50 lines
1.8 KiB
PowerShell
50 lines
1.8 KiB
PowerShell
|
function Set-DefaultNetshURLACLS {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
This function registers the default system URLACL for netsh
|
||
|
#>
|
||
|
[CmdletBinding()]
|
||
|
[OutputType([bool])]
|
||
|
param (
|
||
|
)
|
||
|
|
||
|
$logLead = (Get-LogLeadName)
|
||
|
|
||
|
$portList = @("50002","50003")
|
||
|
$success = $true
|
||
|
$didSetEnvironment = $false
|
||
|
|
||
|
foreach($port in $portList) {
|
||
|
$envVarName = "ALKAMI.SRE.EXCLUDED_PORT_RANGE_CONFIGURED.URLACL.$port"
|
||
|
|
||
|
if ($null -eq (Get-EnvironmentVariable -Name $envVarName -StoreName Machine)) {
|
||
|
Write-Host "$logLead : Setting URLACL for Subscription Service"
|
||
|
|
||
|
# This netsh match is very brute-force but we shouldn't have to do it often
|
||
|
# There's a better/cleaner way to do this where we parse each chunk into an object
|
||
|
# We then have to compare for each of the properties we want and maybe recreate it
|
||
|
# The odds of that are too small for the effort invested, so we keep the brute-force below
|
||
|
|
||
|
# TODO Extract this into unit-testable external function?
|
||
|
$output = ""
|
||
|
if (!((netsh http show urlacl url="http://+:$port/" | Out-String) -match "SDDL")) {
|
||
|
$output = netsh http add urlacl url="http://+:$port/" sddl="D:(A;;GX;;;WD)"
|
||
|
}
|
||
|
|
||
|
if ($output -match "error") {
|
||
|
Write-Error "$logLead : Could not set the URLACL for $port`r`n$output"
|
||
|
$success = $false
|
||
|
} else {
|
||
|
Write-Host "$logLead : Successfully added UrlAcl for $port"
|
||
|
Set-EnvironmentVariable -Name $envVarName -Value $true -StoreName Machine
|
||
|
}
|
||
|
|
||
|
$didSetEnvironment = $true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# If we set the environment, return the results
|
||
|
if($didSetEnvironment) {
|
||
|
return $success
|
||
|
}
|
||
|
}
|