Merge pull request #575 from clong/taskbar_layout

Implement taskbar layout GPO
2020-12-17 17:15:48 -08:00
parent 5b7dab7a43 ec57ad4fb9
commit 1a4509c340
21 changed files with 163 additions and 9 deletions
--- a/Azure/Ansible/roles/dc/tasks/main.yml
+++ b/Azure/Ansible/roles/dc/tasks/main.yml
@@ -156,6 +156,21 @@
 - debug: msg="{{ rdp_gpo.stdout_lines }}"
  when: rdp_gpo.stdout_lines is defined

+- name: Configure Taskbar Layout GPO
+  win_shell: .\\configure-taskbar-layout-gpo.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: taskbar_gpo
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in taskbar_gpo.stderr"
+
+- debug: msg="{{ taskbar_gpo.stdout_lines }}"
+
 - name: Configure DC with raw Commands
  win_shell: "{{ item }}"
  with_items:
--- a/ESXi/ansible/roles/dc/tasks/main.yml
+++ b/ESXi/ansible/roles/dc/tasks/main.yml
@@ -139,6 +139,21 @@

 - debug: msg="{{ rdp_gpo.stdout_lines }}"

+- name: Configure Taskbar Layout GPO
+  win_shell: .\\configure-taskbar-layout-gpo.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: taskbar_gpo
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: windomain.local\vagrant
+    ansible_become_password: vagrant
+    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+  failed_when: "'Exception' in taskbar_gpo.stderr"
+
+- debug: msg="{{ taskbar_gpo.stdout_lines }}"
+
 - name: Configure DC with raw Commands
  win_shell: "{{ item }}"
  with_items:
--- a/Vagrant/Vagrantfile
+++ b/Vagrant/Vagrantfile
@@ -75,6 +75,7 @@ Vagrant.configure("2") do |config|
    cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/configure-taskbar-layout-gpo.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
    cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/Backup.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/Backup.xml
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
-    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2801704331-839121494-1579986156-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2801704331-839121494-1579986156-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2801704331-839121494-1579986156-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Disable Windows Defender]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[720907]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{2C55A216-EFB4-4959-8F7B-E049518C4DF2}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Disable Windows Defender]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[851981]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
-            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
            
-            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Adm\*.*"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Adm\*.*"/>
        </GroupPolicyExtension>
        
        
@@ -14,5 +14,5 @@
        
        
        
-    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Machine\Preferences\Registry" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}\Machine\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry\Registry.xml"/></GroupPolicyExtension></GroupPolicyObject>
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Machine\Preferences\Registry" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\Machine\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Applications" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\User\Applications" bkp:Location="DomainSysvol\GPO\User\Applications"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Documents &amp; Settings" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\User\Documents &amp; Settings" bkp:Location="DomainSysvol\GPO\User\Documents &amp; Settings"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\User\Scripts" bkp:Location="DomainSysvol\GPO\User\Scripts"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logoff" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\User\Scripts\Logoff" bkp:Location="DomainSysvol\GPO\User\Scripts\Logoff"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logon" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{2C55A216-EFB4-4959-8F7B-E049518C4DF2}\User\Scripts\Logon" bkp:Location="DomainSysvol\GPO\User\Scripts\Logon"/></GroupPolicyExtension></GroupPolicyObject>
 </GroupPolicyBackupScheme>
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="AmsiEnable" status="AmsiEnable" image="10" changed="2020-12-18 01:01:54" uid="{D1534272-C9FB-491D-A48B-39551C57F89B}"><Properties action="C" displayDecimal="1" default="0" hive="HKEY_LOCAL_MACHINE" key="SOFTWARE\Microsoft\Windows Script Host\Settings" name="AmsiEnable" type="REG_DWORD" value="00000000"/></Registry>
+</RegistrySettings>
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/comment.cmtx
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/comment.cmtx
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/registry.pol
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/registry.pol
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/bkupInfo.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{2C55A216-EFB4-4959-8F7B-E049518C4DF2}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{fcb5ab32-1521-4219-8304-2eaea4a73439}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-12-18T01:03:20]]></BackupTime><ID><![CDATA[{01E4A146-C220-48E2-A0F5-9AAF790529F6}]]></ID><Comment><![CDATA[Disable Windows Defender]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst>
--- a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/gpreport.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/gpreport.xml
--- a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="EnableAmsi" status="EnableAmsi" image="10" changed="2020-12-02 21:13:55" uid="{7DF9C732-80E6-44B7-8803-5DFE6D7AAC8C}"><Properties action="C" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SOFTWARE\Microsoft\Windows Script Host\Settings" name="EnableAmsi" type="REG_DWORD" value="00000000"/></Registry>
-</RegistrySettings>
--- a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/bkupInfo.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/bkupInfo.xml
@@ -1 +0,0 @@
-<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{535d6ef4-51ff-40f0-bc21-076a19ea0caa}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-12-02T21:14:06]]></BackupTime><ID><![CDATA[{F2150233-4B8F-4347-8D70-23D3984D9B78}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst>
--- a/Vagrant/resources/GPO/taskbar_layout/DetectionLabLayout.xml
+++ b/Vagrant/resources/GPO/taskbar_layout/DetectionLabLayout.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LayoutModificationTemplate
+    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
+    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
+    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
+    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
+    Version="1">
+  <CustomTaskbarLayoutCollection PinListPlacement="Replace">
+    <defaultlayout:TaskbarLayout>
+      <taskbar:TaskbarPinList>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk"/>
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk"/>
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk"/>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk" />
+	    <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Autoruns.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Process Monitor.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Process Explorer.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Tcpview.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk" />
+		<taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk" />
+      </taskbar:TaskbarPinList>
+    </defaultlayout:TaskbarLayout>
+  </CustomTaskbarLayoutCollection>
+</LayoutModificationTemplate>
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/Backup.xml
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2296914924-2001082525-608774050-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{093D7A8E-043E-41D0-B0E1-7D633801A96E}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Taskbar Layout]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[262148]]></UserVersionNumber><MachineVersionNumber><![CDATA[131074]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids><![CDATA[ ]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{093D7A8E-043E-41D0-B0E1-7D633801A96E}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/comment.cmtx
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.StartMenu"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/registry.pol
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/registry.pol
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/comment.cmtx
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.StartMenu"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/registry.pol
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/registry.pol
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/bkupInfo.xml
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{093D7A8E-043E-41D0-B0E1-7D633801A96E}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{fcb5ab32-1521-4219-8304-2eaea4a73439}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-12-18T00:53:10]]></BackupTime><ID><![CDATA[{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}]]></ID><Comment><![CDATA[Taskbar Layout]]></Comment><GPODisplayName><![CDATA[Taskbar Layout]]></GPODisplayName></BackupInst>
--- a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/gpreport.xml
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/gpreport.xml
--- a/Vagrant/scripts/configure-taskbar-layout-gpo.ps1
+++ b/Vagrant/scripts/configure-taskbar-layout-gpo.ps1
@@ -0,0 +1,37 @@
+# Purpose: Install the GPO that disables Windows Defender and AMSI
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to set the Taskbar layout..."
+Import-GPO -BackupGpoName 'Taskbar Layout' -Path "c:\vagrant\resources\GPO\taskbar_layout" -TargetName 'Taskbar Layout' -CreateIfNeeded
+
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying layout file to SYSVOL..."
+Copy-Item "c:\vagrant\resources\GPO\taskbar_layout\DetectionLabLayout.xml" "c:\Windows\SYSVOL\domain\scripts\DetectionLabLayout.xml"
+
+$OU = "ou=Domain Controllers,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+    New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+
+$OU = "ou=Workstations,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+    New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+
+$OU = "ou=Servers,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+    New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+gpupdate /force
--- a/Vagrant/scripts/install-sysinternals.ps1
+++ b/Vagrant/scripts/install-sysinternals.ps1
@@ -25,7 +25,9 @@ $procexpPath = "C:\Tools\Sysinternals\procexp64.exe"
 $sysmonPath = "C:\Tools\Sysinternals\Sysmon64.exe"
 $tcpviewPath = "C:\Tools\Sysinternals\Tcpview.exe"
 $sysmonConfigPath = "$sysmonDir\sysmonConfig.xml"
+$shortcutLocation = "$ENV:ALLUSERSPROFILE\Microsoft\Windows\Start Menu\Programs\"

