forked from microsoft/azuredevopslabs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfigureDBfirewallUsers.ps1
77 lines (58 loc) · 2.83 KB
/
configureDBfirewallUsers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
param
(
[Parameter(Mandatory=$false)]
[string] $sqluser
)
$sqlInstanceName = 'MSSQLSERVER'
if ([String]::IsNullOrEmpty($sqluser) -eq $true)
{
$sqluser = "contoso"
}
#STEP1: Enable TCP protocol
Write-Output "Enabling TCP protocol"
Import-Module "sqlps"
$smo = 'Microsoft.SqlServer.Management.Smo.'
$wmi = new-object ($smo + 'Wmi.ManagedComputer').
# List the object properties, including the instance names.
$Wmi
# Enable the TCP protocol on the default instance.
$uri = "ManagedComputer[@Name='" + (get-item env:\computername).Value + "']/ServerInstance[@Name='$sqlInstanceName']/ServerProtocol[@Name='Tcp']"
$Tcp = $wmi.GetSmoObject($uri)
$Tcp.IsEnabled = $true
$Tcp.Alter()
$Tcp
#STEP2: Start SQL Server Browser service
Write-output "Enabling SQL browser service"
Set-Service sqlbrowser -StartupType Automatic
net start sqlbrowser
#STEP3: ADD firewall rules for SQL service
Write-Output "Enabling firewall rules"
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = any profile = domain
netsh advfirewall firewall add rule name = SQLPortPrivate dir = in protocol = tcp action = allow localport = 1433 remoteip = any profile = private
netsh advfirewall firewall add rule name = SQLPortPublic dir = in protocol = tcp action = allow localport = 1433 remoteip = any profile = public
#STEP4: Restart SQL service
Write-Output "Restarting SQL service"
net stop $sqlInstanceName /yes
net start $sqlInstanceName /yes
#STEP5: Add user to SQL roles
Write-Output "Adding user to SQL roles"+$sqluser
$sqluser = "contoso"
$username = "$env:ComputerName\$sqluser"
$password = 'Microsoft!123'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
$sqltoolPath="C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\binn"
pushd $sqltoolPath
$arguments = "-S localhost -Q `"sp_addsrvrolemember '$env:ComputerName\$sqluser', 'sysadmin' `""
Start-Process sqlcmd.exe -Credential $credential -ArgumentList $arguments
$arguments = "-S localhost -Q `"sp_addsrvrolemember '$env:ComputerName\$sqluser', 'dbcreator' `""
Start-Process sqlcmd.exe -Credential $credential -ArgumentList $arguments
$arguments = "-S localhost -Q `"sp_addsrvrolemember 'NT AUTHORITY\SYSTEM', 'sysadmin' `""
Start-Process sqlcmd.exe -Credential $credential -ArgumentList $arguments
$arguments = "-S localhost -Q `"sp_addsrvrolemember 'NT AUTHORITY\SYSTEM', 'dbcreator' `""
Start-Process sqlcmd.exe -Credential $credential -ArgumentList $arguments
popd
Write-Output "Successfully added users to SQL roles"
# Enable SQl auth and SQL User
Invoke-WebRequest https://raw.githubusercontent.com/bayernmunich/sqlscript/master/sqlauthwithuser.ps1 -OutFile "D:\sqlauthwithuser.ps1"
Invoke-Expression "D:\sqlauthwithuser.ps1"