I’ve mentioned a few times on my blog that I was going to post a sample install script which can be used to set up and configure a basic MOSS install (will also work with WSS but you’ll need to pull a lot out) and now I’ve finally got around to actually doing it. I’ve created a zip file which contains two files that you can download. The first file, variables.bat, simply contains the core configuration settings that you’ll want to change as you build each of your environments. The second file, install.bat, is the main install file which calls the psconfig tool and numerous stsadm commands (there’s also a snapshot (WSP) of my custom extensions which the install.bat file will install immediately after psconfig does what it needs to do). You can use whatever accounts you want but I tend to follow a least priveledges model. The following list details the specific accounts typically needed as well as the actual configurations that must be manually made for each account (if applicable). Note that the sample script and the information below assumes that you are using Kerberos.
- SqlSvrSvc: SQL Server Service Account
- Machine SQL Server is running on must be trusted for delegation for Kerberos
- Needs an SPN for “MSSQLSvc/%DBSERVER%” (host and FQDN)
- SpAdmin: SharePoint Administrator
- Member of the local admin group on each server in which setup is run
- SQL Server logon requiring the following roles
- securityadmin
- dbcreator
- db_owner for each database that stsadm may need to interact with
- Should NOT be a member of the local admin group on the SQL Server servers
- SpFarm: SharePoint Server Farm Account
- Must be trusted for delegation for Kerberos
- Needs an SPN for “HTTP/%WEBSERVER%” (host and FQDN)
- Must be added to WSS_WPG group on WFE
- SspAppPool: SharePoint SSP Application Pool Account
- Must be trusted for delegation for Kerberos
- Needs an SPN for “HTTP/sspadmin” (host and FQDN)
- Must be added to WSS_WPG group on WFE
- SspSvc: SharePoint SSP Service Account
- SspSearch: SharePoint Server Search Service Account
- SspContent: SharePoint Default Content Access Account
- SspUserProfileSvc: SharePoint SSP Profile Import Default Access Account
- Must have read access to the directory service (AD)
- If “Enable Server Side Incremental” is selected for an Active Directory connection and the environment is Windows 2000 Server, the account must have the Replicate Changes permission in Active Directory (this permission is not required for Windows Server 2003 AD environments)
- Must be given the “Manage User Profiles” personalization services permission (this is a done within SharePoint)
- Must be given “View” permissions on entities used in BDC import connections (this is done within SharePoint)
- SspExcelSvc: SharePoint Excel Services Unattended Service Account
- SpHelpSearch: SharePoint Services Help Search Service Account
- SpContentSearch: SharePoint Services Search Content Access Account
- SpPortalAppPool: SharePoint Portal Application Pool Identity
- Must be trusted for delegation for Kerberos
- Needs an SPN for “HTTP/portal” (host and FQDN)
- Must be added to WSS_WPG group on WFE
- SpMySitesAppPool: SharePoint MySites Application Pool Identity
- Must be trusted for delegation for Kerberos
- Needs an SPN for “HTTP/mysites” (host and FQDN)
- Must be added to WSS_WPG group on WFE
- SpAdminitrators: SharePoint Administrators Security Group
- The spadmin account would be in this group along with any users who need full admin rights
