trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #222 from clong/configure_ou

Browse Source 
Change order of configure-ou.ps1
This commit is contained in:
Chris Long
2019-03-25 15:03:52 +07:00
committed by GitHub
parent bf2913f8d2 f656b82db4
commit f500818a23
3 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Vagrant/scripts/configure-ou.ps1
View File

@@ -1,6 +1,19 @@
# Purpose: Sets up the Server and Workstations OUs # Purpose: Sets up the Server and Workstations OUs
Write-Host "Checking AD services status..."
$svcs = "adws","dns","kdc","netlogon"
Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status
# Hardcoding DC hostname in hosts file
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.102 dc.windomain.local"
# Force DNS resolution of the domain
ping /n 1 dc.windomain.local
ping /n 1 windomain.local
Write-Host "Creating Server and Workstation OUs..." Write-Host "Creating Server and Workstation OUs..."
Write-Host "Creating Servers OU..." Write-Host "Creating Servers OU..."
if (!([ADSI]::Exists("LDAP://OU=Servers,DC=windomain,DC=local"))) if (!([ADSI]::Exists("LDAP://OU=Servers,DC=windomain,DC=local")))
{ {
New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local" New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local"
@@ -9,6 +22,7 @@ else
{ {
Write-Host "Servers OU already exists. Moving On." Write-Host "Servers OU already exists. Moving On."
} }
Write-Host "Creating Workstations OU" Write-Host "Creating Workstations OU"
if (!([ADSI]::Exists("LDAP://OU=Workstations,DC=windomain,DC=local"))) if (!([ADSI]::Exists("LDAP://OU=Workstations,DC=windomain,DC=local")))
{ {
@@ -18,6 +32,7 @@ else
{ {
Write-Host "Workstations OU already exists. Moving On." Write-Host "Workstations OU already exists. Moving On."
} }
# Sysprep breaks auto-login. Let's restore it here: # Sysprep breaks auto-login. Let's restore it here:
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1 Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant" Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"

12
Vagrant/scripts/configure-wef-gpo.ps1
View File

@@ -4,7 +4,7 @@ $GPOName = 'Windows Event Forwarding Server'
Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded
$gpLinks = $null $gpLinks = $null
$OU = "OU=Servers,dc=windomain,dc=local" $OU = "OU=Servers,dc=windomain,dc=local"
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {
@@ -14,7 +14,7 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
} }
$OU = "ou=Domain Controllers,dc=windomain,dc=local" $OU = "ou=Domain Controllers,dc=windomain,dc=local"
$gpLinks = $null $gpLinks = $null
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {
@@ -24,7 +24,7 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
} }
$OU = "ou=Workstations,dc=windomain,dc=local" $OU = "ou=Workstations,dc=windomain,dc=local"
$gpLinks = $null $gpLinks = $null
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {
@@ -39,7 +39,7 @@ $GPOName = 'Custom Event Channel Permissions'
Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded
$gpLinks = $null $gpLinks = $null
$OU = "OU=Servers,dc=windomain,dc=local" $OU = "OU=Servers,dc=windomain,dc=local"
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {
@@ -50,7 +50,7 @@ else
Write-Host "GpLink $GPOName already linked on $OU. Moving On." Write-Host "GpLink $GPOName already linked on $OU. Moving On."
} }
$OU = "ou=Domain Controllers,dc=windomain,dc=local" $OU = "ou=Domain Controllers,dc=windomain,dc=local"
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {
@@ -61,7 +61,7 @@ else
Write-Host "GpLink $GPOName already linked on $OU. Moving On." Write-Host "GpLink $GPOName already linked on $OU. Moving On."
} }
$OU = "ou=Workstations,dc=windomain,dc=local" $OU = "ou=Workstations,dc=windomain,dc=local"
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name $GPOName $GPO = Get-GPO -Name $GPOName
If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
{ {

2
Vagrant/scripts/create-domain.ps1
View File

@@ -45,7 +45,7 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) {
-SysvolPath "C:\Windows\SYSVOL" ` -SysvolPath "C:\Windows\SYSVOL" `
-Force:$true -Force:$true
$newDNSServers = "8.8.8.8", "4.4.4.4" $newDNSServers = "127.0.0.1", "8.8.8.8", "4.4.4.4"
$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) } $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
if ($adapters) { if ($adapters) {
Write-Host Setting DNS Write-Host Setting DNS