From 6312f4740baeaf50998373e12666a067af60e55d Mon Sep 17 00:00:00 2001 From: Chris Long Date: Tue, 19 May 2020 00:26:19 -0700 Subject: [PATCH] Add Powershell script to resolve expiration issues --- Packer/scripts/install-aws-ena.ps1 | 10 ------- Packer/windows_10.json | 3 +- Terraform/main.tf | 10 +++++-- Vagrant/scripts/fix-windows-expiration.ps1 | 32 ++++++++++++++++++++++ Vagrant/scripts/provision.ps1 | 7 +++-- ci/manual_machine_bootstrap.sh | 4 +-- ci/manual_machine_bootstrap_vmware.sh | 9 ++---- 7 files changed, 48 insertions(+), 27 deletions(-) delete mode 100644 Packer/scripts/install-aws-ena.ps1 create mode 100644 Vagrant/scripts/fix-windows-expiration.ps1 diff --git a/Packer/scripts/install-aws-ena.ps1 b/Packer/scripts/install-aws-ena.ps1 deleted file mode 100644 index 6233815..0000000 --- a/Packer/scripts/install-aws-ena.ps1 +++ /dev/null @@ -1,10 +0,0 @@ -# Installs the AWS Enhanced Networking for Windows - Write-Host "Installing the AWS Enhanced Networking Driver" - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $url="https://s3.amazonaws.com/ec2-windows-drivers-downloads/ENA/Latest/AwsEnaNetworkDriver.zip" - (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\AwsEnaNetworkDriver.zip") - Expand-Archive -Path $env:TEMP\AwsEnaNetworkDriver.zip -DestinationPath $env:TEMP\AwsEnaNetworkDriver -Force - . $env:TEMP\AwsEnaNetworkDriver\install.ps1 - - rm $env:TEMP\AwsEnaNetworkDriver.zip - rm -recurse $env:TEMP\AwsEnaNetworkDriver diff --git a/Packer/windows_10.json b/Packer/windows_10.json index 9f5dce6..15bbdcc 100644 --- a/Packer/windows_10.json +++ b/Packer/windows_10.json @@ -154,8 +154,7 @@ { "type": "powershell", "scripts": [ - "./scripts/debloat-windows.ps1", - "./scripts/install-aws-ena.ps1" + "./scripts/debloat-windows.ps1" ] }, { diff --git a/Terraform/main.tf b/Terraform/main.tf index f57e70a..52fb98e 100644 --- a/Terraform/main.tf +++ b/Terraform/main.tf @@ -207,8 +207,7 @@ resource "aws_instance" "dc" { provisioner "remote-exec" { inline = [ "choco install -force -y winpcap", - "powershell -c \"$ifindex = get-netipinterface | where-object InterfaceAlias -eq 'Ethernet' | where-object AddressFamily -eq 2 | select-object -ExpandProperty ifIndex; set-dnsclientserveraddress -InterfaceIndex $ifindex -ServerAddresses ('127.0.0.1','8.8.8.8')\"", - "ipconfig /all", + "ipconfig /renew", "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.103 wef.windomain.local'\"", ] @@ -242,6 +241,9 @@ resource "aws_instance" "wef" { provisioner "remote-exec" { inline = [ "choco install -force -y winpcap", + "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 dc.windomain.local'\"", + "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 windomain.local'\"", + "ipconfig /renew", ] connection { @@ -274,7 +276,9 @@ resource "aws_instance" "win10" { provisioner "remote-exec" { inline = [ "choco install -force -y winpcap", - "cscript c:\\windows\\system32\\slmgr.vbs /ato", + "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 dc.windomain.local'\"", + "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 windomain.local'\"", + "ipconfig /renew", ] connection { diff --git a/Vagrant/scripts/fix-windows-expiration.ps1 b/Vagrant/scripts/fix-windows-expiration.ps1 new file mode 100644 index 0000000..066e75f --- /dev/null +++ b/Vagrant/scripts/fix-windows-expiration.ps1 @@ -0,0 +1,32 @@ +# Purpose: Re-arms the expiration timer on expiring Windows eval images and fixes activation issues + +# Check to see if there are days left on the timer or if it's just expired +$regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)|grace time expired" +if ($regex.Matches.Value -eq "grace time expired") { + # If it shows expired, it's likely