v 1.1.8-alpha1:

86

Maintainer(s):

Software Author(s):

  • DarwinJS

undo-winrmconfig-during-shutdown (Install) 1.1.8-alpha1

This is a prerelease version of undo-winrmconfig-during-shutdown (Install).

Some Checks Have Failed or Are Not Yet Complete

1 Test Failing and 1 Passing Test


Validation Testing Failed


Verification Testing Passed

Details

To install undo-winrmconfig-during-shutdown (Install), run the following command from the command line or from PowerShell:

>

To upgrade undo-winrmconfig-during-shutdown (Install), run the following command from the command line or from PowerShell:

>

To uninstall undo-winrmconfig-during-shutdown (Install), run the following command from the command line or from PowerShell:

>

NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://chocolatey.org/api/v2. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Enter your internal repository url

(this should look similar to https://chocolatey.org/api/v2)

4. Choose your deployment method:


choco upgrade undo-winrmconfig-during-shutdown -y --source="'STEP 3 URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:


choco upgrade undo-winrmconfig-during-shutdown -y --source="'STEP 3 URL'" 
$exitCode = $LASTEXITCODE

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0
}

Exit $exitCode

- name: Ensure undo-winrmconfig-during-shutdown installed
  win_chocolatey:
    name: undo-winrmconfig-during-shutdown
    state: present
    version: 1.1.8-alpha1
    source: STEP 3 URL

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.

Coming early 2020! Central Managment Reporting available now! More information...


chocolatey_package 'undo-winrmconfig-during-shutdown' do
  action    :install
  version  '1.1.8-alpha1'
  source   'STEP 3 URL'
end

See docs at https://docs.chef.io/resource_chocolatey_package.html.


Chocolatey::Ensure-Package
(
    Name: undo-winrmconfig-during-shutdown,
    Version: 1.1.8-alpha1,
    Source: STEP 3 URL
);

Requires Otter Chocolatey Extension. See docs at https://inedo.com/den/otter/chocolatey.


cChocoPackageInstaller undo-winrmconfig-during-shutdown
{
   Name     = 'undo-winrmconfig-during-shutdown'
   Ensure   = 'Present'
   Version  = '1.1.8-alpha1'
   Source   = 'STEP 3 URL'
}

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.


package { 'undo-winrmconfig-during-shutdown':
  provider => 'chocolatey',
  ensure   => '1.1.8-alpha1',
  source   => 'STEP 3 URL',
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.


salt '*' chocolatey.install undo-winrmconfig-during-shutdown version="1.1.8-alpha1" source="STEP 3 URL"

See docs at https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html.

5. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

This package is exempt from moderation. While it is likely safe for you, there is more risk involved.
Description

Disable winrm through a self-deleting shutdown task.
Many windows remote orchestration tools (e.g. Packer) instruct you to completely open up winrm permissions in a way that is not safe for production.
Usually there is no built in method nor instruction on how to re-secure it or shut it back down.
The assumption most likely being that you would handle proper winrm re-configuration as a part of production deployment.
This is not a least privileged approach - depending on how big your company is and how widely your hypervisor templates are used - this is a disaster waiting to happen. So I feel leaving it in a disabled state by default is the far safer option.
To complicate things, if you attempt to secure winrm or shut it down as your last step in orchestration you slam the door on the orchestration system and it marks the attempt as a failure.
Due to imprecise timing, start up tasks that disable winrm could conflict with a subsequent attempt to re-enable it on the next boot for final configuration steps (especially if you are building a hypervisor template).
This self-deleting shutdown task performs the disable on the first shutdown and deletes itself.
If a system shutsdown extremely quickly there is some risk that the shutdown job would not be deleted - but in testing on AWS (very fast shutdown), there have not been an observed problems.


tools\chocolateyinstall.ps1

$ErrorActionPreference = 'Stop';
$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$packageName   = $env:ChocolateyPackageName
$ScriptToRun = "$toolsDir\Undo-WinRMConfig.ps1"

$pp = Get-PackageParameters

$RunImmediatelyValue = $False
if ($pp.RunImmediately) {
  Write-Host "/RunImmediately was used, will run WinRM undo and exit..."
  Start-ChocolateyProcessAsAdmin "& `'$ScriptToRun`' -RunImmediately"
}
else 
{
  Start-ChocolateyProcessAsAdmin "& `'$ScriptToRun`'"  
}
tools\chocolateyuninstall.ps1

$ErrorActionPreference = 'Stop';
$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$packageName   = $env:ChocolateyPackageName
$ScriptToRun = "$toolsDir\Undo-WinRMConfig.ps1"

Start-ChocolateyProcessAsAdmin "& `'$ScriptToRun`' -RemoveShutdownScriptSetup"
tools\readme.md

