trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
54a84b8640641a21004d6696ebb706dfcc757df1
DetectionLab/ESXi/ansible/roles/dc/tasks/main.yml
Chris Long 5084822e84 Break out Ansible tasks
2020-03-23 00:31:09 -07:00

149 lines
4.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
- name: Hostname -> DC
win_hostname:
name: dc
register: res
- name: Reboot
win_reboot:
when: res.reboot_required
- name: Set HostOnly IP Address
win_shell: "New-NetIPAddress InterfaceAlias Ethernet2 AddressFamily IPv4 -IPAddress 192.168.38.102 PrefixLength 24 -DefaultGateway 192.168.38.1"
- name: Set DNS Address
win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet2 -ServerAddresses 127.0.0.1,8.8.8.8"
- name: Install git
win_chocolatey:
name: git
state: present
- name: Check if existing DetectionLab directory
win_stat:
path: 'c:\DetectionLab'
register: dir
- name: Git clone Detectionlab
win_shell: git clone https://github.com/clong/DetectionLab.git
args:
chdir: 'c:\'
when: not dir.stat.exists
- name: Copy scripts to c:\vagrant
win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
- name: Create the Domain
win_shell: .\\provision.ps1
args:
chdir: 'c:\vagrant\scripts'
register: domain_creation
changed_when: "'Status : Success' in domain_creation.stdout"
failed_when: "'Exception' in domain_creation.stderr"
- name: Reboot Afer Domain Creation
win_reboot:
msg: "Installing AD. Rebooting..."
pre_reboot_delay: 15
reboot_timeout: 600
post_reboot_delay: 60
- name: Configure OU
win_shell: .\\configure-ou.ps1
args:
chdir: 'c:\vagrant\scripts'
register: ou_creation
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in ou_creation.stderr"
- debug: msg="{{ ou_creation.stdout_lines }}"
- name: Configure WEF GPO
win_shell: .\\configure-wef-gpo.ps1
args:
chdir: 'c:\vagrant\scripts'
register: wef_gpo
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in wef_gpo.stderr"
- debug: msg="{{ wef_gpo.stdout_lines }}"
- name: Configure Powershell Logging GPO
win_shell: .\\configure-powershelllogging.ps1
args:
chdir: 'c:\vagrant\scripts'
register: powershell_gpo
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in powershell_gpo.stderr"
- debug: msg="{{ powershell_gpo.stdout_lines }}"
- name: Configure Auditing Policy GPO
win_shell: .\\configure-AuditingPolicyGPOs.ps1
args:
chdir: 'c:\vagrant\scripts'
register: audit_policy
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in audit_policy.stderr"
- debug: msg="{{ audit_policy.stdout_lines }}"
- name: Disable Windows Defender GPO
win_shell: .\\configure-disable-windows-defender-gpo.ps1
args:
chdir: 'c:\vagrant\scripts'
register: disable_win_def
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in disable_win_def.stderr"
- debug: msg="{{ disable_win_def.stdout_lines }}"
- name: Configure RDP Permissions GPO
win_shell: .\\configure-rdp-user-gpo.ps1
args:
chdir: 'c:\vagrant\scripts'
register: rdp_gpo
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: windomain.local\vagrant
ansible_become_password: vagrant
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
failed_when: "'Exception' in rdp_gpo.stderr"
- debug: msg="{{ rdp_gpo.stdout_lines }}"
- name: Configure DC with raw Commands
win_shell: "{{ item }}"
with_items:
- "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
Reference in New Issue View Git Blame Copy Permalink