The first thing you’ll want to do if you download the sample script is to modify the variables.bat file, shown below:
1rem SET PATH=C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN;%PATH%
2
3rem ******* SERVERS *********
4SET DOMAIN=spdev
5SET SERVER_MAIL="sharepoint1.spdev.com"
6SET SERVER_INDEX=sharepoint1
7SET SERVER_DB=spsql1
8
9rem ******* DATABASES ********
10SET DB_CONFIG_NAME="SharePoint_ConfigDB"
11SET DB_CENTRALADMINCONTENT_NAME="SharePoint_CentralAdminContent"
12SET DB_SEARCHHELP_NAME="SharePoint_Search_HelpData"
13SET DB_SSPCONFIG_NAME="SharePoint_SSP_ConfigDB"
14SET DB_MYSITES_NAME="SharePoint_MySites"
15SET DB_SSPCONTENT_NAME="SharePoint_SSP_Content"
16SET DB_SEARCHCONTENT_NAME="SharePoint_SSP_SearchContent1"
17SET DB_PORTALCONTENT_NAME="SharePoint_PortalContent1"
18SET DB_TEAMSCONTENT_NAME="SharePoint_TeamsContent1"
19
20rem ******* FILE PATHS ********
21SET PATH_HELPSEARCH_INDEXES="e:\MOSS\Indexes\HelpData"
22SET PATH_SSP_INDEXES="e:\MOSS\Indexes\Office Server\Applications"
23SET PATH_SSPVDIR="e:\MOSS\Webs\SSPAdmin"
24SET PATH_MYSITESVDIR="e:\MOSS\Webs\MySites"
25SET PATH_USAGELOGS="e:\MOSS\Usage"
26SET PATH_PORTALVDIR="e:\MOSS\Webs\Portal"
27SET PATH_TEAMSVDIR="e:\MOSS\Webs\Teams"
28SET PATH_LOGS="e:\MOSS\Logs"
29
30rem ******* ACCOUNTS ********
31SET ACCT_SPFARM="%DOMAIN%\spfarm"
32SET ACCT_SPFARM_PWD="pa$$w0rd"
33
34SET ACCT_SPADMIN="%DOMAIN%\spadmin"
35SET ACCT_SPADMIN_EMAIL="no-reply@spdev.com"
36SET ACCT_SPADMIN_NAME="SharePoint Administrator"
37SET ACCT_SPADMIN_GROUPNAME="%DOMAIN%\spadministrators"
38
39rem *** SharePoint Server Search Service Account
40SET ACCT_SSPSEARCH="%DOMAIN%\sspsearch"
41SET ACCT_SSPSEARCH_PWD="pa$$w0rd"
42
43rem *** SharePoint Services Help Search Service Account
44SET ACCT_SEARCH_HELP="%DOMAIN%\sphelpsearch"
45SET ACCT_SEARCH_HELP_PWD="pa$$w0rd"
46
47rem *** content access account for windows sharepoint services help search
48set ACCT_CONTENT_HELP="%DOMAIN%\spcontentsearch"
49set ACCT_CONTENT_HELP_PWD="pa$$w0rd"
50
51rem *** Default content access account for office search
52SET ACCT_SSPCONTENT="%DOMAIN%\sspcontent"
53SET ACCT_SSPCONTENT_PWD="pa$$w0rd"
54
55rem *** SharePoint SSP Application Pool Account
56SET ACCT_SSPAPPPOOL="%DOMAIN%\sspapppool"
57SET ACCT_SSPAPPPOOL_PWD="pa$$w0rd"
58
59rem *** My sites application pool account
60SET ACCT_MYSITESAPPPOOL="%DOMAIN%\spmysitesapppool"
61SET ACCT_MYSITESAPPPOOL_PWD="pa$$w0rd"
62SET ACCT_MYSITESUSERS_GROUP="%DOMAIN%\SPMySiteUsers"
63
64rem *** SharePoint SSP Service Account
65SET ACCT_SSPSVC="%DOMAIN%\sspsvc"
66SET ACCT_SSPSVC_PWD="pa$$w0rd"
67
68rem *** User profile import account
69SET ACCT_SSPUSERPROFILESVC="%DOMAIN%\sspuserprofilesvc"
70SET ACCT_SSPUSERPROFILESVC_PWD="pa$$w0rd"
71
72rem *** Portal application pool account
73SET ACCT_SPPORTALAPPPOOL="%DOMAIN%\spportalapppool"
74SET ACCT_SPPORTALAPPPOOL_PWD="pa$$w0rd"
75
76rem *** Teams sites application pool account
77SET ACCT_SPTEAMSAPPPOOL="%DOMAIN%\spteamsapppool"
78SET ACCT_SPTEAMSAPPPOOL_PWD="pa$$w0rd"
79
80rem *** Excel Services unattended access account
81set ACCT_EXCEL_USER="%DOMAIN%\sspexcelsvc"
82set ACCT_EXCEL_PWD="pa$$w0rd"
83
84SET ACCT_PORTAL_SECONDARYSITEOWNER="%DOMAIN%\siteowner1"
85SET ACCT_PORTAL_SECONDARYSITEOWNER_EMAIL="siteowner1@spdev.com"
86SET ACCT_PORTAL_SECONDARYSITEOWNER_NAME="Site Owner1"
87
88
89SET ACCT_TEAMS_SECONDARYSITEOWNER="%DOMAIN%\siteowner1"
90SET ACCT_TEAMS_SECONDARYSITEOWNER_EMAIL="siteowner1@spdev.com"
91SET ACCT_TEAMS_SECONDARYSITEOWNER_NAME="Site Owner1"
92
93