# Undo-WinRMConfig Documentation

- [Undo-WinRMConfig Documentation](#undo-winrmconfig-documentation)
- [Community Testing Help Needed!](#community-testing-help-needed)
- [The Important Security Problem](#the-important-security-problem)
- [This Solution](#this-solution)
- [This Code Implementation](#this-code-implementation)
- [The Disclaimers](#the-disclaimers)
- [Ways to Run It](#ways-to-run-it)
    - [Direct Run From GitHub](#direct-run-from-github)
        - [Run Undo Process At Shutdown (default)](#run-undo-process-at-shutdown-default)
        - [Run Immediately (Careful!)](#run-immediately-careful)
        - [Remove Shutdown Job Before It Runs](#remove-shutdown-job-before-it-runs)
    - [Place On Image Template Without Running](#place-on-image-template-without-running)
    - [Chocolatey Package](#chocolatey-package)
        - [Run At Shutdown (default)](#run-at-shutdown-default)
        - [Run Immediately (Careful!)](#run-immediately-careful)
        - [Remove Shutdown Job Before It Runs](#remove-shutdown-job-before-it-runs)
# Community Testing Help Needed!
It is not possible for me to test all OS versions and PowerShell versions running directly and via Chocolatey.  Thinking community members could pick scenarios relevant to them.  Below are some of the desirable tests.  Problems reports should be submitted to: https://github.com/DarwinJS/CloudyWindowsAutomationCode/issues

Tests for each below scenario:
* "does it execute at all" but also 
* "does it effectively undo WinRM configuration (not disable)" and  
* "Can WinRm be rconfigured again with **conventional instructions** after this has run"

Script Functionality:
* (Default) Run and setup shutdown job (choco install)
* Run immediately to Undo WinRM Configuration (don't run over remoting) (choco install -params '"/RunImmediately"' )
* -RemoveShutdownScriptConfig (Choco Uninstall) - removes shutdown job before it runs (it self deletes during actual operation)

Run Scope:
* Run Over Remoting (Choco / non-choco)
* Run Under System Account (choco / non-choco)
* Run under a system account service (choco / non-choco)

OS / PowerShell Scope:
* Windows 7 / 2008 R2, Windows 8.1 / 2012 R2, Windows 10 / 2016

# The Important Security Problem
Many windows remote orchestration tools (e.g. Packer) instruct you to open up winrm permissions in a way that is not safe for (nor intended for) use in production.  (e.g. https://www.packer.io/docs/builders/ncloud.html#sample-code-of-template-json)  Generally there is no guidance on how to re-secure it nor even a reminder to do so.  The assumption most likely being that you would handle proper winrm re-configuration as a part of provisioning the machine - but in many organizations systems preparation may be the only use of WinRM - so it is forgotten.  Or maybe whatever you use to re-configure it does not actively manage one of the permissive settings used during machine provisioning.

Sysprep does not revert WinRM configuration to a pristine state and I checked with Microsoft and there is not an API call to revert to pristine either.

Keep in mind that disabling WinRM is not the goal - but rather returning it to a pristine state (or as close as possible).  This allows it to be reconfigured using conventional instructions - including the possibility that subsequent system preparation automation (like packer) will be used to prepare a new template image based on a previously prepared image template.

Leaving WinRM in this state is not a least privileged approach for several reasons: 

- sysprep does not automatically deconfigure WinRM.
- it is not secure at rest nor by default once booted.
- it is unlikely the next user of the image template would think that WinRM has been preconfigured with permissive settings and that they would need to deal with it.
- frequently images used for testing are not joined to a domain, so even if these settings are handled by a GPO in production environments - not all uses of the image template will necessarily have the benefit of such a GPO configuration.

Depending on how big your company is and how widely your hypervisor templates are used - this is a disaster waiting to happen.  So I feel leaving it in a disabled state by default is the far safer option.

# This Solution
This self-deleting shutdown task performs the disable on the first shutdown and deletes itself.  It can also run immediately - which only works if you are not using WinRM to run it.

# This Code Implementation
The goal of this code is NOT to disable WinRM, but to set WinRM configuration back to as close to pristine as possible so that it can be reconfigured as necessary.
At first glance, the code will appear a bit over complex, but that complexity has some rationale behind it:
1. If you attempt to revert WinRM configuration as your last step in automation that is using WinRM to access the machine - you slam the door on your own fingers and the automation will most likely exit with an error.  This is the exact scenario for Packer.
2. Due to imprecise timing, **startup** tasks that disable winrm could conflict with a subsequent attempt to re-enable it on the next boot for final configuration steps.
3. Setting up a shutdown script requires some manipulation of GPO files and registry keys.  To ensure appropriate security permissions no matter what user it used to execute this code, the setup is done via a scheduled job.
4. Since this implementation merely stages the undo to happen at shutdown - the code can run at any point during before the very last shutdown - it does not have to run last (though at the point you run it, you should not need anymore reboots with winrm enabled to finish configuration)

If you have the luxury of running this code locally on the build machine without using WinRM, then you can use the "RunImmediately" switch to skip the above convolutions.

FYI: If a system shuts down extremely quickly there is some risk that the shutdown job would not be deleted - but in testing on AWS (very fast shutdown), there have not been an observed problems.

# The Disclaimers
This code was engineered by reversing the commands required to configure winrm to be used for system preparation by Packer.  In that regard it results in returning WinRM configuration to a state similar to, but quite possibly not identical to pristine defaults.

If your WinRM configuration process involves configuring additional items, the reversal of those settings may need to be added to this script.  You could create a customized copy or submit an issue or PR against this script.

This code was engineered and tested on Server 2012 R2 / PowerShell 4 - it is unknown how well it works for earlier versions.
# Ways to Run It

## Direct Run From GitHub

### Run Undo Process At Shutdown (default)
    Invoke-Expression (invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/master/Undo-WinRMConfig.ps1')

### Run Immediately (Careful!)
**Caution:** If you run this command while remoting in, you will slam the remoting connection closed and have a non-zero exit code - does not work with packer.
    
    Invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/master/Undo-WinRMConfig.ps1' -outfile $env:public\Undo-WinRMConfig.ps1 ; & $env:public\Undo-WinRMConfig.ps1 -RunImmediately

### Remove Shutdown Job Before It Runs
    
    Invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/master/Undo-WinRMConfig.ps1' -outfile $env:public\Undo-WinRMConfig.ps1 ; & $env:public\Undo-WinRMConfig.ps1 -RemoveShutdownScriptConfig

## Place On Image Template Without Running
    Invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/master/Undo-WinRMConfig.ps1' -outfile $env:public\Undo-WinRMConfig.ps1

## Chocolatey Package

**ATTENTION: While this code is in the community feedback phase, I have it on a test feed.  It will be available via chocolatey.org when the code is finalized**

### Run At Shutdown (default)
    choco install undo-winrmconfig-at-shutdown -confirm -source https://www.myget.org/F/chocotesting/api/v2/

### Run Immediately (Careful!)
**Caution:** If you run this command while remoting in, you will slam the remoting connection closed and have a non-zero exit code.

    choco install undo-winrmconfig-at-shutdown -confirm -params '"/RunImmediately"' -source https://www.myget.org/F/chocotesting/api/v2/

### Remove Shutdown Job Before It Runs
    
    choco uninstall undo-winrmconfig-at-shutdown -confirm
    
tools\Undo-WinRMConfig.ps1
<#
.SYNOPSIS
  Initializes (full read of all bytes) AWS EBS volumes using FIO (File IO Utility).
  See this post for full details on why this code is helpful: https://cloudywindows.io/winrm-for-provisioning---close-the-door-when-you-are-done-eh/
.DESCRIPTION
  CloudyWindows.io DevOps Automation: https://github.com/DarwinJS/CloudyWindowsAutomationCode
  Why and How Blog Post: https://cloudywindows.io/winrm-for-provisioning---close-the-door-when-you-are-done-eh/
  Invoke-Expression (invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/blob/master/Undo-WinRMConfig/Undo-WinRMConfig.ps1')
  Invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/blob/master/Undo-WinRMConfig/Undo-WinRMConfig.ps1' -outfile $env:public\Undo-WinRMConfig.ps1 ; & $env:public\Undo-WinRMConfig.ps1 -immediately
  Contributing New Undo Profiles: https://github.com/DarwinJS/Undo-WinRMConfig/blob/master/readme.md

  Disclaimer - this code was engineered and tested on Server 2012 R2 and Server 2016.

  Many windows remote orchestration tools (e.g. Packer) instruct you to completely open up winrm permissions in a way that is not safe for production.
  Usually there is no built in method nor instruction on how to re-secure it or shut it back down.
  The assumption most likely being that you would handle proper configuration as a part of production deployment.
  This is not a least privileged approach - depending on how big your company is and how widely your hypervisor templates are used - this is a disaster waiting to happen.  So I feel leaving it in a disabled state by default is the far safer option.
  To complicate things, if you attempt to secure winrm or shut it down as your last step in orchestration you slam the door on the orchestration system and it marks the attempt as a failure.
  Due to imprecise timing, start up tasks that disable winrm could conflict with a subsequent attempt to re-enable it on the next boot for final configuration steps (especially if you are building a hypervisor template).
  This self-deleting shutdown task performs the disable on the first shutdown and deletes itself.
  If a system shutsdown extremely quickly there is some risk that the shutdown job would not be deleted - but in testing on AWS (very fast shutdown), there have not been an observed problems.
  Updates and more information on ways to use this script are here: https://github.com/DarwinJS/CloudyWindowsAutomationCode/blob/master/Undo-WinRMConfig/readme.md
.COMPONENT
   CloudyWindows.io
.ROLE
  Provisioning Automation
.PARAMETER RunImmediately
  Specifies list of semi-colon seperated number ids of local Devices to initialize.  Devices appear in HKLM:SYSTEM\CurrentControlSet\Services\disk\Enum.
.PARAMETER RemoveShutdownScriptConfig
  Cancels running the script at the next shutdown by removing the shutdown configuration and files
.PARAMETER Version
  Emits the version and exits.
.EXAMPLE
  Invoke-Expression (invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/blob/master/Undo-WinRMConfig/Undo-WinRMConfig.ps1')
  
  Run directly from github with no parameters - sets up shutdown script to reseal winRM.
.EXAMPLE
  Invoke-webrequest -uri 'https://raw.githubusercontent.com/DarwinJS/Undo-WinRMConfig/blob/master/Undo-WinRMConfig/Undo-WinRMConfig.ps1' -outfile $env:public\Undo-WinRMConfig.ps1 ; & $env:public\Undo-WinRMConfig.ps1 -immediately

