# ============================================================================ # Elaborado por Bryan Ramirez para Banco Promerica # ---------------------------------------------------------------------------- # Instalar.ps1 - Deja todo listo en ESTE servidor (correr en .32 y en .33). # 1. Habilita acceso C$ a cuentas locales (LocalAccountTokenFilterPolicy=1) # 2. Abre File and Printer Sharing (SMB) en el firewall # 3. Copia el motor a C:\Supervisor (y limpia baselines viejos) # 4. Registra la tarea programada "WebConfigSync" (arranca al boot, # se reinicia sola si falla, sin limite de tiempo) # 5. (Re)arranca la tarea con Stop+Start para cargar el motor nuevo. # # Uso (PowerShell ELEVADO): # .\Instalar.ps1 -InfraPass 'PASSWORD_DE_infrati' # Opcional cuenta de dominio en vez de local: # .\Instalar.ps1 -User 'promerica\infrati' -InfraPass '...' # ============================================================================ param( [string]$User = ".\infrati", [Parameter(Mandatory=$true)][string]$InfraPass ) $ErrorActionPreference = 'Stop' $dest = 'C:\Supervisor' $here = Split-Path -Parent $MyInvocation.MyCommand.Path Write-Host "[1/5] LocalAccountTokenFilterPolicy=1 (C$ para cuentas locales)..." New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ` -Name 'LocalAccountTokenFilterPolicy' -Value 1 -PropertyType DWord -Force | Out-Null Write-Host "[2/5] Firewall: File and Printer Sharing..." Enable-NetFirewallRule -DisplayGroup 'File and Printer Sharing' -ErrorAction SilentlyContinue Write-Host "[3/5] Copiando motor a $dest ..." New-Item -ItemType Directory -Path $dest -Force | Out-Null New-Item -ItemType Directory -Path (Join-Path $dest 'logs') -Force | Out-Null New-Item -ItemType Directory -Path (Join-Path $dest 'state') -Force | Out-Null Copy-Item -Path (Join-Path $here 'Sync-WebConfig.ps1') -Destination $dest -Force # Limpia baselines viejos: tras actualizar el motor, partir de cero evita falsos # borrados por un baseline obsoleto. El primer reconcile lo reconstruye solo. Remove-Item -Path (Join-Path $dest 'state\*') -Force -ErrorAction SilentlyContinue # Normaliza la cuenta: Register-ScheduledTask NO mapea ".\usuario" a un SID # (falla con HRESULT 0x80070534). Una cuenta local debe ir como EQUIPO\usuario. if ($User -like '.\*') { $User = "$env:COMPUTERNAME\" + $User.Substring(2) } elseif ($User -notmatch '\\') { $User = "$env:COMPUTERNAME\$User" } Write-Host "[4/5] Registrando tarea programada WebConfigSync (usuario $User)..." $action = New-ScheduledTaskAction -Execute 'powershell.exe' ` -Argument '-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Supervisor\Sync-WebConfig.ps1"' $trigger = New-ScheduledTaskTrigger -AtStartup $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries ` -RestartCount 999 -RestartInterval (New-TimeSpan -Minutes 1) ` -ExecutionTimeLimit ([TimeSpan]::Zero) -MultipleInstances IgnoreNew # -Force sobrescribe si ya existiera (re-correr no duplica la tarea). # Nota: -Principal y -Password no se pueden combinar; con cuenta+password se usa -User/-Password. Register-ScheduledTask -TaskName 'WebConfigSync' -Action $action -Trigger $trigger ` -Settings $settings -User $User -Password $InfraPass -RunLevel Highest -Force | Out-Null Write-Host "[5/5] (Re)arrancando la tarea (Stop+Start para cargar el motor nuevo)..." Stop-ScheduledTask -TaskName 'WebConfigSync' -ErrorAction SilentlyContinue Start-Sleep -Milliseconds 800 Start-ScheduledTask -TaskName 'WebConfigSync' Start-Sleep -Seconds 2 Get-ScheduledTask -TaskName 'WebConfigSync' | Get-ScheduledTaskInfo | Select-Object TaskName,LastTaskResult,LastRunTime,NumberOfMissedRuns | Format-List Write-Host "" Write-Host "LISTO en este servidor. Log en C:\Supervisor\logs\webconfig_sync.log" Write-Host "Repite EXACTAMENTE lo mismo en el otro servidor."