Adding more code for Exchange

Vagrant/Vagrantfile

@@ -1,3 +1,5 @@
+build_exchange = false
+
 Vagrant.configure("2") do |config|
 
   config.vm.define "logger" do |cfg|
@@ -180,6 +182,67 @@ Vagrant.configure("2") do |config|
     end
   end
 
+  if build_exchange
+    config.vm.define "exchange" do |cfg|
+      cfg.vm.box = "detectionlab/win2016"
+      cfg.vm.hostname = "exchange"
+      cfg.vm.boot_timeout = 600
+      cfg.vm.communicator = "winrm"
+      cfg.winrm.basic_auth_only = true
+      cfg.winrm.timeout = 300
+      cfg.winrm.retry_limit = 20
+      cfg.vm.network :private_network, ip: "192.168.38.106", gateway: "192.168.38.1", dns: "192.168.38.102"
+
+      cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.106 -dns 8.8.8.8 -gateway 192.168.38.1" 
+      cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+      cfg.vm.provision "reload"
+      cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
+      cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false 
+      cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
+      cfg.vm.provision "shell", inline: 'cscript c:\windows\system32\slmgr.vbs /dlv', privileged: false
+
+      cfg.vm.provider "vmware_desktop" do |v, override|
+        v.vmx["displayname"] = "exchange.windomain.local"
+        v.memory = 8192
+        v.cpus = 4
+        v.gui = true
+        v.enable_vmrun_ip_lookup = false
+      end
+
+      cfg.vm.provider "virtualbox" do |vb, override|
+        vb.gui = true
+        vb.name = "exchange.windomain.local"
+        vb.default_nic_type = "82545EM"
+        vb.customize ["modifyvm", :id, "--memory", 8192]
+        vb.customize ["modifyvm", :id, "--cpus", 4]
+        vb.customize ["modifyvm", :id, "--vram", "32"]
+        vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
+        vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+        vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
+      end
+
+      cfg.vm.provider "libvirt" do |lv, override|
+        lv.graphics_type = "spice"
+        lv.video_type = "qxl"
+        lv.input :type => "tablet", :bus => "usb"
+        override.vm.box = "../Boxes/windows_2016_libvirt.box"
+        lv.video_vram = 32768
+        lv.memory = 8192
+        lv.cpus = 4
+        override.vm.synced_folder '.', '/', type: 'winrm' 
+      end
+    end
+  end
+
   config.vm.define "win10" do |cfg|
     cfg.vm.box = "detectionlab/win10"
     cfg.vm.hostname = "win10"

Vagrant/logger_bootstrap.sh

@@ -160,6 +160,7 @@ install_splunk() {
     /opt/splunk/bin/splunk add index suricata -auth 'admin:changeme'
     /opt/splunk/bin/splunk add index threathunting -auth 'admin:changeme'
     /opt/splunk/bin/splunk add index evtx_attack_samples -auth 'admin:changeme'
+    /opt/splunk/bin/splunk add index msexchange -auth 'admin:changeme'
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_700.tgz -auth 'admin:changeme'
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/splunk-add-on-for-microsoft-sysmon_1062.tgz -auth 'admin:changeme'
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/asn-lookup-generator_110.tgz -auth 'admin:changeme'

Vagrant/resources/guacamole/user-mapping.xml

@@ -18,6 +18,16 @@
             <param name="ignore-cert">true</param>
         </connection>
 
+        <connection name="exchange">
+            <protocol>rdp</protocol>
+            <param name="hostname">192.168.38.106</param>
+            <param name="port">3389</param>
+            <param name="username">vagrant</param>
+            <param name="password">vagrant</param>
+            <param name="security">nla</param>
+            <param name="ignore-cert">true</param>
+        </connection>
+
         <connection name="win10">
             <protocol>rdp</protocol>
             <param name="hostname">192.168.38.104</param>

Vagrant/scripts/install-exchange.ps1

@@ -37,6 +37,12 @@ If ($physicalMemory -lt 8000000000) {
     }
 }
 
+# Gotta temporarily re-enable these services
+Set-Service TrustedInstaller -StartupType Automatic
+Start-Service TrustedInstaller
+Set-Service wuauserv -StartupType Automatic
+Start-Service wuauserv
+
 If (-not(Test-Path c:\exchange_prereqs_complete.txt)) {
     Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Beginning installation of prerequisites..."
     # Install Prerequisites 
@@ -49,11 +55,6 @@ If (-not(Test-Path c:\exchange_prereqs_complete.txt)) {
 
     If ((Get-WindowsOptionalFeature -Online -FeatureName "RSAT-AD-Tools-Feature").State -ne "Enabled") {
         Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing a bunch of items from Microsoft Optional Components..."
-        # Gotta temporarily re-enable these services
-        Set-Service TrustedInstaller -StartupType Automatic
-        Start-Service TrustedInstaller
-        Set-Service wuauserv -StartupType Automatic
-        Start-Service wuauserv
         Install-WindowsFeature `
             NET-Framework-45-Features,
             RPC-over-HTTP-proxy,
@@ -153,6 +154,10 @@ If (-not(Test-Path c:\exchange_prereqs_complete.txt)) {
     # Create a file so this script knows to skip pre-req installation upon next run.
     New-Item -Path "c:\exchange_prereqs_complete.txt" -ItemType "file"
     Write-Host "A reboot is required to continue installation of exchange."
+    Write-Host "Rebooting in 3 seconds..."
+    Start-Sleep -Seconds 3
+    shutdown /r /t 1
+    
     # $reboot = Read-Host "Would you like to reboot now? [y/n]"
     # If ($reboot -eq "y") {
     #     Write-Host "Rebooting in 3 seconds..."
@@ -200,7 +205,7 @@ If (-not (Test-Path "E:\Setup.EXE")) {
 
 <# If (Test-Path "E:\Setup.exe") {
     Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/PrepareSchema", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait
-    Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/PrepareAD", "/OrganizationName:`"Detection Lab`"", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait
+    Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/PrepareAD", "/OrganizationName: DetectionLab", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait
     Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/Mode:Install", "/Role:Mailbox", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait
 }
 Else {