  Download dynamically from github and run immediately.
#>
Param (
  [switch]$RunImmediately,
  [switch]$RemoveShutdownScriptConfig,
  [switch]$Version
)

$ThisScriptVersion = '1.1.8'

If ($version)
{  
  Write-Host "$ThisScriptVersion"
  Exit 0
}

Function Setup-Undo {

  Write-Host "`r`n`r`nUndo-WinRMConfig Version $ThisScriptVersion`r`n`r`n"

  #This has to work for Win7 (no get-ciminstance) and Nano (no get-wmiobject) - each of which specially construct win32_operatingsystem.version to handle before and after Windows 10 version numbers (which are in different registry keys)
  If ($psversiontable.psversion.major -lt 3)
  { $OSMajorMinorVersionString = @(([version](Get-WMIObject Win32_OperatingSystem).version).major,([version](Get-WMIObject Win32_OperatingSystem).version).minor) -join '.' }
  Else 
  { $OSMajorMinorVersionString = @(([version](Get-CIMInstance Win32_OperatingSystem).version).major,([version](Get-CIMInstance Win32_OperatingSystem).version).minor) -join '.' }

  If (!(Test-Path "variable:Pristine-WSMan-${OSMajorMinorVersionString}.reg"))
  { 
    Throw "Undo-WinRMConfig does not have Pristine WSMan .REG file for your OS version $OSMajorMinorVersionString, if you would like to create and contribute one, please see: "
    Exit 5
  }

  #Build the undo script based on parameters
  [string]$UndoWinRMScript = @'

  If (!$PSScriptRoot) {$PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent}

  #This has to work for Win7 (no get-ciminstance) and Nano (no get-wmiobject) - each of which specially construct win32_operatingsystem.version to handle before and after Windows 10 version numbers (which are in different registry keys)
  If ($psversiontable.psversion.major -lt 3)
  { $OSMajorMinorVersionString = @(([version](Get-WMIObject Win32_OperatingSystem).version).major,([version](Get-WMIObject Win32_OperatingSystem).version).minor) -join '.' }
  Else 
  { $OSMajorMinorVersionString = @(([version](Get-CIMInstance Win32_OperatingSystem).version).major,([version](Get-CIMInstance Win32_OperatingSystem).version).minor) -join '.' }

  Write-Host "Disabling all Enabled Firewall rules that address port 5985 or 5896 directly"
  $EnabledInboundRMPorts = @(New-object -comObject HNetCfg.FwPolicy2).rules | where-object {($_.LocalPorts -ilike '*5985*') -AND ($_.Enabled -ilike 'True')}
  $EnabledInboundRMPorts += @(New-object -comObject HNetCfg.FwPolicy2).rules | where-object {($_.LocalPorts -ilike '*5986*') -AND ($_.Enabled -ilike 'True')}

  ForEach ($FirewallRuleName in $EnabledInboundRMPorts)
  {
    Write-Host "Disabling firewall rule that addresses remoting: `"$($FirewallRuleName.Name)`""
    netsh advfirewall firewall set rule name="$($FirewallRuleName.Name)" new enable=No
  }

  Write-Host "Undoing changes for Enable-PSRemoting, Enable-WSManCredSSP and winrm configuration commands"

  Write-Host "Remove LocalAccountTokenFilterPolicy added by winrm configuration"
  #This key is symlinked into "Wow6432Node" - both locations are handled by one delete
  $regkeypath ='HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system'
  If (!((Get-ItemProperty $regkeypath).LocalAccountTokenFilterPolicy -eq $null)) 
  {Remove-ItemProperty -path $regkeypath -name LocalAccountTokenFilterPolicy}

  Write-Host "Enable-PSRemoting changes will be removed by undoing WSMAN changes"
  Write-Host "Enable-WSManCredSSP client or server changes will be removed by undoing WSMAN changes"

  #Remove WSMAN Key before importing pristine .REG
  Remove-Item 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN' -Recurse -Force

  ForEach ($File in (Get-ChildItem "$PSScriptRoot\*${OSMajorMinorVersionString}.reg" | sort-object Name))
  {
    Write-Host "Importing $OSMajorMinorVersionString\$($File.name)"
    reg.exe import "$($File.fullname)"
  }
'@

  If ($RunImmediately)
  {
    Write-Output 'Undoing WinRM Config Right Now (do NOT execute this over remoting or this code will not complete)...'  
    Invoke-Command -ScriptBlock [Scriptblock]::Create($UndoWinRMScript)
    exit 0
  }
  else 
  {
    Write-Output 'Undoing WinRM Config On Next Shutdown'
  }

  #Write a file and call it in a machine shutdown script
  $psScriptsFile = "$env:windir\System32\GroupPolicy\Machine\Scripts\psscripts.ini"
  $Key1 = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0'
  $Key2 = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0'
  $keys = @($key1,$key2)
  $scriptpath = "$env:windir\System32\GroupPolicy\Machine\Scripts\Shutdown\Undo-WinRMConfig.ps1"
  $scriptfilename = (Split-Path -leaf $scriptpath)
  $ScriptFolder = (Split-Path -parent $scriptpath)
  $FileContents = Get-Variable -name "Pristine-WSMan-${OSMajorMinorVersionString}.reg" -ValueOnly
  Set-Content -Path "$ScriptFolder\Pristine-WSMan-${OSMajorMinorVersionString}.reg" -Value $FileContents

