From 2e900f59511f5ea573f503e83c894bb1c82742c0 Mon Sep 17 00:00:00 2001
From: ZeArioch <16936254+ZeArioch@users.noreply.github.com>
Date: Mon, 28 Sep 2020 15:48:29 +0200
Subject: [PATCH 1/4] delete old RDP GPO files

---
 Vagrant/resources/GPO/rdp_users/manifest.xml  |   1 -
 .../Backup.xml                                |  20 ------------------
 .../microsoft/windows nt/SecEdit/GptTmpl.inf  | Bin 384 -> 0 bytes
 .../bkupInfo.xml                              |   1 -
 .../gpreport.xml                              | Bin 18348 -> 0 bytes
 5 files changed, 22 deletions(-)
 delete mode 100644 Vagrant/resources/GPO/rdp_users/manifest.xml
 delete mode 100644 Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
 delete mode 100644 Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
 delete mode 100644 Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
 delete mode 100644 Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml

diff --git a/Vagrant/resources/GPO/rdp_users/manifest.xml b/Vagrant/resources/GPO/rdp_users/manifest.xml
deleted file mode 100644
index fd766e0..0000000
--- a/Vagrant/resources/GPO/rdp_users/manifest.xml
+++ /dev/null
@@ -1 +0,0 @@
-<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{46037b97-c619-4c8b-b901-d264bbccc4c0}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-04-26T03:18:07]]></BackupTime><ID><![CDATA[{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}]]></ID><Comment><![CDATA[Allows windomain\vagrant to RDP to hosts]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
deleted file mode 100644
index ab953e5..0000000
--- a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
-    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Remote Desktop Users]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Allow Domain Users RDP]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[0]]></UserVersionNumber><MachineVersionNumber><![CDATA[327685]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
-        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
-            
-            
-            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Adm\*.*"/>
-        </GroupPolicyExtension>
-        
-        
-        
-        
-        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
-            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
-        </GroupPolicyExtension>
-        
-        
-        
-        
-    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft" bkp:Location="DomainSysvol\GPO\Machine\Microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft\Windows NT" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft\Windows NT\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
-</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
deleted file mode 100644
index ef38d8a0c2fdacc3333de6534f69f3a457d3b6ff..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 384
zcma)$y9&ZU5JgWd_zxmhf{?^lEK-PtT8N-%BO<;{p%Gu;&#O1X3Th?8E_3(JxwFs5
zgb@c~mL#lLGbKyr=Plwc=WNb|vHFu#EaKqiQ?-?vbKxp?O+=moEjn~{H)+$C&RfPn
z{!PR?Bf@vtZLx_Gj^yZRYR|%L+iCvjwiOvt5>uk8Qzo#kDm7DmatRwHMV9_Qbv7o)
qHxbyzfQl->(>704vp@KH38l*NLiG(dTbG}nlnLcF?B6Np*`Ho+5;i{o

diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
deleted file mode 100644
index 88e7503..0000000
--- a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
+++ /dev/null
@@ -1 +0,0 @@
-<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{46037b97-c619-4c8b-b901-d264bbccc4c0}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-04-26T03:18:07]]></BackupTime><ID><![CDATA[{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}]]></ID><Comment><![CDATA[Allows windomain\vagrant to RDP to hosts]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst>
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml
deleted file mode 100644
index 58ca288641ebf1235457423758e6bdc8122f3e3e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 18348
zcmeHPZEqS!5T4JK`X5j~wNf1ee#g`i0XMZ28_U>DTjdKjcH+hu7jRxw^{=;mo|$g%
z_Sl1i5O9(c;yB;!?!3?J&d&OuzpL_C-bq((q#$qPQu;EGYw5|Y{2<>*NghcNzXiOx
zl?y!Y;O(uv)VKFClq*?5t4*|dEPL{`d?i(RD#y}99~<`;BUW%fKwpme3cZGMhi9w!
zyw%SmT-N}r2ly}Xv<#?4jJqno$e}!w7GS>u4qa(0Hp!8%=Q8q&(l!8gZKd`y0V^H*
zE_z-7_a3P1fhR-ILT+_I!Bc&H4~mcR<VIV*$MY8GAt#KV1Hdx=6~MWw9DrNoIp1I5
zOUXp<)7!+kK3{xK<vnP)1ck)(Pg$3JsY6EF@<g^Ey%k7o2b!>nyLDXG@OB078o1lR
z-4>+U&^ARpsmYJ%zbPB?7pPs$L~lbm+E$J&iq5wRtrLU%2r}$Jx^4Ut^Eg(KgeKEe
zl_QMN1xNS5jT;^HEo2`buOMgOw^?ODPVnwnVMaY^aZVd(p*M1`np0PdIXZP{02o7P
z&^`V(%*MBkMy;dQCGZ^L+L2Rm!!V|WmQ=1qNP7jc-Nai;wu0-HUP}rqZG;HMA#kN%
zF+I-;r3CmDeAg99`WO+M6Qv~k_}fawHf(tlP<BAoHs~wMZwhgAv<MPy`vTnVgQ_9y
zrh&f)c*4K$@PvLY(iM|m3#}UPb&Jq!^FDD5Y12*6+kz}h_-?37c~=JQ>$n#2j9!^G
z%Qj_jgYsU-ZyDUNwp)15FZ+;NwEU9xE5Z|2K;ap_73gsdHvcVP)?^o+;y|w_xKhvB
z;MEm=w{cy;_e#z&7Dp=KDIuL>eBRUR6w$tj9`ru!v7>NzF;)%Gz5^7(Ae1^_*TLgD
z=zI=)I>z-F&rb2IiDwNwtK(S%-=_B2{iqyqxH<Y~!LI@8<}uF4ko*Q@w3EP&+$ZPB
zadMlI*+nd9WNH_e=!bBvCBJ&`4piQ=X-FM?zk{AsAPLjyGf+hA4nS2)wU2s6y&|nw
z(9a_Dd<|NB0oz#tkEr9tgobb8iN#gwco8kk;%H$P;OwrBNZB``=MG{s0o8|h4!E<!
zI|mN5vMpF#Tm3*0Hh76A&NfLyTYUq)gxMyolaw%0?4WgdM$G98X64kpF=rHY9y{sD
