$comp = 'uro-ob' 

  

# 1) Отворим порт 22 (дори ако SSH още го няма) 

Invoke-Command -ComputerName $comp -ScriptBlock { 

  if (-not (Get-NetFirewallRule -DisplayName 'Open port 22 (TCP)' -ErrorAction SilentlyContinue)) { 

    New-NetFirewallRule -DisplayName 'Open port 22 (TCP)' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 22 -Profile Any | Out-Null 

  } else { 

    Enable-NetFirewallRule -DisplayName 'Open port 22 (TCP)' 

  } 

} 

  

# 2) Първи опит: инсталация през Windows Update (временно заобикаля WSUS) 

Invoke-Command -ComputerName $comp -ScriptBlock { 

  $cap = Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*' 

  if ($cap.State -ne 'Installed') { 

    New-Item 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing' -Force | Out-Null 

    New-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing' -Name UseWindowsUpdate -Value 2 -PropertyType DWord -Force | Out-Null 

    New-Item 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -Force | Out-Null 

    Set-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -Name UseWUServer -Value 0 -Type DWord 

    Restart-Service wuauserv -Force 

  

    try { 

      Add-WindowsCapability -Online -Name $cap.Name -ErrorAction Stop 

    } catch { 

      $_.Exception.Message 

    } 

  } 

  

  # ако вече е инсталиран (или току-що се инсталира), пусни услугата и firewall правилото на OpenSSH 

  if (Get-WindowsCapability -Online -Name OpenSSH.Server* | Where-Object State -eq 'Installed') { 

    Set-Service sshd -StartupType Automatic 

    Start-Service sshd 

    if (-not (Get-NetFirewallRule -DisplayName 'OpenSSH-Server-In-TCP' -ErrorAction SilentlyContinue)) { 

      New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH-Server-In-TCP' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 | Out-Null 

    } else { 

      Enable-NetFirewallRule -DisplayName 'OpenSSH-Server-In-TCP' 

    } 

  } 

} 

  

# 3) Ако още е NotPresent, пусни инсталация като SYSTEM чрез Scheduled Task (без да се бориш с /ST часа) 

$state = Invoke-Command -ComputerName $comp -ScriptBlock {(Get-WindowsCapability -Online -Name OpenSSH.Server*).State} 

if ($state -ne 'Installed') { 

  $payload = @' 

$ErrorActionPreference = "Stop" 

try { 

  $cap = Get-WindowsCapability -Online | Where-Object Name -like "OpenSSH.Server*" 

  if ($cap.State -ne "Installed") { 

    Add-WindowsCapability -Online -Name $cap.Name 

  } 

  Set-Service sshd -StartupType Automatic 

  Start-Service sshd 

  if (-not (Get-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue)) { 

    New-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -DisplayName "OpenSSH-Server-In-TCP" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 | Out-Null 

  } else { 

    Enable-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" 

  } 

} catch { $_ | Out-String | Out-File C:\ProgramData\install-sshd.err -Encoding UTF8 } 

'@ 

  

  Invoke-Command -ComputerName $comp -ScriptBlock { 

    param($script) 

    $p = "$env:ProgramData\install-sshd.ps1" 

    Set-Content -Path $p -Value $script -Encoding UTF8 

  

    # Създай задача за след ~1 минута и я стартирай веднага 

    $at = (Get-Date).AddMinutes(1) 

    $trigger = New-ScheduledTaskTrigger -Once -At $at 

    $action  = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "-ExecutionPolicy Bypass -NoProfile -File `"$p`"" 

    Register-ScheduledTask -TaskName 'InstallSSHD' -Trigger $trigger -Action $action -RunLevel Highest -User 'SYSTEM' -Force | Out-Null 

    Start-ScheduledTask -TaskName 'InstallSSHD' 

    Start-Sleep -Seconds 25 

  

    [pscustomobject]@{ 

      Capability  = (Get-WindowsCapability -Online -Name OpenSSH.Server*).State 

      Sshd        = (Get-Service sshd -ErrorAction SilentlyContinue).Status 

      Listening22 = [bool](Get-NetTCPConnection -LocalPort 22 -State Listen -ErrorAction SilentlyContinue) 

      ErrorFile   = (Test-Path 'C:\ProgramData\install-sshd.err') 

    } 

  } -ArgumentList $payload 

} 

  

# 4) Финална проверка от тук 

Invoke-Command -ComputerName $comp -ScriptBlock { 

  Get-WindowsCapability -Online -Name OpenSSH.Server* | Select Name,State 

  Get-Service sshd -ErrorAction SilentlyContinue 

  Get-NetTCPConnection -LocalPort 22 -State Listen -ErrorAction SilentlyContinue 

} 

Test-NetConnection $comp -Port 22 

Invoke-Command -ComputerName uro-lekar2 -ScriptBlock { 

  Get-LocalUser | Select Name, Enabled, LastLogon 

}