it wasn't properly activated + Write-Host "It appears Windows was not properly activated. Attempting to resolve..." + try { + # The TrustedInstaller service MUST be running for activation to succeed + Set-Service TrustedInstaller -StartupType Automatic + Start-Service TrustedInstaller + Start-Sleep 10 + # Attempt to activate + cscript c:\windows\system32\slmgr.vbs /ato + } catch { + Write-Host "Something went wrong trying to reactivate Windows..." + } + # If activation was successful, the regex should match 90 or 180 (Win10 or Win2016) + $regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)" +} +$days_left = $regex.Matches.Groups[1].Value + +if ($days_left -as [int] -lt 30) { + write-host "Less than 30 days remaining before Windows expiration. Attempting to rearm..." + try { + cscript c:\windows\system32\slmgr.vbs /rearm + } catch { + Write-Host "Something went wrong trying to re-arm the image..." + } +} else { + Write-Host "$days_left days left until expiration, no need to rearm." +} diff --git a/Vagrant/scripts/provision.ps1 b/Vagrant/scripts/provision.ps1 index 2fb4d95..c631b8b 100644 --- a/Vagrant/scripts/provision.ps1 +++ b/Vagrant/scripts/provision.ps1 @@ -7,6 +7,9 @@ $box = $box.ComputerName.ToString().ToLower() Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..." c:\windows\system32\tzutil.exe /s "UTC" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..." +. c:\vagrant\scripts\fix-windows-expiration.ps1 + # Ping DetectionLab server for usage statistics curl -userAgent "DetectionLab-$box" "https://detectionlab.network/$box" -UseBasicParsing | out-null @@ -44,14 +47,12 @@ if ($env:COMPUTERNAME -imatch 'vagrant') { } else { . c:\vagrant\scripts\join-domain.ps1 } - Write-Host -fore red 'Hint: vagrant reload' $box '--provision' - } else { Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!" if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) { - Write-Host 'Install bginfo' + Write-Host 'Installing bginfo...' . c:\vagrant\scripts\install-bginfo.ps1 } diff --git a/ci/manual_machine_bootstrap.sh b/ci/manual_machine_bootstrap.sh index e7ca655..ab8c259 100644 --- a/ci/manual_machine_bootstrap.sh +++ b/ci/manual_machine_bootstrap.sh @@ -40,8 +40,8 @@ sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile # Install Packer mkdir /opt/packer cd /opt/packer || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip -unzip packer_1.4.1_linux_amd64.zip +wget --progress=bar:force https://releases.hashicorp.com/packer/1.5.6/packer_1.5.6_linux_amd64.zip +unzip packer_1.5.6_linux_amd64.zip cp packer /usr/local/bin/packer # Make the Packer images headless diff --git a/ci/manual_machine_bootstrap_vmware.sh b/ci/manual_machine_bootstrap_vmware.sh index eda191c..7f31f3a 100644 --- a/ci/manual_machine_bootstrap_vmware.sh +++ b/ci/manual_machine_bootstrap_vmware.sh @@ -2,11 +2,6 @@ # This script is used to manually prepare an Ubuntu 16.04 server for DetectionLab building -# Put this code in bootstrap.sh -# echo -e " eth1:\n dhcp4: true\n nameservers:\n addresses: [8.8.8.8,8.8.4.4]" >> /etc/netplan/01-netcfg.yaml -# netplan apply -# sed -i 's/nameserver 127.0.0.53/nameserver 8.8.8.8/g' /etc/resolv.conf && chattr +i /etc/resolv.conf - export DEBIAN_FRONTEND=noninteractive export SERIALNUMBER="SECRET" export LICENSEFILE="SECRET" @@ -52,8 +47,8 @@ sed -i 's/v.gui = true/v.gui = false/g' Vagrantfile # Install Packer mkdir /opt/packer cd /opt/packer || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip -unzip packer_1.4.1_linux_amd64.zip +wget --progress=bar:force https://releases.hashicorp.com/packer/1.5.6/packer_1.5.6_linux_amd64.zip +unzip packer_1.5.6_linux_amd64.zip cp packer /usr/local/bin/packer # Make the Packer images headless