DetectionLab/ESXi/ansible/roles/dc/tasks/main.yml

---

- name: Hostname -> DC
  win_hostname:
    name: dc
  register: res

- name: Reboot
  win_reboot:
  when: res.reboot_required

- name: Set HostOnly IP Address
  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.102'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B1-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.102 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"

- name: Set DNS Address
  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B1-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 127.0.0.1,8.8.8.8"

- name: Install git
  win_chocolatey:
    name: git
    state: present

- name: Check if existing DetectionLab directory
  win_stat:
    path: 'c:\DetectionLab'
  register: dir

- name: Git clone Detectionlab
  win_shell: git clone https://github.com/clong/DetectionLab.git
  args:
    chdir: 'c:\'
  when: not dir.stat.exists

- name: Copy scripts to c:\vagrant
  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant

- name: Create the Domain
  win_shell: .\\provision.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: domain_creation
  changed_when: "'Status         : Success' in domain_creation.stdout"
  failed_when: "'Exception' in domain_creation.stderr"

- name: Reboot Afer Domain Creation
  win_reboot:
    msg: "Installing AD. Rebooting..."
    pre_reboot_delay: 15
    reboot_timeout: 600
    post_reboot_delay: 60

- name: Configure OU
  win_shell: .\\configure-ou.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: ou_creation
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in ou_creation.stderr"

- debug: msg="{{ ou_creation.stdout_lines }}"

- name: Configure WEF GPO
  win_shell: .\\configure-wef-gpo.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: wef_gpo
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in wef_gpo.stderr"

- debug: msg="{{ wef_gpo.stdout_lines }}"

- name: Configure Powershell Logging GPO
  win_shell: .\\configure-powershelllogging.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: powershell_gpo
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in powershell_gpo.stderr"

- debug: msg="{{ powershell_gpo.stdout_lines }}"

- name: Configure Auditing Policy GPO
  win_shell: .\\configure-AuditingPolicyGPOs.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: audit_policy
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in audit_policy.stderr"

- debug: msg="{{ audit_policy.stdout_lines }}"

- name: Disable Windows Defender GPO
  win_shell: .\\configure-disable-windows-defender-gpo.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: disable_win_def
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in disable_win_def.stderr"

- debug: msg="{{ disable_win_def.stdout_lines }}"

- name: Configure RDP Permissions GPO
  win_shell: .\\configure-rdp-user-gpo.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: rdp_gpo
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in rdp_gpo.stderr"

- debug: msg="{{ rdp_gpo.stdout_lines }}"

- name: Configure Taskbar Layout GPO
  win_shell: .\\configure-taskbar-layout-gpo.ps1
  args:
    chdir: 'c:\vagrant\scripts'
  register: taskbar_gpo
  vars:
    ansible_become: yes
    ansible_become_method: runas
    ansible_become_user: windomain.local\vagrant
    ansible_become_password: vagrant
    ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  failed_when: "'Exception' in taskbar_gpo.stderr"

- debug: msg="{{ taskbar_gpo.stdout_lines }}"

- name: Configure DC with raw Commands
  win_shell: "{{ item }}"
  with_items:
    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"