深入浅出PowerShell——创建Secure Store Service
View Code
1 Add-PSSnapin Microsoft.SharePoint.PowerShell -EA SilentlyContinue
2 $serviceApplicationPool="Secure Store Service Pool" #name of the application pool under which the application should run
3 $secureStoreDatabaseName="GMAxSecureStoreServiceDB" #the sharepoint database where the service app will store the data
4 $secureStoreApplicationName="GMAxSecureStoreServiceApp" #name of the service application
5 $secureStoreApplicationProxyName="GMAxSecureStoreServiceAppProxy" #name of the service application proxy
6 $targetAppID="GMAx SSS" #name of the service target application
7 $targetAppName="GMAxSecureStoreServiceTargetApp"
8 $secureStoreAdministrator="northamerica\tstmos30" #the administrator of the application
9 $secureStoreUser="northamerica\domain user" #the group or user that will have access to service application. I use the group configuration
10 $secureStoreAdministratorEmail="Alfred.Lv@cognizant.com" #email of the administrator
11 $serviceContext="http://usctapd00317:10000" # the url for getting the service application context
12 $targetApplicationUserName="tstmos30" #user name which will be used to access the external application
13 $targetApplicationUserPassword="TSTMOS030"
14 #password which will be used to access the external application
15 $passPhrase="2012-Mar" #passphrase for securing the application
16
17 #Gettheserviceinstance
18 $SecureStoreServiceInstances=Get-SPServiceInstance|?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance])}
19 $SecureStoreServiceInstance=$SecureStoreServiceInstances|?{$_.Server.Address -eq $env:COMPUTERNAME}
20 If(-not$?){Throw "-FailedtofindSecureStoreserviceinstance" }
21 #StartServiceinstance
22 If($SecureStoreServiceInstance.Status -eq "Disabled")
23 {
24 Write-Host "-StartingSecureStoreServiceInstance..."
25 $SecureStoreServiceInstance.Provision()
26 If(-not$?){Throw"-FailedtostartSecureStoreserviceinstance"}
27 #Wait
28 Write-Host "-WaitingforSecureStoreservice..." -NoNewline
29 While($SecureStoreServiceInstance.Status -ne "Online")
30 {
31 Write-Host "." -NoNewline
32 Start-Sleep 1
33 $SecureStoreServiceInstances=Get-SPServiceInstance | ?{$_.GetType().ToString() -eq "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance"}
34 $SecureStoreServiceInstance=$SecureStoreServiceInstances | ?{$_.Server.Address -eq $env:COMPUTERNAME}
35 }
36 Write-Host $($SecureStoreServiceInstance.Status)
37 }
38 #CreateServiceApplication
39 $GetSPSecureStoreServiceApplication=Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}
40 If($GetSPSecureStoreServiceApplication -eq $Null)
41 {
42 Write-Host "-CreatingSecureStoreServiceApplication..."
43 New-SPSecureStoreServiceApplication -Name $secureStoreApplicationName -PartitionMode:$false -Sharing:$false -DatabaseName $secureStoreDatabaseName -ApplicationPool $serviceApplicationPool -AuditingEnabled:$true -AuditLogMaxSize 30 |Out-Null
44 Write-Host "-CreatingSecureStoreServiceApplicationProxy..."
45 Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}|New-SPSecureStoreServiceApplicationProxy -Name $secureStoreApplicationProxyName -DefaultProxyGroup|Out-Null
46 Write-Host "-DonecreatingSecureStoreServiceApplication."
47 }
48 Else{Write-Host "-SecureStoreServiceApplicationalreadyprovisioned."}
49
50 $secureStore=Get-SPServiceApplicationProxy|Where{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy])}
51 Start-Sleep 5
52 Write-Host "-CreatingtheMasterKey..."
53 Update-SPSecureStoreMasterKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase
54 Start-Sleep 5
55 Write-Host "-CreatingtheApplicationKey..."
56 Update-SPSecureStoreApplicationServerKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase -ErrorAction SilentlyContinue
57
58 $usernameField=New-SPSecureStoreApplicationField –Name "UserName" -Type UserName –Masked:$false
59 $passwordField=New-SPSecureStoreApplicationField –Name "Password" –Type Password –Masked:$true
60 $fields=$usernameField,$passwordField
61
62 $adminClaim=New-SPClaimsPrincipal –Identity $secureStoreAdministrator –IdentityType WindowsSamAccountName
63 $userClaim=New-SPClaimsPrincipal –Identity $secureStoreUser –IdentityType WindowsSamAccountName
64 $targetApp=new-spsecurestoretargetapplication -name $targetAppID -friendlyname $targetAppName -contactemail $secureStoreAdministratorEmail -applicationtype Group -timeoutinminutes 3
65 $ssApp=New-SPSecureStoreApplication –ServiceContext $serviceContext –TargetApplication $targetApp –Field $fields –Administrator $adminClaim -CredentialsOwnerGroup $userClaim
66 $firstCredential=ConvertTo-SecureString $targetApplicationUserName –AsPlainText –Force
67 $secondCredential=ConvertTo-SecureString $targetApplicationUserPassword –AsPlainText –Force
68 $credentialValues=$firstCredential,$secondCredential
69 Update-SPSecureStoreGroupCredentialMapping –Identity $ssApp –Values $credentialValues