  $selfdeletescript = @"
  Start-Sleep -milliseconds 500
  Remove-Item -Path "$key1" -Force -Recurse -ErrorAction SilentlyContinue
  Remove-Item -Path "$key2" -Force -Recurse -ErrorAction SilentlyContinue
  Remove-Item -Path $scriptpath -Force  -ErrorAction SilentlyContinue
  Get-ChildItem "$env:windir\System32\GroupPolicy\Machine\Scripts\Shutdown\*${OSMajorMinorVersionString}.reg" | remove-item -force
  If (Test-Path $psScriptsFile)
  {
    (Get-Content "$psScriptsFile") -replace '0CmdLine=$scriptfilename', '' | Set-Content "$psScriptsFile"
    (Get-Content "$psScriptsFile") -replace '0Parameters=', '' | Set-Content "$psScriptsFile"
  }
"@

  $selfdeletescript =[Scriptblock]::Create($selfdeletescript)

  If ($RemoveShutdownScriptConfig)
  {
    Write-Host "Removing previously setup shutdown script"
    Invoke-Command -ScriptBlock $selfdeletescript
    exit $?
  }

  #Add the cleanup script block as a scheduled job executed immediately at the end of the shutdown script (if we aren't running immediately)
  $UndoWinRMScript += "Register-ScheduledJob -Name CleanUpWinRM -RunNow -ScheduledJobOption @{RunElevated=$True;ShowInTaskScheduler=$True;RunWithoutNetwork=$True} -ScriptBlock $selfdeletescript"

  Write-Host "Creating $scriptpath, with the following contents:"
  Write-Host '*******************'
  Write-Host "$UndoWinRMScript"
  Write-Host '*******************`r`n`r`n'
  If (!(Test-Path $ScriptFolder)) {New-Item $ScriptFolder -type Directory -force | Out-null}
  Set-Content -path $scriptpath -value $UndoWinRMScript

  Foreach ($Key in $keys)
  {
    Write-Host "Creating $Key"
    New-Item -Path $key -Force | out-null
    New-ItemProperty -Path $key -Name GPO-ID -Value LocalGPO -Force | out-null
    New-ItemProperty -Path $key -Name SOM-ID -Value Local -Force | out-null
    New-ItemProperty -Path $key -Name FileSysPath -Value "$env:windir\System32\GroupPolicy\Machine" -Force | out-null
    New-ItemProperty -Path $key -Name DisplayName -Value "Local Group Policy" -Force | out-null
    New-ItemProperty -Path $key -Name GPOName -Value "Local Group Policy" -Force | out-null
    New-ItemProperty -Path $key -Name PSScriptOrder -Value 1 -PropertyType "DWord" -Force | out-null

    $key = "$key\0"
    New-Item -Path $key -Force | out-null
    New-ItemProperty -Path $key -Name "Script" -Value $scriptfilename -Force | out-null
    New-ItemProperty -Path $key -Name "Parameters" -Value $parameters -Force | out-null
    New-ItemProperty -Path $key -Name "IsPowershell" -Value 1 -PropertyType "DWord" -Force | out-null
    New-ItemProperty -Path $key -Name "ExecTime" -Value 0 -PropertyType "QWord" -Force | out-null
  }

  Write-Host "Updating $psScriptsFile"
  If (!(Test-Path $psScriptsFile)) {New-Item $psScriptsFile -type file -force}
  "[Shutdown]" | Out-File $psScriptsFile
  "0CmdLine=$scriptfilename" | Out-File $psScriptsFile -Append
  "0Parameters=$parameters" | Out-File $psScriptsFile -Append

  Write-Host "`r`n`r`nUndo-WinRMConfig (v${ThisScriptVersion}) is staged to run at next shutdown.  To unstage, run 'Undo-WinRMConfig -RemoveShutdownScriptConfig'"
}

