With Simple modification you can do anything you want.
# Define functions:
Function InstallWinRMCertificateForVM ($servicename, $svrname)
{
Write-Host "Installing WinRM Certificate for remote access: $servicename $svrname"
$WinRMCert = (Get-AzureVM -ServiceName $servicename -Name $svrname | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint
$AzureX509cert = Get-AzureCertificate -ServiceName $servicename -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1
$certTempFile = [IO.Path]::GetTempFileName()
$AzureX509cert.Data | Out-File $certTempFile
# Target The Cert That Needs To Be Imported
$CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certTempFile
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($CertToImport)
$store.Close()
Remove-Item $certTempFile
}
$adminUsername = '<username>'
$adminPassword = '<password>'
$vmname = "HQServer1"
$cloudsvcName = "HQServer1"
# Install the WinRM Certificate first to access the VM via Remote PS
InstallWinRMCertificateForVM $cloudsvcName $vmname
# Return back the correct URI for Remote PowerShell
$uri = Get-AzureWinRMUri -ServiceName $cloudsvcName -Name $vmname
$SecurePassword = $adminPassword | ConvertTo-SecureString -AsPlainText -Force
$credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminUsername,$SecurePassword
# Test Remote Script
Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock {
Get-ChildItem c:\
}
# Install IIS
Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock {
Install-WindowsFeature -Name Web-Server -IncludeManagementTools -Source C:\Windows\WinSxS
}
# Disable Windows Firewall:
Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock {
Set-NetFirewallProfile -All -Enabled False
}
Jerry Yasir's Blog 