powershell批量远程示例，批量给多台机器安装dotnet和iis

winrm quickconfig -q 2>&1> $null;winrm quickconfig -q -force 2>&1> $null;netstat -ano|findstr :5985;

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM" /f 2>&1 >$null
#stop-service mpssvc 2>&1 > $null
winrm quickconfig -q 2>&1 > $null
winrm quickconfig -q -force 2>&1 > $null
restart-service winrm 2>&1 > $null
#Set-Item WSMan:localhost\client\trustedhosts -value * -force 2>&1 > $null
winrm set winrm/config/client '@{TrustedHosts="*"}' 2>&1 > $null
netstat -ato|findstr :5985
Set-Item WSMan:localhost\client\trustedhosts -value * -Force

Registry Path：HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM

powershell：reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM" /f 2>&1 >$null

cmd：reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM" /f 2>&1 >nul

net user Administrator "密码"
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
#Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

# Configure WinRM to allow unencrypted communication, and provide the
# self-signed cert to the WinRM listener.
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"

# Make sure appropriate firewall port openings exist
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"

# Restart WinRM, and set it so that it auto-launches on startup.
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

#执行完这段Powershell后要重启机器
#执行完这段Powershell后要重启机器
#执行完这段Powershell后要重启机器

$Username = 'Administrator'
$Password = '明文密码'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass

$iparray = @('172.21.66.32','172.21.65.41','172.21.65.162')

for($i=0;$i -lt $iparray.Length;$i++){
"`$iparray["+$i+"]="+$iparray[$i]+"`n"
Invoke-Command -ComputerName $iparray[$i] -Credential $Cred -ScriptBlock { 
Get-WindowsFeature -Name NET-*, Web-* | where {$_.Name -notmatch "Ftp|Web-Application-Proxy"} | Install-WindowsFeature;
}
}

sc.exe stop BaradAgentSvc 2>$null 1>$null;sc.exe stop StargateSvc 2>$null 1>$null;sc.exe config BaradAgentSvc start= disabled  2>$null 1>$null;sc.exe config StargateSvc start= disabled  2>$null 1>$null;