${Pristine-WSMan-10.0.reg} = @'
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN]
"ServiceStackVersion"="3.0"
"StackVersion"="2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\AutoRestartList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener\*+HTTP]
"Port"=dword:00001761
"uriprefix"="wsman"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Event Forwarding Plugin]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"Event Forwarding Plugin\" Filename=\"C:\\Windows\\system32\\wevtfwd.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" ><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;ER)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Subscribe\" SupportsFiltering=\"true\" /></Resource></Resources><Quotas MaxConcurrentUsers=\"2147483647\" MaxConcurrentOperationsPerUser=\"2147483647\" MaxConcurrentOperations=\"2147483647\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" Enabled=\"true\" >                 <InitializationParameters>                     <Param Name=\"PSVersion\" Value=\"5.1\"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell\" SupportsOptions=\"true\" ExactMatch=\"true\">                         <Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/>                         <Capability Type=\"Shell\"/>                     </Resource>                 </Resources>   <Quotas MaxMemoryPerShellMB=\"2147483647\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"2147483647\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"2147483647\" MaxConcurrentCommandsPerShell=\"2147483647\" MaxShells=\"2147483647\" MaxShellsPerUser=\"2147483647\"/>             </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell.workflow\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" UseSharedProcess=\"true\" ProcessIdleTimeoutSec=\"1209600\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\"     Enabled=\"true\" >                 <InitializationParameters>                     <Param Name=\"PSVersion\" Value=\"5.1\"/>                     <Param Name=\"AssemblyName\" Value=\"Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL\"/>                     <Param Name=\"PSSessionConfigurationTypeName\" Value=\"Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration\"/>                     <Param Name=\"SessionConfigurationData\"                          Value=\"                             &lt;SessionConfigurationData&gt;                                 &lt;Param Name=&quot;ModulesToImport&quot; Value=&quot;%windir%\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow&quot;/&gt;                                 &lt;Param Name=&quot;PrivateData&quot;&gt;                                     &lt;PrivateData&gt;                                         &lt;Param Name=&quot;enablevalidation&quot; Value=&quot;true&quot; /&gt;                                     &lt;/PrivateData&gt;                                 &lt;/Param&gt;                             &lt;/SessionConfigurationData&gt;                         \"                     />                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell.workflow\" SupportsOptions=\"true\" ExactMatch=\"true\">                         <Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell.workflow\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/>                         <Capability Type=\"Shell\"/>                     </Resource>                 </Resources>     <Quotas MaxMemoryPerShellMB=\"2147483647\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"2147483647\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"2147483647\" MaxConcurrentCommandsPerShell=\"2147483647\" MaxShells=\"2147483647\" MaxShellsPerUser=\"2147483647\"/>             </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell32\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" Architecture=\"32\" Enabled=\"true\" >                         <InitializationParameters>                             <Param Name=\"PSVersion\" Value=\"5.1\"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell32\" SupportsOptions=\"true\" ExactMatch=\"true\">                                 <Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell32\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/>                                 <Capability Type=\"Shell\"/>                             </Resource>                         </Resources>    <Quotas MaxMemoryPerShellMB=\"2147483647\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"2147483647\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"2147483647\" MaxConcurrentCommandsPerShell=\"2147483647\" MaxShells=\"2147483647\" MaxShellsPerUser=\"2147483647\"/>                     </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.Windows.ServerManagerWorkflows]
"ConfigXML"="                     <PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.windows.servermanagerworkflows\" Filename=\"C:\\Windows\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" UseSharedProcess=\"true\" Enabled=\"true\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\"  >                         <InitializationParameters>                             <Param Name=\"PSVersion\" Value=\"3.0\"/>                             <Param Name=\"AssemblyName\" Value=\"Microsoft.Windows.ServerManager.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL\"/>                             <Param Name=\"PSSessionConfigurationTypeName\" Value=\"Microsoft.Windows.ServerManager.Common.Workflow.WorkflowSessionConfiguration\"/>                             <Param Name=\"SessionConfigurationData\"                                 Value=\"                                     &lt;SessionConfigurationData&gt;                                         &lt;Param Name=&quot;ModulesToImport&quot; Value=&quot;C:\\Windows\\\\system32\\\\ServerManagerInternal,C:\\Windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\Modules\\\\PSWorkflow&quot; /&gt;                                         &lt;Param Name=&quot;PrivateData&quot;&gt;                                             &lt;PrivateData&gt;                                                 &lt;Param Name=&quot;allowedactivity&quot; Value=&quot;*&quot; /&gt;                                                 &lt;Param Name=&quot;outofprocessactivity&quot; Value=&quot;&quot; /&gt;                                             &lt;/PrivateData&gt;                                         &lt;/Param&gt;                                     &lt;/SessionConfigurationData&gt;                                 \"                             />                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.windows.servermanagerworkflows\" SupportsOptions=\"true\" ExactMatch=\"true\">                                 <Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.windows.servermanagerworkflows\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/>                                 <Capability Type=\"Shell\"/>                             </Resource>                         </Resources>                         <Quotas MaxIdleTimeoutms=\"180000\" IdleTimeoutms=\"180000\" MaxConcurrentUsers=\"5\" MaxMemoryPerShellMB=\"2000\" MaxShells=\"100\" MaxProcessesPerShell=\"45\" MaxShellsPerUser=\"25\" MaxConcurrentCommandsPerShell=\"5000\"/>                     </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\SEL Plugin]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"SEL Plugin\" Filename=\"C:\\Windows\\system32\\wsmselpl.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" > <Resources> <Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/logrecord/sel\" SupportsOptions=\"true\" > <Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\" /> <Capability Type=\"Subscribe\" /> </Resource> </Resources> <Quotas MaxConcurrentUsers=\"2147483647\" MaxConcurrentOperationsPerUser=\"2147483647\" MaxConcurrentOperations=\"2147483647\"/> </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\WMI Provider]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"WMI Provider\" Filename=\"C:\\Windows\\system32\\WsmWmiPl.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" ><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/wmi\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Identify\" /><Capability Type=\"Get\" SupportsFragment=\"true\" /><Capability Type=\"Put\" SupportsFragment=\"true\" /><Capability Type=\"Invoke\" /><Capability Type=\"Create\" /><Capability Type=\"Delete\" /><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/><Capability Type=\"Subscribe\" SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Get\" SupportsFragment=\"true\" /><Capability Type=\"Put\" SupportsFragment=\"true\" /><Capability Type=\"Invoke\" /><Capability Type=\"Create\" /><Capability Type=\"Delete\" /><Capability Type=\"Enumerate\"/><Capability Type=\"Subscribe\" SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/wscim/1/*\" SupportsOptions=\"true\" ExactMatch=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/><Capability Type=\"Subscribe\"SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/cim-xml/2/cim-schema/2/*\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Get\" SupportsFragment=\"false\"/><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/></Resource></Resources><Quotas MaxConcurrentUsers=\"2147483647\" MaxConcurrentOperationsPerUser=\"2147483647\" MaxConcurrentOperations=\"2147483647\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\SafeClientList]
"WSManSafeClientList"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service]
"allow_remote_requests"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell]