zo0!esg3kUDeYuN8j4dv{P#YH!T^LI~hBt9>#CT6?e9jx4Zf>+FN}t2tj(|%OD;3)R
zk-Wf4s*QC_A6L%4h_A!S$Cz&-ZAre1Rt}4xB|Ini9QBA%X-%clQeWxw{o!a)+Dc%&
zK1EvN(^W+TqEF&lb%2kp@&|az89rAT)Yau_T6}$y1=DQQEsvg2%Q*mtnZ>YG!2l~@
zW(>NJKwD)%{_i2ea%D+*P|n%<jKVs_i1!$U>$b}j$@?6%IKkY5-#6T9*)e5jto=r`
zIKR6HJz(5B0{04t184aC3BLUV5<JCR^95$Oe7CQ2Up{T&o~!*RZWJ(QY-+0${652n
zty@Z|qa!R0YDyNVQMQ)FAwTE?D$o#n!fa8<?pzO2m(;U}&*OT=^Bcr;eA^HVqtEaR
zW5JAB+`71m9B)h3A`GpDRr(#QkXgMpX6e^@PfmrQn>C!mnz{17feril7XM8MW;BA!
z70@4ZB}}i-1P;Gr<O|$0m*e{gj-I90^l+I)B7DoaSsrSXvJmWW&q)|us~;qlp)m*G
z!!5W=DTFwXy>|!?>e#e$uR`9IEvBUUs&k>SO}dsBkK!{mum+i4K(dU;`=IU~@n8>D
z&zxIFEkAp&5M)x74acg7%OT(o<TY?9Di(1(qjyP&W~Z}6o@CSs`3P!$5~8!4ILvS>
zYiTpSMMZ=7Du|hKlSX*uLi`Lz=j#`RWqQnFmZYUo>oAW($^jP*!#b8nA<J`*i(MfL
zHoZ@aW8qj5UoTA8a}oyG<H+Y7h4vAFxPS3I{8C5fHQceh)W5r!8Q7l9d%WdpCBB<L
zKbOa?XpNobEwaqn%{G=7x5~(t%ySp$VaC7@$>Leu=E^x=h2^U-?(;4p{)J-CX!H%o
z&O8D(V|6*{>##fmCbPw(k?iwdxy>sA+HUx#6aScx;C!!-To`lKoaHgM+0i`&*7cDV
zw^|+544b*+F)@#ci;9W)nlPG+X3P4Sjb>k~<q<KDh*s<KFymNyF0+Q*`cU^@8P#lO
z$EsT6RknFVBM0&<XTI0=rR=r2JwN6#qrJHTcB!M&8nlV*F*3BeHgB0_uQ1<-OP&py
z<#dhnV0Kz1z7IFg)m&LuKxtKE(Ok@}kruV17s_V()nxf9&Pm5+z<JEe>r1|z`jUJV
zH+~hzXq}}3g|V9F?YK*NjcnOV^m-W8wEphEcr2sLoy}7Gy<As`6+XLGMHMTn<1A0u
zK-CcEI5n++=W|xi-5_u1SB+)u<7QG-R7SE=_D<Ju%t%H!oB#e<^OSDKwE>(c2Ue2t
ztQ{-HHZ)dGZs%Zz#%*Dw0chjQFg&8)!XJzIRL2iiC&sf?$#=<~@07#Lxmw+}<FwBQ
z!+9UIos>t^IzI2H$RF6zo$uLTRz1egGKbC*5Qou<Q{uu?hrZ4w$4jd{ttu@Qt(Rl1
zGj)_Q=Z;P^mrtu3Gj16MQEN9>8|5t9yALb>mUW(nXHa=UlOMC#@fBr8r=u&b3-i?i
zf6n~`HP8pBVLru`XJS~>$f^-ahjq`~t9*^Wda&y0GB8HZ>VLAIMsiMH4iy)kg-d!8
zCtvrwOgYbMrIO{`l%v;pyJ%ertyi+1q4F_zS}|F|v>da2YUXs_gMCN6?5M|xpYc!n
zIF8}??Dq_hKI-w=E<G+*VSj^whF4{B478fx$?g0o<+t}EVQ56Zg+Ep@9%hM^<i{w@
zRrnyz&0d2WtP@P~x`nFp!<Zx}r~d!{3x#7QTlkpTTb|)zc6kqHKMAb^Nc?XlypR9K
z2#buN@uLy^@n_+Lv*I3Td!zI)GO~uxpLHAo%h47NK50+m-LzbN4oH2K0q2LDE%Ri7
V?I6#Wzmp+-I-I5iEbq7{{{ky=;~)S4


