81 lines
4.9 KiB
PowerShell
Executable File
81 lines
4.9 KiB
PowerShell
Executable File
# Purpose: Joins a Windows host to the windomain.local domain which was created with "create-domain.ps1".
|
|
# Source: https://github.com/StefanScherer/adfs2
|
|
|
|
$hostsFile = "c:\Windows\System32\drivers\etc\hosts"
|
|
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
|
|
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
|
|
$newDNSServers = "192.168.38.102"
|
|
$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.38."}
|
|
# Don't do this in Azure. If the network adatper description contains "Hyper-V", this won't apply changes.
|
|
# Specify the DC as a WINS server to help with connectivity as well
|
|
$adapters | ForEach-Object {if (!($_.Description).Contains("Hyper-V")) {$_.SetDNSServerSearchOrder($newDNSServers); $_.SetWINSServer($newDNSServers, "")}}
|
|
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..."
|
|
$hostname = $(hostname)
|
|
$user = "windomain.local\vagrant"
|
|
$pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force
|
|
$DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
|
|
|
|
# Place the computer in the correct OU based on hostname
|
|
If ($hostname -eq "wef") {
|
|
Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru
|
|
# Attempt to fix Issue #517
|
|
Set-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control' -Name 'WaitToKillServiceTimeout' -Value '500' -Type String -Force -ea SilentlyContinue
|
|
New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Desktop' -Name 'AutoEndTasks' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue
|
|
Set-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control\SessionManager\Power' -Name 'HiberbootEnabled' -Value 0 -Type DWord -Force -ea SilentlyContinue
|
|
} ElseIf ($hostname -eq "win10") {
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
|
|
Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Workstations,dc=windomain,dc=local"
|
|
} Else {
|
|
Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru
|
|
}
|
|
|
|
# Stop Windows Update
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling Windows Updates and Windows Module Services"
|
|
Set-Service wuauserv -StartupType Disabled
|
|
Stop-Service wuauserv
|
|
Set-Service TrustedInstaller -StartupType Disabled
|
|
Stop-Service TrustedInstaller
|
|
|
|
# Uninstall Windows Defender from WEF
|
|
# This command isn't supported on WIN10
|
|
If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction SilentlyContinue).status -eq 'Running') {
|
|
# Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201)
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Uninstalling Windows Defender..."
|
|
Try {
|
|
Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop
|
|
Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop
|
|
} Catch {
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..."
|
|
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) We'll try again during install-red-team.ps1"
|
|
}
|
|
}
|
|
|
|
# Disable a bunch of Defender related registry keys for Win10
|
|
# Source: https://gist.github.com/vestjoe/f1d829e81883b880b970ff171fd8ceec
|
|
if ((Get-CimInstance -ClassName CIM_OperatingSystem).Caption -like "Microsoft Windows 10*") {
|
|
# Turn Off Windows Defender
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
|
|
|
|
# Cloud-protection level
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v MpCloudBlockLevel /t REG_DWORD /d 0 /f
|
|
|
|
# Disabling 'Join Microsoft MAPS'
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpynetReporting /t REG_DWORD /d 0 /f
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 0 /f
|
|
|
|
# Disable Bypassing Windows Defender SmartScreen Prompts for Sites in Microsoft Edge
|
|
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v PreventOverride /t REG_DWORD /d 0 /f
|
|
|
|
# Disable “Publisher Could Not Be Verified” Messages to .exe , .dll , .bat files
|
|
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v LowRiskFileTypes /t REG_SZ /d ".exe;.dll;.bat" /f
|
|
|
|
# Tamper Features
|
|
REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v TamperProtection /t REG_DWORD /d 0 /f
|
|
}
|