So, our method here is mostly the same. Use the netsh portproxy capabilities to create port forwards, just pushing it out through Group Policy and applying it to all Domain Controllers.
We will use the same example Port Proxy Scheduled Task from the previous script as a baseline, but with some tweaks.
First off, I don't want to depend on the .bat script being available over network or locally to run. So we are going to have to code in the commands to do the forwards directly. So instead of the somewhat more obvious to maintain %ServerAddress% variable, we just have to drop in the hardcode replacement.
Second, we can only run one command at a time here, and rather than get fancy with conditional execution ( firstCommand.exe /stuff && secondCommand.exe /morestuff ) we can just push two separate Tasks for port 80 and 443.
So, our first command
netsh interface portproxy add v4tov4 listenport=443 connectaddress=%ServerAddress% connectport=443becomes
Command: %windir%\system32\\netsh.exe
Arguments: interface portproxy add v4tov4 listenport=443 connectaddress=www.contoso.one connectport=443
Create a GPO Applying to the Domain Controllers OU, Under Computer Config -> Preferences -> Control Panel Settings -> Scheduled Tasks
I like to add multiple triggers, one for startup, and once a day, with both scheduled to repeat every hour.
This way, in case there was a problem with it creating the port forward on startup (maybe the network driver crashed?) it should pick it up again shortly afterwards.
No comments:
Post a Comment