94rem ******** WEB APPLICATIONS **********
95SET CENTRALADMIN_PORT=1234
96
97SET WEB_SSP_URL="http://sspadmin/"
98SET WEB_SSP_IISDESC="SharePoint Shared Services Admin (80)"
99SET WEB_SSP_APPIDNAME="SharePoint_SSP_AppPool"
100SET WEB_SSP_NAME="SSP1"
101
102SET WEB_MYSITES_URL="http://mysites/"
103SET WEB_MYSITES_IISDESC="SharePoint My Sites (80)"
104SET WEB_MYSITES_APPIDNAME="SharePoint_MySites_AppPool"
105
106SET WEB_PORTAL_URL=http://portal/
107SET WEB_PORTAL_SITEDIR_URL="%WEB_PORTAL_URL%SiteDirectory"
108SET WEB_PORTAL_NAME="Portal"
109SET WEB_PORTAL_DESC=""
110SET WEB_PORTAL_IISDESC="SharePoint Portal (80)"
111SET WEB_PORTAL_APPIDNAME="SharePoint_Portal_AppPool"
112
113SET WEB_TEAMS_URL=http://teams/
114SET WEB_TEAMS_SITEDIR_URL="%WEB_PORTAL_URL%SiteDirectory"
115SET WEB_TEAMS_NAME="Teams"
116SET WEB_TEAMS_DESC=""
117SET WEB_TEAMS_IISDESC="SharePoint Teams (80)"
118SET WEB_TEAMS_APPIDNAME="SharePoint_Collaboration_AppPool"
The variables.bat file details all the servers, accounts, web addresses and names, database names, etc. For the sample I’m assuming a single server (named “SharePoint1”) which is acting as the database server, WFE and index/query server (typical of a single user development environment). Examine each line carefully and make sure that you set the variables to meet your needs. For this sample I’m assuming that four web applications will be created: Central Admin, Shared Services Provider Admin, My Sites, and a single Portal. The “Portal” web application is the one that will be almost definitely changed by everyone – if you need to add more web applications just follow the pattern for the “Portal” web application. The install.bat file executes all the commands necessary to build out the MOSS configuration. The install.bat file can be seen below:
1echo off
2
3echo %DATE% %TIME%: Starting script
4
5call variables.bat
6
7goto startpoint
8:startpoint
9rem *** NOTE: The order of the following psconfig statements is critical - do not re-order.
10ECHO %DATE% %TIME%: Building configuration database
11psconfig -cmd configdb -create -server %SERVER_DB% -database %DB_CONFIG_NAME% -user %ACCT_SPFARM% -password %ACCT_SPFARM_PWD% -admincontentdatabase %DB_CENTRALADMINCONTENT_NAME%
12if not errorlevel 0 goto errhnd
13
14ECHO %DATE% %TIME%: Installing help content
15psconfig -cmd helpcollections -installall
16if not errorlevel 0 goto errhnd
17
18ECHO %DATE% %TIME%: Securing resources
19psconfig -cmd secureresources
20if not errorlevel 0 goto errhnd
21
22ECHO %DATE% %TIME%: Installing services
23psconfig -cmd services -install
24if not errorlevel 0 goto errhnd
25
26ECHO %DATE% %TIME%: Installing features
27psconfig -cmd installfeatures
28if not errorlevel 0 goto errhnd
29
30ECHO %DATE% %TIME%: Creating central admin site
31psconfig -cmd adminvs -provision -port %CENTRALADMIN_PORT% -windowsauthprovider enablekerberos
32if not errorlevel 0 goto errhnd
33
34ECHO %DATE% %TIME%: Adding application content to central admin site
35psconfig -cmd applicationcontent -install
36if not errorlevel 0 goto errhnd
37
38pause
39
40ECHO %DATE% %TIME%: Installing custom stsadm extensions
41stsadm -o addsolution -filename "Lapointe.SharePoint.STSADM.Commands.wsp"
42stsadm -o deploysolution -local -allowgacdeployment -name "Lapointe.SharePoint.STSADM.Commands.wsp"
43stsadm -o execadmsvcjobs
44
45REM ====================================
46REM ======= BEGIN SERVICES CONFIG ======
47REM ====================================
48
49echo %DATE% %TIME%: BEGINNING SERVICES CONFIGURATIONS...
