helpers/prerequisites.psm1
Function Test-NetStackPrerequisites { param ( [String[]] $Nodes, [IPAddress[]] $IPTarget, [Int32[]] $Stage, [Switch] $EnableFirewallRules ) #region Targets if ($IPTarget) { $Targets = $IPTarget } else { $Targets = $Nodes } $TargetInfo = @() $Targets | ForEach-Object { $thisTarget = $_ $thisPrereqResult = @{} $thisPrereqResult = [PSCustomObject] @{ Name = $thisTarget } $TargetInfo += $thisPrereqResult } $PrereqStatus = @() #endregion Targets #region WinRM and OS $TargetInfo | Add-Member -MemberType NoteProperty -Name 'WinRM' -Value '' -Force $TargetInfo | Add-Member -MemberType NoteProperty -Name 'OSVersion' -Value '' -Force $Targets | ForEach-Object { $thisTarget = $_ if ($EnableFirewallRules) { if ($thisTarget -ne $Env:ComputerName) { $null = Enable-NetFirewallRule -DisplayName 'Windows Remote Management (HTTP-In)' -CimSession $thisTarget -ErrorAction SilentlyContinue } else { $null = Enable-NetFirewallRule -DisplayName 'Windows Remote Management (HTTP-In)' -ErrorAction SilentlyContinue } } if ($thisTarget -ne $Env:ComputerName) { # If $NodeOS -ne $null then we can assume WinRM is successful $NodeOS = Invoke-Command -ComputerName $thisTarget -ErrorAction SilentlyContinue -ScriptBlock { return $([System.Environment]::OSVersion.Version.Build -ge 20279) } if ($NodeOS) { ($TargetInfo | Where-Object Name -eq $thisTarget).WinRM = $true } } else { # Machine is local; no need to test WinRM $NodeOS = [System.Environment]::OSVersion.Version.Build -ge 20279 ($TargetInfo | Where-Object Name -eq $thisTarget).WinRM = $true } ($TargetInfo | Where-Object Name -eq $thisTarget).OSVersion = $NodeOS } $PrereqStatus += $false -notin $TargetInfo.WinRM $PrereqStatus += $false -notin $TargetInfo.OSVersion #endregion WinRM and OS Switch ( $Stage | Sort-Object ) { 1 { $TargetInfo | Add-Member -MemberType NoteProperty -Name 'ICMP' -Value '' -Force $Targets | ForEach-Object { if ($EnableFirewallRules) { if ($thisTarget -ne $Env:ComputerName) { $null = Enable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In-NoScope' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In-NoScope' -CimSession $thisTarget -ErrorAction SilentlyContinue } else { $null = Enable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In' -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In' -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In-NoScope' -ErrorAction SilentlyContinue $null = Enable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In-NoScope' -ErrorAction SilentlyContinue } } $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { $ICMPResult = Test-NetConnection -ComputerName $thisTarget -InformationLevel Quiet ($TargetInfo | Where-Object Name -eq $thisTarget).ICMP = $ICMPResult } else { # Machine is local; no need to test ($TargetInfo | Where-Object Name -eq $thisTarget).ICMP = $true } $PrereqStatus += $false -notin $TargetInfo.ICMP } } 2 { $TargetInfo | Add-Member -MemberType NoteProperty -Name 'Module' -Value '' -Force $TargetInfo | Add-Member -MemberType NoteProperty -Name 'Version' -Value '' -Force $Targets | ForEach-Object { $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { $Module = Invoke-Command -ComputerName $thisTarget -ScriptBlock { Get-Module Test-NetStack -ListAvailable -ErrorAction SilentlyContinue | Select-Object -First 1 } if ($Module) { ($TargetInfo | Where-Object Name -eq $thisTarget).Module = $true ($TargetInfo | Where-Object Name -eq $thisTarget).Version = $Module.Version } else { ($TargetInfo | Where-Object Name -eq $thisTarget).Module = $false } if ($EnableFirewallRules) { $psSession = New-PSSession -ComputerName $thisTarget $ModuleBase = (Get-Module Test-NetStack -PSSession $psSession -ListAvailable).ModuleBase Remove-PSSession -Session $psSession $null = New-NetFirewallRule -CimSession $thisTarget -DisplayName 'Test-NetStack - CTSTraffic' -Direction Inbound -Program "$ModuleBase\tools\CTS-Traffic\ctsTraffic.exe" -Action Allow -ErrorAction SilentlyContinue } } else { # Machine is local; no need to test $Module = Get-Module Test-NetStack -ListAvailable -ErrorAction SilentlyContinue | Select-Object -First 1 if ($Module) { ($TargetInfo | Where-Object Name -eq $thisTarget).Module = $true ($TargetInfo | Where-Object Name -eq $thisTarget).Version = $Module.Version } else { ($TargetInfo | Where-Object Name -eq $thisTarget).Module = $false } if ($EnableFirewallRules) { $ModuleBase = (Get-Module Test-NetStack -ListAvailable | Select-Object -First 1).ModuleBase $null = New-NetFirewallRule -DisplayName 'Test-NetStack - CTSTraffic' -Direction Inbound -Program "$ModuleBase\tools\CTS-Traffic\ctsTraffic.exe" -Action Allow -ErrorAction SilentlyContinue } } } $PrereqStatus += $false -notin $TargetInfo.Module $PrereqStatus += ($TargetInfo.Version | Select-Object -Unique).Count -eq 1 } { $_ -eq 3 -or $_ -eq 4 -or $_ -eq 5 -or $_ -eq 6 } { $Targets | ForEach-Object { $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { if ($EnableFirewallRules) { $null = Enable-NetFirewallRule 'FPSSMBD-iWARP-In-TCP' -CimSession $thisTarget -ErrorAction SilentlyContinue } } else { # Machine is local; no need to test if ($EnableFirewallRules) { $null = Enable-NetFirewallRule 'FPSSMBD-iWARP-In-TCP' -ErrorAction SilentlyContinue } } } } 4 { } 5 { } 6 { } } return $TargetInfo, $PrereqStatus } Function Revoke-FirewallRules { param ( $Targets, [Int32[]] $Stage ) Write-Warning 'WinRM rules with DisplayName "Windows Remote Management (HTTP-In)" will not be disabled' Switch ( $Stage | Sort-Object ) { 1 { $Targets | ForEach-Object { $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { $null = Disable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In-NoScope' -CimSession $thisTarget -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In-NoScope' -CimSession $thisTarget -ErrorAction SilentlyContinue } else { $null = Disable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In' -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In' -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP4-ERQ-In-NoScope' -ErrorAction SilentlyContinue $null = Disable-NetFirewallRule -Name 'FPS-ICMP6-ERQ-In-NoScope' -ErrorAction SilentlyContinue } } } 2 { $Targets | ForEach-Object { $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { $null = Remove-NetFirewallRule -DisplayName 'Test-NetStack - CTSTraffic' -CimSession $thisTarget -ErrorAction SilentlyContinue } else { $null = Remove-NetFirewallRule -DisplayName 'Test-NetStack - CTSTraffic' -ErrorAction SilentlyContinue } } } { $_ -eq 3 -or $_ -eq 4 -or $_ -eq 5 -or $_ -eq 6 } { $Targets | ForEach-Object { $thisTarget = $_ if ($thisTarget -ne $Env:ComputerName) { $null = Disable-NetFirewallRule -Name 'FPSSMBD-iWARP-In-TCP' -CimSession $thisTarget -ErrorAction SilentlyContinue } else { $null = Disable-NetFirewallRule -Name 'FPSSMBD-iWARP-In-TCP' -ErrorAction SilentlyContinue } } } 3 { } 4 { } 5 { } 6 { } } } |