From b67f4e85a8becb295d249cf945a52b83f406cd28 Mon Sep 17 00:00:00 2001
From: ZeArioch <16936254+ZeArioch@users.noreply.github.com>
Date: Mon, 28 Sep 2020 15:50:53 +0200
Subject: [PATCH 2/4] add GPO file with 'Domain Users' as RDP group members

---
 Vagrant/resources/GPO/rdp_users/manifest.xml  |   1 +
 .../Backup.xml                                |  20 ++++++++++++++++++
 .../microsoft/windows nt/SecEdit/GptTmpl.inf  | Bin 0 -> 380 bytes
 .../bkupInfo.xml                              |   1 +
 .../gpreport.xml                              | Bin 0 -> 17634 bytes
 5 files changed, 22 insertions(+)
 create mode 100644 Vagrant/resources/GPO/rdp_users/manifest.xml
 create mode 100644 Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/Backup.xml
 create mode 100644 Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
 create mode 100644 Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/bkupInfo.xml
 create mode 100644 Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/gpreport.xml

diff --git a/Vagrant/resources/GPO/rdp_users/manifest.xml b/Vagrant/resources/GPO/rdp_users/manifest.xml
new file mode 100644
index 0000000..c8f230f
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/manifest.xml
@@ -0,0 +1 @@
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{ff161336-72cc-4bd4-90ae-42bf968987b9}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-09-28T11:54:01]]></BackupTime><ID><![CDATA[{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/Backup.xml b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/Backup.xml
new file mode 100644
index 0000000..93964de
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Remote Desktop Users]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3036387054-737866085-3744588598-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3036387054-737866085-3744588598-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3036387054-737866085-3744588598-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3036387054-737866085-3744588598-513]]></Sid><SamAccountName><![CDATA[Domain Users]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Users@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ee 96 fb b4 65 f1 fa 2b 36 e3 31 df e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ee 96 fb b4 65 f1 fa 2b 36 e3 31 df 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ee 96 fb b4 65 f1 fa 2b 36 e3 31 df 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Allow Domain Users RDP]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[131074]]></UserVersionNumber><MachineVersionNumber><![CDATA[196611]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000000000000000000000000000000000000..667c750b250b013443fb1c7201dd477724a2431b
GIT binary patch
literal 380
zcma)&PY=OB6vTgLiSHndlcY(hY8`qI2OLB~xQK}VdeDj@@#QgHmEa_s-F@@s&CF&W
z_bFpyB32}<*)XF>;ingJ6O$Td%0%@^D3T)1=QFeuT5#qfc0-6onKoT|I$LxY2wTQu
zDE=zN+asi!dv~Nw<Zz@!UsDH`dD>p{$2_gV2wNH(PurztDo<#x^{GqP$|*GN|Ep4?
uDe<kSnM4;yi4E-lU$sYF>AtY9PD9Jl{d$)#uC6*Tou<z0#Z}E_fBXcRUp4~(

literal 0
HcmV?d00001

diff --git a/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/bkupInfo.xml b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/bkupInfo.xml
new file mode 100644
index 0000000..9319227
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{D3AAF869-5E70-4C9E-BC4D-F7F86C450D5B}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{ff161336-72cc-4bd4-90ae-42bf968987b9}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-09-28T11:54:01]]></BackupTime><ID><![CDATA[{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst>
diff --git a/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/gpreport.xml b/Vagrant/resources/GPO/rdp_users/{02BF61B9-4ECA-4D86-B20B-323CF53B1E9F}/gpreport.xml
new file mode 100644
index 0000000000000000000000000000000000000000..cd2bc5a7125ab5f446232b8c1ebeac82b061707b
GIT binary patch
literal 17634
zcmeHOZBrsg5bn>Z%738pDOVK~#W#?6#eun4b&4gJOH%g*@#V}38W-bPsr>aM&ok}R
z>@2geC_&F`Q7p^s%=CNrbkFQRf7j%-e3rgkNJ0LP6S<a1&gD`D^1XZ`OR^v({1)(J
zAU(7n<LN-o%+nhg%Bd95YYlx~%a(jCUr9~g%D%KPM&})1#wzY3jOCmkF={ARXj{bR
z)_fLlEd$mi;Gdy&8Bj}@cTs+pU3n*M!2Spv`qDMnBxgRK$;?GVTLkR7hT4+^taR-A
z7}*2vm!R?zJQ;!(a;pyt-kSCsP`r<p3)Axs?QPIQPAESkz*7Ddz`2_2fLr7_pP%AO
z$++j~ed1i7ExsMO0}UsjkeL1{O-QVc&kwQz`B$I^tFkTYkXun!q=A-g+`Ylw3i=k&
zZ~eY6TUODpiR&Br3)C)VqPJ-{+BF=T7oE2T+Hnl>0%Ujz>2~o;%;Q)&2~DP{CVQBp
z4~}kuix+0rTgW~>UqKGRZ?(#T9N^i$f$2ul;;c5%LNDaTXimdm%-N|!5nv3VK{xoX
zn2qo2W^G{93Gf`^dMq7qLoud>@>|50vR{T4bYQVdu<KQGT|qlxrOn`A>;hN%71i_X
zP|AQsKS3zzb2vB$hLY^_ubBDi16M%bs`-%4Uk$|3*&HO=b`RXX2314YO%wkkwDA8G
zTIlDTuBiOl=+%U;n}=qr_laXjn{I*LHe|Vk@2Zh0@5<nC85Uj!<+ScqaHEL3GQPC@
zHMDJ*{%lz>w!L9mD!6hs%BTcCSOtBD_*S9Cby)njfLNDJXvmJa9^gtX>w;6K_}##@
zi0`Q!0UBpoLMw4P0u<g;`%36v!iWkm;fM<QRxr~h=022HfI=9A(g5rRINSi0?_o{*
zxbCB^gSHmhnrLgFt%+~TjM@AT`C&1$)IS8fCTN?*JhPWNeLy9F8#zy|liTDprLu`A
z(ah8@F3rdAtS!HI@OF%>AEq4*jC}<isX`8_&xfFh*zJI-w$VK57<G!Yo<cWE(D5=f
zxCft71dpiS^rLa@rcF`f)pAPcv0+-)U|~J<+%z*%@-67Nh1g0!_2C@>?!)070S8*x
zI;^d0ti1&LJ3))ZoHTSz9H8$|yQF23k`nB-g5Jvy#GHQMp`4mE=8QJhS0{aV3+vbc
z=)8VHFK(j{ql%3z)W&(l6-JTS`w|;Ll=Gy;=etsA*F^K8^F6F>54g0j_Mr9e$p>Um
zUF0v<xN_A+d@WW!#(d&*CHc%{4D+BRycT$QTEvJ{HZo}&Kk0M*`RGvE`hUDOIi2z8
zsv-K&A2CCX@X_2pLMzwx%q^&?Pp4<`tRxGj*{FLudPePL2OMVYLUVx#IWX%4eMq2d
zWI+CJA-Xc3q&z6+Y-2`Ybui-%W?{B=k|KGZgBl}Paq!26d;NdniQ|j);PcQa#?QyZ
z6^Hd=CV5ioTGb(S^bS?%j<&FR6tYM=g19C%(7_)!GG6bXwvX={g27Q1k1!UjpvCQu
zdF6O3(;i`Hb!6>VuuoR`x>&oPn|pF93|;M{13PCW-~!g|*I)c6A((CkTRWhqW^PP>
z(E<*?Vdft0S=;fw2WQVRYI?Y=DiOZc;IuB46?%B=Bpl9-k0hNTiXw1g0RB=AAs%EO
z9m0cJHm&4qkhs>5DXVLvb)mUczFH}Fv70(rhg5rzEu-}|sJlU|*uotvWJCE5v6^|;
z1-|t1{NIOEw0?Gne~cmV$_}Z>4kv^wXUIlX&BJ~d9Eju-u-6)0oHF+;2~lnPA#p4j
z!$N+A){=y1Z7mKn+)I1v`f*<IAf8WYMKx{xO6(NFdB?0hc;f<Oe~8~7VUq{&z8%zA
zK0t5zY}?d**xJTDYuqktDxhA{GQAG)`wk!WZjZ^H9G!WT%cC6Y>f>T#$lBFP(&A(|
zQpGcs=|)b%AbXU0*)h)UsN@mL&(*`RC>ia-y;RemE@CaC>hkzKB;8HWbx64W=VHRV
zV_zs=<GPKjvuk7x%=@_}V|+X|br_zAAT1Wtu;fP9L23PLCY0xJc@F37V7eHUM>og0
zY`Knl*6f*8p1~z+(4+n=8Pi@~2DgNr+~*m`(sMZOn72(9x0}Z;!vPy{M>SZzLY|f7
zSsC}&veYd@*&#hdUU}rMR9<<s>k@L~CFF6-_fq{5@;HAlKF{BrE~;(jaqzk9!R7gz
z)y;ed&g~z%UABA&Zkl&<tY6c2UE(`%Jf-`k<!^QDArH+NBvvK$41>PU5r4mgROJ;(
zEBQRL3!kXa_gM1%wwI9E*$k7XM%)>c0?uQ(_Y~<Bve!7%a@lMZ)u%f>LMpS=8i^s_
zuj5IabL{b)Vbt?DN9*qlkH^yaHjQNdc_DkwD*Ucm4d+*R`b~GYnmFOZ(@u4B@}2EG
z9mlgt{&}~oW32wva3+LjWUox*;y#+gSu1QmncX#ep1BE}Y`ul=*6}=;p7oyG&%zAN
z+r~^0Xrn!ZXY_mcb8#2Y@`I-j<7@Qfv*gInhQr(`)Dzp5(>@;*=WU$bq&!^j_}QeY
z{EjutY~KausmA!b%b|A&!n={gg>M=9I+vU;?QChy&{D<uAjTo`ldBnB%Qz2~cE(G&
zr5L#0<JUYKqvM{g_EI))is}2OYO&*MCyKA7E3ON()dIU#(pB;soc`Lu>8%c~d>4i?
z;>koxhbO)$u}}DS39FuN-Kq2}-phU($yt5bHMsB%xTGgh>ALI7sIiTI&&5&8D$cz1
zBy?WFud}&#-l^>tzfsR;>0mFl>dA6;eW&*!96Rc3NAYqz<=b$+r%R_OJo~8MXTS95
vSc4Tt0X?tD<VdKM*~$I<SmpQk<6&q<zlT3pGAd??nB<2~Gh1}cx+VVt+Ol=|