50echo
51
52ECHO %DATE% %TIME%: Enabling sharepoint services help search service
53stsadm -o spsearch -action start -farmserviceaccount %ACCT_SEARCH_HELP% -farmservicepassword %ACCT_SEARCH_HELP_PWD% -farmperformancelevel maximum -farmcontentaccessaccount %ACCT_CONTENT_HELP% -farmcontentaccesspassword %ACCT_CONTENT_HELP_PWD% -indexlocation %PATH_HELPSEARCH_INDEXES% -databaseserver %SERVER_DB% -databasename %DB_SEARCHHELP_NAME%
54if not errorlevel 0 goto errhnd
55
56ECHO %DATE% %TIME%: Enabling the office sharepoint search service
57stsadm -o osearch -action start -role Index -farmcontactemail %ACCT_SPADMIN_EMAIL% -farmperformancelevel maximum -farmserviceaccount %ACCT_SSPSEARCH% -farmservicepassword %ACCT_SSPSEARCH_PWD% -defaultindexlocation %PATH_SSP_INDEXES%
58if not errorlevel 0 goto errhnd
59
60ECHO %DATE% %TIME%: Starting excel calculation services
61stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Excel.Server.ExcelServerSharedWebService, Microsoft.Office.Excel.Server, Version = 12.0.0.0, Culture = neutral, PublicKeyToken = 71e9bce111e9429c"
62if not errorlevel 0 goto errhnd
63
64ECHO %DATE% %TIME%: Starting Document Conversions Load Balancer Service
65stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Server.Conversions.LoadBalancerService, Microsoft.Office.Server.Conversions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -servicename DCLoadBalancer
66if not errorlevel 0 goto errhnd
67
68ECHO %DATE% %TIME%: Starting Document Conversions Launcher Service
69stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Server.Conversions.LauncherService, Microsoft.Office.Server.Conversions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -servicename DCLauncher
70if not errorlevel 0 goto errhnd
71
72ECHO %DATE% %TIME%: Resetting IIS
73iisreset /noforce
74if not errorlevel 0 goto errhnd
75
76
77ECHO %DATE% %TIME%: Adding %ACCT_SPADMIN% to Farm Administrators group
78stsadm -o adduser -url "http://localhost:%CENTRALADMIN_PORT%" -userlogin %ACCT_SPADMIN% -group "Farm Administrators" -username %ACCT_SPADMIN_NAME% -useremail %ACCT_SPADMIN_EMAIL%
79if not errorlevel 0 goto errhnd
80
81ECHO %DATE% %TIME%: Adding %ACCT_SPADMIN_GROUPNAME% to Farm Administrators group
82stsadm -o gl-adduser2 -url "http://localhost:%CENTRALADMIN_PORT%" -userlogin %ACCT_SPADMIN_GROUPNAME% -group "Farm Administrators" -username %ACCT_SPADMIN_NAME%
83if not errorlevel 0 goto errhnd
84
85ECHO %DATE% %TIME%: Setting outbound email settings
86stsadm -o email -outsmtpserver %SERVER_MAIL% -fromaddress %ACCT_SPADMIN_EMAIL% -replytoaddress %ACCT_SPADMIN_EMAIL% -codepage 65001
87if not errorlevel 0 goto errhnd
88
89
90echo
91echo %DATE% %TIME%: FINISHED SERVICES CONFIGURATIONS
92echo TODO: Set Load Balancer Server and Port
93pause
94
95REM ====================================
96REM ======= END SERVICES CONFIG ========
97REM ====================================
98
99echo
100echo
101
102
103REM ====================================
104REM ========= BEGIN SSP ================
105REM ====================================
106echo %DATE% %TIME%: BEGINNING SSP SETTINGS
107echo
108
109ECHO %DATE% %TIME%: Creating the My Sites web application
110stsadm -o gl-createwebapp -url %WEB_MYSITES_URL% -directory %PATH_MYSITESVDIR% -sethostheader -ownerlogin %ACCT_SPADMIN% -owneremail %ACCT_SPADMIN_EMAIL% -description %WEB_MYSITES_IISDESC% -apidname %WEB_MYSITES_APPIDNAME% -apidtype configurableid -apidlogin %ACCT_MYSITESAPPPOOL% -apidpwd %ACCT_MYSITESAPPPOOL_PWD% -databasename %DB_MYSITES_NAME% -donotcreatesite -timezone 12
111if not errorlevel 0 goto errhnd
112
113ECHO %DATE% %TIME%: Creating SSP Admin site.
