# deploy-cond_portforward.ps1
# a stand-alone script that deploys the port-forward to a list of target computers
# v1.0 - 2024-10-08 s.t. - initial release
# EDIT THIS - create a temporary list of all computer on which we want to deploy
$complstfileToAdd = @'
AH00001
RA00003
BM0001-W10
'@
Set-Content "$env:TEMP\comps.txt" $complstfileToAdd
# create the .ps1 file that will execute the portforward - this file must be tailored to each host after deployment
$psfileToAdd = @'
# condprtforward.ps1
# a powershell script to check the portforwading on iBox and re-add if not present
# To be run by powershell from Task Scheduler */10min with SYSTEM rights and arguments "-noprofile -executionpolicy bypass -file C:\WINDOWS\cond_portfwd.ps1"
# Version 1.0 - 2024 s.t.
# EDIT THIS - define IP and ports
$lclip = "127.0.0.1"
$lclport = "65535"
$2ndlclprt = ""
$rmtip = "127.0.0.2"
$rmtport = "65535"
$2ndrmtprt = ""
# check if run with admin rights
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$arguments = "& '" +$myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
#test if the portforward is already active
if (Test-NetConnection $lclip -Port $lclport -WarningAction SilentlyContinue -InformationLevel Quiet) {
Write-Host "got_response, $lclport is open"
} else {
#add rules
Write-Host "add_rules $lclip : $lclport $rmtip : $rmtport"
netsh interface portproxy reset
netsh advfirewall firewall add rule name="PortProxy Custom 1" dir=in action=allow protocol=TCP localport=$lclport
netsh interface portproxy add v4tov4 listenport=$lclport listenaddress=$lclip connectport=$rmtport connectaddress=$rmtip
if($2ndrmtprt) {
Write-Host "2nd port is defined, adding 2nd rule"
netsh advfirewall firewall add rule name="PortProxy Custom 2" dir=in action=allow protocol=TCP localport=$2ndlclprt
netsh interface portproxy add v4tov4 listenport=$2ndlclprt listenaddress=$lclip connectport=$2ndrmtport connectaddress=$rmtip
}
}
##Write-Host "end"
##Start-Sleep 5
'@
Set-Content "$env:TEMP\cond_portfwd.ps1" $psfileToAdd
# create the scheduled task .xml file that will be "imported" in order to create the task
$xmlfileToAdd = @'
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2024-10-08T00:00:00.0000000</Date>
<Author>Administrator</Author>
<Description>Launch and maintain Port Forward</Description>
<URI>\PortForward</URI>
</RegistrationInfo>
<Triggers>
<BootTrigger>
<Repetition>
<Interval>PT10M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
<Arguments>-noprofile -executionpolicy bypass -file C:\WINDOWS\cond_portfwd.ps1</Arguments>
</Exec>
</Actions>
</Task>
'@
Set-Content "$env:TEMP\PortForward.xml" $xmlfileToAdd
# start the deployment. first ask for some admin credentials valid on targets
$cred = Get-Credential -Message "Please enter admin credentials valid on target computers";
if($cred -isnot [PSCredential]) {Write-Host -ForegroundColor Red -BackgroundColor DarkBlue "No valid credentials provided. Exiting!" ; exit 1}
# copy the files to each target computer. no need to see the errors, we have our own errorreporting
$ErrorActionPreference= 'silentlycontinue'
foreach($line in Get-Content $env:TEMP\comps.txt) {
Write-Host -ForegroundColor Gray "`nStart running on $line"
$comp = New-PSSession -Credential $cred $line
if ($?) { Write-Host -ForegroundColor Green "Session to $comp established" }else{ Write-Host -ForegroundColor Red "Unable to connect to $line" }
Copy-Item -ToSession $comp $env:TEMP\cond_portfwd.ps1 -Destination C:\WINDOWS\cond_portfwd.ps1 -Force
if ($?) { Write-Host -ForegroundColor Green ".ps1 file copied" }else{ Write-Host -ForegroundColor Red ".ps1 file NOT copied on $line" }
Copy-Item -ToSession $comp "$env:TEMP\PortForward.xml" -Destination "C:\WINDOWS\TEMP\PortForward.xml" -Force
if ($?) { Write-Host -ForegroundColor Green ".xml file copied" }else{ Write-Host -ForegroundColor Red ".xml file NOT copied on $line" }
# create the scheduled task from the .xml file
Invoke-Command -ComputerName $line -Credential $cred { $Task = Get-Content "C:\WINDOWS\TEMP\PortForward.xml" -raw ; Register-ScheduledTask -Xml $Task -TaskName 'PortForward' -User SYSTEM -Force }
if ($?) { Write-Host -ForegroundColor Green "Scheduledtask created"}else{ Write-Host -ForegroundColor Red "Scheduledtask NOT created on $line" }
}
# local cleanup
Remove-Item "$env:TEMP\comps.txt"
Remove-Item "$env:TEMP\PortForward.xml"
Remove-Item "$env:TEMP\cond_portfwd.ps1"
# reminder
Write-Host -ForegroundColor Yellow -BackgroundColor DarkBlue "`nOn each of the target computers please edit C:\WINDOWS\cond_portfwd.ps1"
exit