'@

${Pristine-WSMan-6.3.reg} = @'
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN]
"StackVersion"="2.0"
"ServiceStackVersion"="3.0"
"WtrPresent"=dword:00000000
"UpdatedConfig"="E6F6821F-51CC-4FEC-8E46-40C75C0CAD27"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\AutoRestartList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener\*+HTTP]
"hostname"=""
"uriprefix"="wsman"
"certThumbprint"=""
"Port"=dword:00001761
"enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Event Forwarding Plugin]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"Event Forwarding Plugin\" Filename=\"C:\\Windows\\system32\\wevtfwd.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" ><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;ER)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Subscribe\" SupportsFiltering=\"true\" /></Resource></Resources><Quotas MaxConcurrentUsers=\"100\" MaxConcurrentOperationsPerUser=\"15\" MaxConcurrentOperations=\"1500\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" Enabled=\"true\" Architecture=\"64\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" RunAsVirtualAccount=\"false\" RunAsVirtualAccountGroups=\"\" AutoRestart=\"false\" OutputBufferingMode=\"Block\"><InitializationParameters><Param Name=\"PSVersion\" Value=\"5.0\"/></InitializationParameters><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/><Capability Type=\"Shell\"/></Resource></Resources><Quotas MaxMemoryPerShellMB=\"1024\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"5\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"15\" MaxConcurrentCommandsPerShell=\"1000\" MaxShells=\"25\" MaxShellsPerUser=\"25\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell.workflow\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" UseSharedProcess=\"true\" ProcessIdleTimeoutSec=\"1209600\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" Architecture=\"64\" RunAsVirtualAccount=\"false\" RunAsVirtualAccountGroups=\"\" OutputBufferingMode=\"Block\"><InitializationParameters><Param Name=\"PSVersion\" Value=\"5.0\"/><Param Name=\"AssemblyName\" Value=\"Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL\"/><Param Name=\"PSSessionConfigurationTypeName\" Value=\"Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration\"/><Param Name=\"SessionConfigurationData\" Value=\"                             &lt;SessionConfigurationData&gt;                                 &lt;Param Name=&quot;ModulesToImport&quot; Value=&quot;%windir%\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow&quot;/&gt;                                 &lt;Param Name=&quot;PrivateData&quot;&gt;                                     &lt;PrivateData&gt;                                         &lt;Param Name=&quot;enablevalidation&quot; Value=&quot;true&quot; /&gt;                                     &lt;/PrivateData&gt;                                 &lt;/Param&gt;                             &lt;/SessionConfigurationData&gt;                         \"/></InitializationParameters><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell.workflow\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell.workflow\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/><Capability Type=\"Shell\"/></Resource></Resources><Quotas MaxMemoryPerShellMB=\"1024\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"5\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"15\" MaxConcurrentCommandsPerShell=\"1000\" MaxShells=\"25\" MaxShellsPerUser=\"25\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.powershell32\" Filename=\"%windir%\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" Architecture=\"32\" Enabled=\"true\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" RunAsVirtualAccount=\"false\" RunAsVirtualAccountGroups=\"\" AutoRestart=\"false\" OutputBufferingMode=\"Block\"><InitializationParameters><Param Name=\"PSVersion\" Value=\"5.0\"/></InitializationParameters><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.powershell32\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.powershell32\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/><Capability Type=\"Shell\"/></Resource></Resources><Quotas MaxMemoryPerShellMB=\"1024\" MaxIdleTimeoutms=\"2147483647\" MaxConcurrentUsers=\"5\" IdleTimeoutms=\"7200000\" MaxProcessesPerShell=\"15\" MaxConcurrentCommandsPerShell=\"1000\" MaxShells=\"25\" MaxShellsPerUser=\"25\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.Windows.ServerManagerWorkflows]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"microsoft.windows.servermanagerworkflows\" Filename=\"C:\\Windows\\system32\\pwrshplugin.dll\" SDKVersion=\"2\" XmlRenderingType=\"text\" UseSharedProcess=\"true\" Enabled=\"true\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Architecture=\"64\" ProcessIdleTimeoutSec=\"0\" RunAsVirtualAccount=\"false\" RunAsVirtualAccountGroups=\"\" OutputBufferingMode=\"Block\"><InitializationParameters><Param Name=\"PSVersion\" Value=\"3.0\"/><Param Name=\"AssemblyName\" Value=\"Microsoft.Windows.ServerManager.Common, Version=6.