114stsadm -o gl-createwebapp -url %WEB_SSP_URL% -directory %PATH_SSPVDIR% -sethostheader -ownerlogin %ACCT_SPADMIN% -owneremail %ACCT_SPADMIN_EMAIL% -description %WEB_SSP_IISDESC% -apidname %WEB_SSP_APPIDNAME% -apidtype configurableid -apidlogin %ACCT_SSPAPPPOOL% -apidpwd %ACCT_SSPAPPPOOL_PWD% -databasename %DB_SSPCONFIG_NAME% -donotcreatesite -timezone 12
115if not errorlevel 0 goto errhnd
116
117ECHO %DATE% %TIME%: Creating the Shared Service Provider
118stsadm -o createssp -title %WEB_SSP_NAME% -url %WEB_SSP_URL% -mysiteurl %WEB_MYSITES_URL% -ssplogin %ACCT_SSPSVC% -indexserver %SERVER_INDEX% -indexlocation %PATH_SSP_INDEXES% -ssppassword %ACCT_SSPSVC_PWD% -sspdatabaseserver %SERVER_DB% -sspdatabasename %DB_SSPCONTENT_NAME% -searchdatabaseserver %SERVER_DB% -searchdatabasename %DB_SEARCHCONTENT_NAME% -ssl no
119if not errorlevel 0 goto errhnd
120
121ECHO %DATE% %TIME%: Resetting IIS
122iisreset /noforce
123if not errorlevel 0 goto errhnd
124
125ECHO %DATE% %TIME%: Setting the new SSP as the default SSP
126stsadm -o setdefaultssp -title %WEB_SSP_NAME%
127if not errorlevel 0 goto errhnd
128
129ECHO %DATE% %TIME%: Giving %ACCT_SPADMIN_GROUPNAME% all permissions to SSP
130stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights All -user %ACCT_SPADMIN_GROUPNAME%
131if not errorlevel 0 goto errhnd
132
133ECHO %DATE% %TIME%: Giving %ACCT_SSPUSERPROFILESVC% profile management permissions
134stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights ManageUserProfiles -user %ACCT_SSPUSERPROFILESVC%
135if not errorlevel 0 goto errhnd
136
137ECHO %DATE% %TIME%: Giving %ACCT_SSPSEARCH% profile management permissions
138stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights ManageUserProfiles -user %ACCT_SSPSEARCH%
139if not errorlevel 0 goto errhnd
140
141ECHO %DATE% %TIME%: Setting usage analysis settings
142mkdir %PATH_USAGELOGS%
143stsadm -o gl-setusageanalysis -enablelogging true -enableusageprocessing true -logfilelocation %PATH_USAGELOGS% -numberoflogfiles 30 -processingstarttime "10:00PM" -processingendtime "1:00AM" -sspname %WEB_SSP_NAME% -enableadvancedprocessing true -enablequerylogging true
144if not errorlevel 0 goto errhnd
145
146ECHO %DATE% %TIME%: Enabling kerberos on the SSP
147stsadm -o setsharedwebserviceauthn -negotiate
148if not errorlevel 0 goto errhnd
149
150ECHO %DATE% %TIME%: Setting delegation for excel services (to enable Kerberos)
151stsadm -o set-ecssecurity -ssp %WEB_SSP_NAME% -accessmodel delegation
152if not errorlevel 0 goto errhnd
153
154ECHO %DATE% %TIME%: Updating excel services unattended service account
155stsadm -o set-ecsexternaldata -ssp %SSP% -unattendedserviceaccountname %ACCT_EXCEL_USER% -unattendedserviceaccountpassword %ACCT_EXCEL_PWD%
156if not errorlevel 0 goto errhnd
157
158ECHO %DATE% %TIME%: Updating default content access account
159stsadm -o gl-updatedefaultcontentaccessaccount -username %ACCT_SSPCONTENT% -password %ACCT_SSPCONTENT_PWD%
160if not errorlevel 0 goto errhnd
161
162ECHO %DATE% %TIME%: Setting user profile default access account
163stsadm -o gl-setuserprofiledefaultaccessaccount -username %ACCT_SSPUSERPROFILESVC% -password %ACCT_SSPUSERPROFILESVC_PWD% -sspname %WEB_SSP_NAME%
164if not errorlevel 0 goto errhnd
165
166ECHO %DATE% %TIME%: Running pending jobs
167stsadm -o execadmsvcjobs
168if not errorlevel 0 goto errhnd
169
170ECHO %DATE% %TIME%: Setting user profile full import schedule
171stsadm -o gl-setuserprofileimportschedule -sspname %WEB_SSP_NAME% -type full -occurrence weekly -hour 3 -dayofweek Saturday -enabled true -runjob
172if not errorlevel 0 goto errhnd
173
174ECHO %DATE% %TIME%: Setting user profile incremental import schedule
175stsadm -o gl-setuserprofileimportschedule -sspname %WEB_SSP_NAME% -type incremental -occurrence daily -hour 22 -enabled true
176if not errorlevel 0 goto errhnd
177
178ECHO %DATE% %TIME%: Executing pending timer jobs
179stsadm.exe -o execadmsvcjobs
180if not errorlevel 0 goto errhnd
181
182echo
183echo %DATE% %TIME%: FINISHED SSP SETTINGS
184
185REM ====================================
186REM =========== END SSP ================
187REM ====================================
188
189echo
190echo
191
192REM ====================================
193REM =========== BEGIN PORTAL =============
194REM ====================================
195:portal
196echo %DATE% %TIME%: BEGINNING PORTAL CORE SETTINGS
197echo
198call portal.bat
199echo
200echo %DATE% %TIME%: FINISHED PORTAL CORE SETTINGS
201pause
202
203REM ====================================
204REM ============ END PORTAL ==============
205REM ====================================
206
207
208
209echo
210echo
211
212
213REM ====================================
214REM =========== BEGIN TEAMS =============
215REM ====================================
216:teams
217echo %DATE% %TIME%: BEGINNING TEAMS CORE SETTINGS
218echo
219call teams.bat
220echo
221echo %DATE% %TIME%: FINISHED TEAMS CORE SETTINGS
222pause
223goto end
224REM ====================================
225REM ============ END TEAMS ==============
226REM ====================================
227
228
229echo
230echo
231
232REM ====================================
233REM ======= BEGIN MY SITES =============
234REM ====================================
235:mysites
236echo %DATE% %TIME%: BEGINNING MY SITES SETTINGS
237echo
238call mysites.bat
239echo
240echo %DATE% %TIME%: FINISHED MY SITES SETTINGS
241pause
242REM ====================================
243REM ========= END MY SITES =============
244REM ====================================
245
246echo
247echo
248
249ECHO ******************* Run Connect.bat on each WFE **************************
250pause
251
252ECHO %DATE% %TIME%: Setting log file path
253mkdir %PATH_LOGS%
254stsadm -o gl-tracelog -logdirectory %PATH_LOGS%
255if not errorlevel 0 goto errhnd
256
257echo
258echo
259
260ECHO %DATE% %TIME%: TODO 1 - Configure searching (http://sspadmin/ssp/admin/_layouts/listcontentsources.aspx)
261
262goto end
263
264:errhnd
265
266echo An error occured - terminating script.
267
268:end
If you look at the file you’ll see that the first thing it does is “goto startpoint” and that “startpoint” marker is right below the goto statement. I put that there so that if the file should fail for any reason I can simply move the startpoint marker to the next command I want to have run and then re-execute the script (I often find that the “setuserprofiledefaultaccessaccount” command will fail on the first run if I haven’t loaded the SSP in the browser before it runs – moving the startpoint to right before this command I can re-run the batch file and it will continue right on). The next thing the script does is call psconfig. There’s tons of help/guidance on how to script psconfig so I won’t bother hear – just make sure you review the settings and make any necessary changes to suit your environment. Once psconfig completes you now have a farm created with a working Central Admin site. The script then goes on to enable services and build out the SSP, MySites, and Portal web applications making various configurations to each. Again, there’s lots of resources on how to use the various commands that this sample script uses (including my own blog) so I won’t go through all the steps that it does. Just make sure that you review every line of this script and make sure you understand what it is doing (this is meant to get you started and various assumptions are made with the configuration so that I can demonstrate what can be done so make sure you look at every settings and adjust/remove as needed). One final note – I’ve never been a fan of batch files or command line “programming” (despite the subject of this blog) and I am certainly no expert at creating batch files – there’s probably considerably better ways to do some of what I’ve done in my samples. If you have any suggestions as to how this can be done better I’m all ears 🙂