+$WScriptShell = New-Object -ComObject WScript.Shell

 # Microsoft likes TLSv1.2 as well
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -36,6 +38,9 @@ Try {
  Write-Host "HTTPS connection failed. Switching to HTTP :("
  (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Autoruns64.exe', $autorunsPath) 
 }
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Autoruns.lnk")
+$Shortcut.TargetPath = $autorunsPath
+$Shortcut.Save()

 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Procmon.exe..."
 Try { 
@@ -44,6 +49,9 @@ Try {
  Write-Host "HTTPS connection failed. Switching to HTTP :("
  (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Procmon.exe', $procmonPath)
 }
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Process Monitor.lnk")
+$Shortcut.TargetPath = $procmonPath
+$Shortcut.Save()

 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading PsExec64.exe..."
 Try { 
@@ -60,6 +68,9 @@ Try {
  Write-Host "HTTPS connection failed. Switching to HTTP :("
  (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/procexp64.exe', $procexpPath)
 }
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Process Explorer.lnk")
+$Shortcut.TargetPath = $procexpPath
+$Shortcut.Save()

 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Sysmon64.exe..."
 Try { 
@@ -68,6 +79,7 @@ Try {
  Write-Host "HTTPS connection failed. Switching to HTTP :("
  (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Sysmon64.exe', $sysmonPath)
 }
+Copy-Item $sysmonPath $sysmonDir

 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Tcpview.exe..."
 Try { 
@@ -76,7 +88,12 @@ Try {
  Write-Host "HTTPS connection failed. Switching to HTTP :("
  (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Tcpview.exe', $tcpviewPath)
 }
-Copy-Item $sysmonPath $sysmonDir
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Tcpview.lnk")
+$Shortcut.TargetPath = $tcpviewPath
+$Shortcut.Save()
+
+# Restart Explorer so the taskbar shortcuts show up
+Stop-Process -ProcessName explorer -Force

 # Download Olaf Hartongs Sysmon config
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Olaf Hartong's Sysmon config..."
				`@@ -0,0 +1 @@`
				<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{2C55A216-EFB4-4959-8F7B-E049518C4DF2}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{fcb5ab32-1521-4219-8304-2eaea4a73439}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-12-18T01:03:20]]></BackupTime><ID><![CDATA[{01E4A146-C220-48E2-A0F5-9AAF790529F6}]]></ID><Comment><![CDATA[Disable Windows Defender]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst>
				`@@ -1 +0,0 @@`
				<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{87738413-6EB8-4AB6-ABA7-F8DFADB92E11}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{535d6ef4-51ff-40f0-bc21-076a19ea0caa}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2020-12-02T21:14:06]]></BackupTime><ID><![CDATA[{F2150233-4B8F-4347-8D70-23D3984D9B78}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst>