Apq
/
tigertoolbox
zrcadlo https://github.com/microsoft/tigertoolbox.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
							#  Copyright (c) Microsoft Corporation.  All rights reserved.
#  
# THIS SAMPLE CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# WHETHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
# IF THIS CODE AND INFORMATION IS MODIFIED, THE ENTIRE RISK OF USE OR RESULTS IN
# CONNECTION WITH THE USE OF THIS CODE AND INFORMATION REMAINS WITH THE USER.

# The purpose of this script is 
# 1. Configure Firewall Exceptions for SQL
# 2. Configure SQL to Listen on TCP post 1500 and 1501 (DAC)
# 3. Change SQL to Use Mixed Mode Authentication 
# 4. Rename SA Account
Try
{
    Import-Module sqlps -DisableNameChecking
    # Setup the SQL Server Connectivity
    $TCPPort = "1500" 
    $DACPort = "1501"

    #This Section of the Code is to add a firewall exception for Ports 1500 and 1501
    Write-Host "************************  Configure Firewall Exceptions ********************* " -ForegroundColor DarkYellow 
    # Prepare the arguments for the NETSH command
    $Arguments = "advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = " + $TCPPort + " remoteip = ANY profile = PUBLIC"
    # Execute the command silently
    $p = Start-Process netsh -ArgumentList $Arguments -wait -NoNewWindow -PassThru
    $p.HasExited
    $p.ExitCode
    # Prepare the arguments for the NETSH command
    $Arguments = "advfirewall firewall add rule name = SQLDACPort dir = in protocol = tcp action = allow localport = " + $DACPort + " remoteip = ANY profile = PUBLIC"
    # Execute the command silently
    $p = Start-Process netsh -ArgumentList $Arguments -wait -NoNewWindow -PassThru
    $p.HasExited
    $p.ExitCode

    Write-Host "************************  Configure TCP Ports ********************* " -ForegroundColor DarkYellow 
    # Create a SMO object
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement") | out-null
    $MachineObject = New-Object ('Microsoft.SqlServer.Management.Smo.WMI.ManagedComputer') $env:COMPUTERNAME
    $tcp = $MachineObject.GetSMOObject("ManagedComputer[@Name='" + (Get-Item env:\computername).Value + "']/ServerInstance[@Name='MSSQLSERVER']/ServerProtocol[@Name='Tcp']")
    if ($tcp.IsEnabled -ne "True")
    {
        $tcp.IsEnabled = $true
        $tcp.alter
        $MachineObject.GetSMOObject($tcp.urn.Value + "/IPAddress[@Name='IPAll']").IPAddressProperties[1].Value = $TCPPort
        $tcp.alter()
    }
    else
    {
        $MachineObject.GetSMOObject($tcp.urn.Value + "/IPAddress[@Name='IPAll']").IPAddressProperties[1].Value = $TCPPort
        $tcp.alter()
    }

    Write-Host "************************  Configure Mixed Mode Authentication ********************* " -ForegroundColor DarkYellow
    $SQLObject = New-Object Microsoft.SqlServer.Management.Smo.Server($env:COMPUTERNAME)
    $SQLObject.Settings.LoginMode = [Microsoft.SqlServer.Management.SMO.ServerLoginMode]::Mixed
    $SQLObject.Alter()
    $SQLObject.Settings.Alter()

    Write-Host "************************  Rename SA Login ********************* " -ForegroundColor DarkYellow
    $SQL = "ALTER LOGIN sa WITH NAME = OptimusPrime"
    Invoke-SqlCmd -ServerInstance . -Query $SQL -Database "master"
    $SQL = "ALTER LOGIN OptimusPrime WITH Password = 'LS1setup!'"
    Invoke-SqlCmd -ServerInstance . -Query $SQL -Database "master"
    $SQL = "ALTER LOGIN OptimusPrime Enable"
    Invoke-SqlCmd -ServerInstance . -Query $SQL -Database "master"
}
Catch
{
      Write-Host "********** Erorr Configuring TCP/Firewall Options ************" -ForegroundColor Red
}