trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Chris Long
2017-12-11 08:49:25 -08:00
commit 1577341ce9
157 changed files with 5271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Vagrant/scripts/configure-wef-gpo.ps1 Normal file
View File

@@ -0,0 +1,16 @@
# Purpose: Installs the GPOs needed to specify a Windows Event Collector and makes certain event channels readable by Event Logger
Write-Host "Importing the GPO to specify the WEF collector"
Import-GPO -BackupGpoName 'Windows Event Forwarding Server' -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName 'Windows Event Forwarding Server' -CreateIfNeeded
New-GPLink -Name 'Windows Event Forwarding Server' -Target "dc=windomain,dc=local" -Enforced yes
New-GPLink -Name 'Windows Event Forwarding Server' -Target "ou=Domain Controllers,dc=windomain,dc=local" -Enforced yes
Write-Host "Importing the GPO to modify ACLs on Custom Event Channels"
Import-GPO -BackupGPOName 'Custom Event Channel Permissions' -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName 'Custom Event Channel Permissions' -CreateIfNeeded
New-GPLink -Name 'Custom Event Channel Permissions' -Target "dc=windomain,dc=local" -Enforced yes
New-GPLink -Name 'Custom Event Channel Permissions' -Target "ou=Domain Controllers,dc=windomain,dc=local" -Enforced yes
New-GPLink -Name 'Custom Event Channel Permissions' -Target "ou=Servers,dc=windomain,dc=local" -Enforced yes
New-GPLink -Name 'Custom Event Channel Permissions' -Target "ou=Workstations,dc=windomain,dc=local" -Enforced yes
gpupdate /force
# Enable WinRM
Write-Host "Enabling WinRM"
winrm qc /q:true
Write-Host "Rebooting to make settings take effect..."