literal 0
HcmV?d00001


From 848259d26188d32cd8c300dc2c248bc6ab1462a6 Mon Sep 17 00:00:00 2001
From: ZeArioch <16936254+ZeArioch@users.noreply.github.com>
Date: Mon, 28 Sep 2020 15:52:39 +0200
Subject: [PATCH 3/4] add migration table for the domain groups to be updated
 on import

---
 .../resources/GPO/rdp_users/rdp_users.migtable   | Bin 0 -> 2150 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 Vagrant/resources/GPO/rdp_users/rdp_users.migtable

diff --git a/Vagrant/resources/GPO/rdp_users/rdp_users.migtable b/Vagrant/resources/GPO/rdp_users/rdp_users.migtable
new file mode 100644
index 0000000000000000000000000000000000000000..b18a27863d2bec328c584bee7402d2a7f9b783bc
GIT binary patch
literal 2150
zcmchZOHTqp5QOV&;(yq1=b<JZ41y*YFB*wJ;+2=Mf!!s%ls~V2J*zH|tN{eF2@KOc
zRn;{;vwVIORo1%#4drRBuEv_kSENwa%IHiv75MguglaS2AsVXZqBBkPsw`QT<djv?
zsZLbXBRM^gn#5zQI^z}`U65k75S}Z>6A+E5PwrGB=JGsm?#c0afr1FE9<%3YDZrN3
z3mgxsp{NgL0J>>hNA~xEoOKmXP}g)Gbl14j)d#F>qdlU^2&bmhVjc!maPQ`4R9t0d
z=rR{>zN#mlk=u*J!3nXye9e5j@8N^(Kof+KQ{G#O#L>DI4!?woA?z)(hf9iza3wjm
zr?xI$TO)sl_BQ%Ts<>*Jj>pq2ducV>-rlfxHtH;8<Q!Yuu^GoI)+$d0eDmBe5*Pl<
zn1=epZK~3|+uYR#n*HC?w5zvwpiEsCjPTpX4Ld!@@OVGW$MbrCQxW|Z()pWq?lW!%
ztTKl^`q;W{z^{mt;i=)=w!3iGKHUcYSWa07jkoY<&dH1KaqGlGo#^dZj^o#U@5ZE~
X4&~$OUA!INu8zj{W%}Db{zvcyP7Y>&

literal 0
HcmV?d00001


From c80063c4b39776f1bc36e7bd91d0028e50c9c6ab Mon Sep 17 00:00:00 2001
From: ZeArioch <16936254+ZeArioch@users.noreply.github.com>
Date: Mon, 28 Sep 2020 15:55:41 +0200
Subject: [PATCH 4/4] add migration table target to RDP GPO import script

---
 Vagrant/scripts/configure-rdp-user-gpo.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrant/scripts/configure-rdp-user-gpo.ps1 b/Vagrant/scripts/configure-rdp-user-gpo.ps1
index 1fbea02..a51a203 100644
--- a/Vagrant/scripts/configure-rdp-user-gpo.ps1
+++ b/Vagrant/scripts/configure-rdp-user-gpo.ps1
@@ -1,6 +1,6 @@
 # Purpose: Install the GPO that allows windomain\vagrant to RDP
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to allow windomain/vagrant to RDP..."
-Import-GPO -BackupGpoName 'Allow Domain Users RDP' -Path "c:\vagrant\resources\GPO\rdp_users" -TargetName 'Allow Domain Users RDP' -CreateIfNeeded
+Import-GPO -BackupGpoName 'Allow Domain Users RDP' -Path "c:\vagrant\resources\GPO\rdp_users" -MigrationTable "c:\vagrant\resources\GPO\rdp_users\rdp_users.migtable" -TargetName 'Allow Domain Users RDP' -CreateIfNeeded
 
 $OU = "ou=Workstations,dc=windomain,dc=local"
 $gPLinks = $null