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL\"/><Param Name=\"PSSessionConfigurationTypeName\" Value=\"Microsoft.Windows.ServerManager.Common.Workflow.WorkflowSessionConfiguration\"/><Param Name=\"SessionConfigurationData\" Value=\"                                     &lt;SessionConfigurationData&gt;                                         &lt;Param Name=&quot;ModulesToImport&quot; Value=&quot;C:\\Windows\\\\system32\\\\ServerManagerInternal,C:\\Windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\Modules\\\\PSWorkflow&quot; /&gt;                                         &lt;Param Name=&quot;PrivateData&quot;&gt;                                             &lt;PrivateData&gt;                                                 &lt;Param Name=&quot;allowedactivity&quot; Value=&quot;*&quot; /&gt;                                                 &lt;Param Name=&quot;outofprocessactivity&quot; Value=&quot;&quot; /&gt;                                             &lt;/PrivateData&gt;                                         &lt;/Param&gt;                                     &lt;/SessionConfigurationData&gt;                                 \"/></InitializationParameters><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/powershell/microsoft.windows.servermanagerworkflows\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Uri=\"http://schemas.microsoft.com/powershell/microsoft.windows.servermanagerworkflows\" ExactMatch=\"true\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\"/><Capability Type=\"Shell\"/></Resource></Resources><Quotas MaxIdleTimeoutms=\"180000\" IdleTimeoutms=\"180000\" MaxConcurrentUsers=\"5\" MaxMemoryPerShellMB=\"2000\" MaxShells=\"100\" MaxProcessesPerShell=\"45\" MaxShellsPerUser=\"25\" MaxConcurrentCommandsPerShell=\"5000\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\SEL Plugin]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"SEL Plugin\" Filename=\"C:\\Windows\\system32\\wsmselpl.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" > <Resources> <Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/logrecord/sel\" SupportsOptions=\"true\" > <Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)\" /> <Capability Type=\"Subscribe\" /> </Resource> </Resources> <Quotas MaxConcurrentUsers=\"100\" MaxConcurrentOperationsPerUser=\"15\" MaxConcurrentOperations=\"1500\"/> </PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\WMI Provider]
"ConfigXML"="<PlugInConfiguration xmlns=\"http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration\" Name=\"WMI Provider\" Filename=\"C:\\Windows\\system32\\WsmWmiPl.dll\" SDKVersion=\"1\" XmlRenderingType=\"text\" UseSharedProcess=\"false\" ProcessIdleTimeoutSec=\"0\" RunAsUser=\"\" RunAsPassword=\"\" AutoRestart=\"false\" Enabled=\"true\" OutputBufferingMode=\"Block\" ><Resources><Resource ResourceUri=\"http://schemas.microsoft.com/wbem/wsman/1/wmi\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Identify\" /><Capability Type=\"Get\" SupportsFragment=\"true\" /><Capability Type=\"Put\" SupportsFragment=\"true\" /><Capability Type=\"Invoke\" /><Capability Type=\"Create\" /><Capability Type=\"Delete\" /><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/><Capability Type=\"Subscribe\" SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema\" SupportsOptions=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Get\" SupportsFragment=\"true\" /><Capability Type=\"Put\" SupportsFragment=\"true\" /><Capability Type=\"Invoke\" /><Capability Type=\"Create\" /><Capability Type=\"Delete\" /><Capability Type=\"Enumerate\"/><Capability Type=\"Subscribe\" SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/wscim/1/*\" SupportsOptions=\"true\" ExactMatch=\"true\" ><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/><Capability Type=\"Subscribe\"SupportsFiltering=\"true\"/></Resource><Resource ResourceUri=\"http://schemas.dmtf.org/wbem/cim-xml/2/cim-schema/2/*\" SupportsOptions=\"true\" ExactMatch=\"true\"><Security Uri=\"\" ExactMatch=\"false\" Sddl=\"O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)\" /><Capability Type=\"Get\" SupportsFragment=\"false\"/><Capability Type=\"Enumerate\" SupportsFiltering=\"true\"/></Resource></Resources><Quotas MaxConcurrentUsers=\"100\" MaxConcurrentOperationsPerUser=\"100\" MaxConcurrentOperations=\"1500\"/></PlugInConfiguration>"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\SafeClientList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service]
"allow_remote_requests"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell]

'@

Setup-Undo

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Version Downloads Last Updated Status
undo-winrmconfig-during-shutdown (Install) 1.2.0 637 Wednesday, September 5, 2018 Approved
undo-winrmconfig-during-shutdown (Install) 1.1.9-alpha2 68 Thursday, July 12, 2018 Exempted
undo-winrmconfig-during-shutdown (Install) 1.1.8-alpha2 81 Sunday, June 24, 2018 Exempted
undo-winrmconfig-during-shutdown (Install) 1.1.8-alpha1 86 Thursday, June 21, 2018 Exempted

__REPLACE_OR_REMOVE__MarkDown_Okay

Discussion for the undo-winrmconfig-during-shutdown (Install) Package

Ground Rules:

  • This discussion is only about undo-winrmconfig-during-shutdown (Install) and the undo-winrmconfig-during-shutdown (Install) package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or undo-winrmconfig-during-shutdown (Install), or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus