added defender disabling gpo, changed print messages in scripts, logging set domain network

16 files changed, 137 insertions, 76 deletions

diff --git a/ansible/roles/dc01/tasks/main.yaml b/ansible/roles/dc01/tasks/main.yaml
index d9b0b40..472c191 100644
--- a/ansible/roles/dc01/tasks/main.yaml
+++ b/ansible/roles/dc01/tasks/main.yaml
@@ -29,6 +29,9 @@
 - name: execute setup-gpo.ps1 as domain admin
   import_tasks: setup_gpo.yaml
 
+- name: execute setup-defender-gpo.ps1 as domain admin
+  import_tasks: setup_defender_gpo.yaml
+
 - name: reboot after gpo setup
   import_tasks: reboot.yaml
 
diff --git a/ansible/roles/dc01/tasks/setup_defender_gpo.yaml b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml
new file mode 100644
index 0000000..56e7809
--- /dev/null
+++ b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml
@@ -0,0 +1,7 @@
+- name: execute setup-defender-gpo.ps1 as domain admin
+  ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ main_domain_name }}"
+  become: yes
+  become_method: runas
+  become_user: "{{ main_domain_name }}\\Administrator"
+  vars:
+    ansible_become_password: "{{ default_win_password }}"
diff --git a/ansible/roles/proxmox_vm/tasks/set_network.yaml b/ansible/roles/proxmox_vm/tasks/set_network.yaml
index da809d5..5420fc2 100644
--- a/ansible/roles/proxmox_vm/tasks/set_network.yaml
+++ b/ansible/roles/proxmox_vm/tasks/set_network.yaml
@@ -1,6 +1,7 @@
 - name: "{{ fqdn }} : (windows) set up static ip address on"
   win_shell: |
-    Start-Transcript -Path C:\set_domain_network_log.txt -Append
+    New-Item -Path C:\Logs -ItemType Directory -Force
+    Start-Transcript -Path C:\Logs\set_domain_network_log.txt -Append
     Get-NetIpAddress -InterfaceAlias 'Ethernet' | Remove-NetIPAddress -Confirm:$false
     New-NetIPAddress -InterfaceAlias 'Ethernet' -IPAddress "{{ ip }}" -PrefixLength 24 -DefaultGateway "{{ gateway }}"
     Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses "{{ dns }}"
diff --git a/ansible/scripts/dc-wait-for-ready.ps1 b/ansible/scripts/dc-wait-for-ready.ps1
index afdf8ee..246f0a3 100644
--- a/ansible/scripts/dc-wait-for-ready.ps1
+++ b/ansible/scripts/dc-wait-for-ready.ps1
@@ -4,14 +4,14 @@ Start-Transcript -Path $logFile -Append
 
 while ($true) {
     try {
-        Write-Host "[INFO] Checking if domain is ready"
+        Write-Host "[inf] Checking if domain is ready"
         Get-ADDomain
         break
     } catch {
-        Write-Host "[INFO] Sleeping for 60s"
+        Write-Host "[inf] Sleeping for 60s"
         Start-Sleep -Seconds 60
     }
 }
 
-Write-Host "[INFO] Domain is ready"
+Write-Host "[inf] Domain is ready"
 Stop-Transcript
\ No newline at end of file
diff --git a/ansible/scripts/init.ps1 b/ansible/scripts/init.ps1
index d6b9ff7..2a477de 100644
--- a/ansible/scripts/init.ps1
+++ b/ansible/scripts/init.ps1
@@ -2,7 +2,7 @@ New-Item -Path C:\Logs -ItemType Directory -Force
 New-Item -Path C:\BgInfo -ItemType Directory -Force
 New-Item -Path C:\setup -ItemType Directory -Force
 
-Write-Host "[INFO] Disabling password complexity policy"
+Write-Host "[inf] Disabling password complexity policy"
 secedit /export /cfg C:\secpol.cfg
 (Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
 secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
diff --git a/ansible/scripts/populate-ad.ps1 b/ansible/scripts/populate-ad.ps1
index 0b57c77..17801e0 100644
--- a/ansible/scripts/populate-ad.ps1
+++ b/ansible/scripts/populate-ad.ps1
@@ -65,7 +65,7 @@ Function SetAclExtended($for, $to, $right, $extendedRightGUID, $inheritance)
     Set-ADObject $to -Description "$($for | Select-Object -ExpandProperty Name) has $right, $extendedRightGUID on this object"
 }
 
-Write-Host "[INFO] Setting weak NTLM compatibility level"
+Write-Host "[inf] Setting weak NTLM compatibility level"
 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LmCompatibilityLevel" -Value 1 -Force
 
 If (-Not (Get-ADOrganizationalUnit -SearchBase "$DomainNameDN" -Filter "Name -like '$DomainOU'")) {
@@ -98,14 +98,14 @@ ForEach ($user in $users) {
             -PasswordNeverExpires $true
         $created_users += $user
     } catch {
-        Write-Host "[ERR] Failed to create user $user"
+        Write-Host "[err] Failed to create user $user"
     }
 }
 
 Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" }
 Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" }
 
-Write-Host "[INFO] Created users: $($created_users -Join ', ')"
+Write-Host "[inf] Created users: $($created_users -Join ', ')"
 
 $created_computers = @()
 1..20 | % {
@@ -115,12 +115,12 @@ $created_computers = @()
             New-ADComputer -SamAccountName "$server$_" -Name "$server$_" -DNSHostName "$server$_.$DomainName" -Path "OU=$ComputersOU,OU=$DomainOU,$DomainNameDN"
             $created_computers += $server
         } catch {
-            Write-Host "[ERR] Failed to create server $server$_"
+            Write-Host "[err] Failed to create server $server$_"
         }
     }
 }
 
-Write-Host "[INFO] Created computers: $($created_computers -Join ', ')"
+Write-Host "[inf] Created computers: $($created_computers -Join ', ')"
 
 $svc_users = @{
     "svc_mssql01"           = @{"type" = "spn"; "value" = "MSSQLSVC"}
@@ -166,7 +166,7 @@ ForEach ($user in $svc_users.keys) {
 
                 $created_svc_users += "$user ($value/$comp)"
             } catch {
-                Write-Host "[ERR] Failed to create $value/$comp for $user"
+                Write-Host "[err] Failed to create $value/$comp for $user"
             }
         }
         "group" {
@@ -183,13 +183,13 @@ ForEach ($user in $svc_users.keys) {
                 
                 $created_svc_users += "$user ($value)"
             } catch {
-                Write-Host "[ERR] Failed to add $user to $value"
+                Write-Host "[err] Failed to add $user to $value"
             }
         }
     }
 }
 
-Write-Host "[INFO] Created svc users: $($created_svc_users -Join ', ')"
+Write-Host "[inf] Created svc users: $($created_svc_users -Join ', ')"
 
 $dcsync_user = Get-RandomObject -User
 $acl = Get-Acl -Path "AD:$DomainNameDN"
@@ -210,19 +210,19 @@ $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRul
 Set-Acl -Path "AD:$adminsdholder" -AclObject $acl
 Set-ADObject $adminsdholder_user -Description "GenericAll on AdminSDHolder"
 
-Write-Host "[INFO] Configuring anonymous LDAP binding via dsHeuristics for contoso.com"
+Write-Host "[inf] Configuring anonymous LDAP binding via dsHeuristics for contoso.com"
 $rootDSE = Get-ADRootDSE
 $configNC = $rootDSE.ConfigurationNamingContext
 $directoryServicePath = "CN=Directory Service,CN=Windows NT,CN=Services,$configNC"
 $directoryService = Get-ADObject -Identity $directoryServicePath -Properties dsHeuristics
 $currentHeuristics = $directoryService.dsHeuristics
 $newHeuristics = "0000002"
-Write-Host "[INFO] Overwriting dsHeuristics with '0000002'"
+Write-Host "[inf] Overwriting dsHeuristics with '0000002'"
 Set-ADObject -Identity $directoryServicePath `
     -Replace @{"dsHeuristics" = $newHeuristics} `
     -Description "Anonymous LDAP enabled for contoso.com" `
     -ErrorAction Stop
-Write-Host "[INFO] Successfully set dsHeuristics to '$newHeuristics'"
+Write-Host "[inf] Successfully set dsHeuristics to '$newHeuristics'"
 
 Set-ADDomain -Identity $DomainName -Replace @{"ms-DS-MachineAccountQuota"=50}
 
@@ -301,7 +301,7 @@ Set-ADObject -Identity $constrained_delegation_comp1 -Add @{'msDS-AllowedToDeleg
 Set-ADAccountControl -Identity $constrained_delegation_comp1 -TrustedForDelegation $false -TrustedToAuthForDelegation $true
 Set-ADObject $constrained_delegation_comp1 -Description "msDS-AllowedToDelegateTo to $($constrained_delegation_comp2 | Select-Object -ExpandProperty Name)"
 
-Write-Host "[INFO] Created vulnerable ACLs, delegation, and Kerberos configurations"
+Write-Host "[inf] Created vulnerable ACLs, delegation, and Kerberos configurations"
 
 @"
 Domain content
diff --git a/ansible/scripts/setup-adcs.ps1 b/ansible/scripts/setup-adcs.ps1
index 134b9a9..408e7b0 100644
--- a/ansible/scripts/setup-adcs.ps1
+++ b/ansible/scripts/setup-adcs.ps1
@@ -18,9 +18,9 @@ try {
     Install-WindowsFeature -Name ADCS-Web-Enrollment
     Install-WindowsFeature -Name RSAT
 
-    Write-Host "[INFO] Installed ADCS Windows Features"
+    Write-Host "[inf] Installed ADCS Windows Features"
 } catch {
-    Write-Host "[ERR] Failed to install ADCS Windows Features"
+    Write-Host "[err] Failed to install ADCS Windows Features"
 }
 
 try {
@@ -35,16 +35,16 @@ try {
         -CACommonName $CACommonName `
         -Force
 
-    Write-Host "[INFO] Installed ADCS Certification Authority"
+    Write-Host "[inf] Installed ADCS Certification Authority"
 } catch {
-    Write-Host "[ERR] Failed to install ADCS Certification Authority"
+    Write-Host "[err] Failed to install ADCS Certification Authority"
 }
 
 try {
     Install-AdcsWebEnrollment -Force
 
-    Write-Host "[INFO] Installed ADCS Web Enrollment"
+    Write-Host "[inf] Installed ADCS Web Enrollment"
 } catch {
-    Write-Host "[ERR] Failed to install ADCS Web Enrollment"
+    Write-Host "[err] Failed to install ADCS Web Enrollment"
 }
 Stop-Transcript
\ No newline at end of file
diff --git a/ansible/scripts/setup-child-domain.ps1 b/ansible/scripts/setup-child-domain.ps1
index ad23d45..77aead2 100644
--- a/ansible/scripts/setup-child-domain.ps1
+++ b/ansible/scripts/setup-child-domain.ps1
@@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append
 $p = ConvertTo-SecureString $Password -AsPlainText -Force
 $c = New-Object System.Management.Automation.PSCredential("$ParentDomainName\$Username", $p)
 
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
 $computerName = $env:COMPUTERNAME
 $adminPassword = $Password
 $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
 $adminUser.SetPassword($adminPassword)
 
-Write-Host "[INFO] Installing AD-Domain-Services feature"
+Write-Host "[inf] Installing AD-Domain-Services feature"
 Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
 
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
 Import-Module ADDSDeployment
 
 try {
-    Write-Host "[INFO] Installing New Child Domain in Existing Forest"
+    Write-Host "[inf] Installing New Child Domain in Existing Forest"
     Install-ADDSDomain `
         -InstallDns `
         -ParentDomainName $ParentDomainName `
@@ -41,9 +41,9 @@ try {
         -Credential $c `
         -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
 
-    Write-Host "[INFO] Successfully added new child domain: $ChildDomainName"
+    Write-Host "[inf] Successfully added new child domain: $ChildDomainName"
 } catch {
-    Write-Host "[ERR] Failed to add new child domain: $ChildDomainName"
+    Write-Host "[err] Failed to add new child domain: $ChildDomainName"
     Write-Host $_.Exception.Message
 }
 
diff --git a/ansible/scripts/setup-defender-gpo.ps1 b/ansible/scripts/setup-defender-gpo.ps1
new file mode 100644
index 0000000..688949a
--- /dev/null
+++ b/ansible/scripts/setup-defender-gpo.ps1
@@ -0,0 +1,50 @@
+param (
+    [string]$DomainName = "contoso.com"
+)
+
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+Import-Module GroupPolicy -ErrorAction Stop
+
+$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])"
+$DomainUsers = Get-ADGroup "Domain Users" -ErrorAction Stop
+
+$GpoName = "DisableMicrosoftDefender"
+
+try {
+    $GPO = New-GPO -Name $GpoName -Comment "GPO to disable Microsoft Defender in test environment" -ErrorAction Stop
+    Write-Host "[INFO] Created GPO '$GpoName'"
+
+    Set-GPPermission -Name $GPO.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group -ErrorAction Stop
+    Write-Host "[INFO] Set GpoEditDeleteModifySecurity permissions for '$($DomainUsers.Name)' on GPO '$GpoName'"
+
+    $RegistrySettings = @(
+        @{
+            Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"
+            ValueName = "DisableAntiSpyware"
+            Value = 1
+            Type = "DWORD"
+        },
+        @{
+            Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"
+            ValueName = "DisableRealtimeMonitoring"
+            Value = 1
+            Type = "DWORD"
+        }
+    )
+
+    foreach ($Setting in $RegistrySettings) {
+        Set-GPRegistryValue -Name $GpoName -Key $Setting.Key -ValueName $Setting.ValueName -Type $Setting.Type -Value $Setting.Value -ErrorAction Stop
+        Write-Host "[INFO] Set registry value: $($Setting.Key)\$($Setting.ValueName) = $($Setting.Value)"
+    }
+
+    New-GPLink -Name $GPO.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes -ErrorAction Stop
+    Write-Host "[INFO] Created GP link for '$GpoName' on $DomainNameDN"
+}
+catch {
+    Write-Host "[ERR] Failed to configure GPO '$GpoName': $_"
+}
+
+Stop-Transcript
diff --git a/ansible/scripts/setup-gpo.ps1 b/ansible/scripts/setup-gpo.ps1
index 8d0bb5d..f837ffc 100644
--- a/ansible/scripts/setup-gpo.ps1
+++ b/ansible/scripts/setup-gpo.ps1
@@ -13,17 +13,17 @@ try {
     Set-GPPermission -Name $GPO1.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
     Set-GPPermission -Name $GPO2.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
 
-    Write-Host "[INFO] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+    Write-Host "[inf] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
 } catch {
-    Write-Host "[ERR] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+    Write-Host "[err] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
 }
 
 try {
     New-GPLink -Name $GPO1.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
     New-GPLink -Name $GPO2.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
     
-    Write-Host "[INFO] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+    Write-Host "[inf] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
 } catch {
-    Write-Host "[ERR] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+    Write-Host "[err] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
 }
 Stop-Transcript
diff --git a/ansible/scripts/setup-iis.ps1 b/ansible/scripts/setup-iis.ps1
index 1bbe48d..1ebdd82 100644
--- a/ansible/scripts/setup-iis.ps1
+++ b/ansible/scripts/setup-iis.ps1
@@ -19,9 +19,9 @@ try {
     New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
     Restart-WebAppPool -Name "DefaultAppPool"
 
-    Write-Host "[INFO] Created first IIS WebSite, Firewall rule and AppPool"
+    Write-Host "[inf] Created first IIS WebSite, Firewall rule and AppPool"
 } catch {
-    Write-Host "[ERR] Failed to create first IIS WebSite, Firewall rule and AppPool"
+    Write-Host "[err] Failed to create first IIS WebSite, Firewall rule and AppPool"
 }
 
 try {
@@ -30,9 +30,9 @@ try {
     $acl.SetAccessRule($svcIIS03Rule)
     Set-Acl -Path $wwwroot1 -AclObject $acl
 
-    Write-Host "[INFO] Set ACL for $wwwroot1"
+    Write-Host "[inf] Set ACL for $wwwroot1"
 } catch {
-    Write-Host "[ERR] Failed to set ACL for $wwwroot1"
+    Write-Host "[err] Failed to set ACL for $wwwroot1"
 }
 
 @"
@@ -107,9 +107,9 @@ try {
     Set-ItemProperty "IIS:\AppPools\DefaultAppPool2" -Name processModel -Value @{ identityType=2 }
     New-NetFirewallRule -DisplayName "HTTP (8080)" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
 
-    Write-Host "[INFO] Created second IIS WebSite, Firewall rule and AppPool"
+    Write-Host "[inf] Created second IIS WebSite, Firewall rule and AppPool"
 } catch {
-    Write-Host "[ERR] Failed to create second IIS WebSite, Firewall rule and AppPool"
+    Write-Host "[err] Failed to create second IIS WebSite, Firewall rule and AppPool"
 }
 
 try {
@@ -119,9 +119,9 @@ try {
     $acl.SetAccessRule($rule)
     Set-Acl -Path $wwwroot2 -AclObject $acl 
 
-    Write-Host "[INFO] Set ACL for $wwwroot2"
+    Write-Host "[inf] Set ACL for $wwwroot2"
 } catch {
-    Write-Host "[ERR] Failed to set ACL for $wwwroot2"
+    Write-Host "[err] Failed to set ACL for $wwwroot2"
 }
 
 Restart-WebAppPool -Name "DefaultAppPool2"
diff --git a/ansible/scripts/setup-main-domain.ps1 b/ansible/scripts/setup-main-domain.ps1
index 75500ab..770e275 100644
--- a/ansible/scripts/setup-main-domain.ps1
+++ b/ansible/scripts/setup-main-domain.ps1
@@ -10,20 +10,20 @@ Start-Transcript -Path $logFile -Append
 
 $NetBiosName = $DomainName.Split(".")[0].ToUpper()
 
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
 $computerName = $env:COMPUTERNAME
 $adminPassword = "packer"
 $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
 $adminUser.SetPassword($adminPassword)
 
-Write-Host "[INFO] Installing Ad-Domain-Services Windows feature + subfeatures"
+Write-Host "[inf] Installing Ad-Domain-Services Windows feature + subfeatures"
 Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
 
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
 Import-Module ADDSDeployment
 
 try {
-    Write-Host "[INFO] Installing ADDSForest"
+    Write-Host "[inf] Installing ADDSForest"
     Install-ADDSForest `
         -InstallDns `
         -CreateDnsDelegation:$false `
@@ -37,9 +37,9 @@ try {
         -NoRebootOnCompletion `
         -Force `
         -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
-    Write-Host "[INFO] Created Active Directory domain for $DomainName"
+    Write-Host "[inf] Created Active Directory domain for $DomainName"
 } catch {
-    Write-Host "[ERR] Failed to create Active Directory domain for $DomainName"
+    Write-Host "[err] Failed to create Active Directory domain for $DomainName"
     Write-Host $_.Exception.Message
 }
 Stop-Transcript
diff --git a/ansible/scripts/setup-mssql-link.ps1 b/ansible/scripts/setup-mssql-link.ps1
index 8f51058..db1e76c 100644
--- a/ansible/scripts/setup-mssql-link.ps1
+++ b/ansible/scripts/setup-mssql-link.ps1
@@ -11,8 +11,8 @@ try {
     SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc', @optvalue=N'true'"
     SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc out', @optvalue=N'true'"
     SqlCmd -E -Q "EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = N'$LinkServer', @locallogin = NULL , @useself = N'True'"
-    Write-Host "[INFO] Linked $LinkServer to mssql02"
+    Write-Host "[inf] Linked $LinkServer to mssql02"
 } catch {
-    Write-Host "[ERR] Failed to link $LinkServer to mssql02"
+    Write-Host "[err] Failed to link $LinkServer to mssql02"
 }
 Stop-Transcript
\ No newline at end of file
diff --git a/ansible/scripts/setup-mssql.ps1 b/ansible/scripts/setup-mssql.ps1
index 032490f..0be1575 100644
--- a/ansible/scripts/setup-mssql.ps1
+++ b/ansible/scripts/setup-mssql.ps1
@@ -57,16 +57,16 @@ FTSVCACCOUNT="NT Service\MSSQLFDLauncher"
 
 try {
     Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET /HIDEPROGRESSBAR" -Wait
-    Write-Host "[INFO] Installed SQL Server Express"
+    Write-Host "[inf] Installed SQL Server Express"
 } catch {
-    Write-Host "[ERR] Failed to install SQL Server Express"
+    Write-Host "[err] Failed to install SQL Server Express"
 }
 
 try {
     Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" -Force
-    Write-Host "[INFO] Set MSSQL port to 1433"
+    Write-Host "[inf] Set MSSQL port to 1433"
 } catch {
-    Write-Host "[ERR] Failed to set MSSQL port to 1433"
+    Write-Host "[err] Failed to set MSSQL port to 1433"
 }
 
 Restart-Service -Name "MSSQL`$SQLEXPRESS"
@@ -78,11 +78,11 @@ try {
 
     SqlCmd -E -Q "ALTER LOGIN sa ENABLE"
     SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF"
-    Write-Host "[INFO] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
-    Write-Host "[INFO] Enabled SA login"
+    Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+    Write-Host "[inf] Enabled SA login"
 } catch {
-    Write-Host "[ERR] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
-    Write-Host "[ERR] Failed to enable SA login"
+    Write-Host "[err] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+    Write-Host "[err] Failed to enable SA login"
 
 }
 
diff --git a/ansible/scripts/setup-tree-domain.ps1 b/ansible/scripts/setup-tree-domain.ps1
index 0f661a1..d6908c1 100644
--- a/ansible/scripts/setup-tree-domain.ps1
+++ b/ansible/scripts/setup-tree-domain.ps1
@@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append
 $p = ConvertTo-SecureString $Password -AsPlainText -Force
 $c = New-Object System.Management.Automation.PSCredential("$ParentForestRootDomain\$Username", $p)
 
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
 $computerName = $env:COMPUTERNAME
 $adminPassword = $Password
 $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
 $adminUser.SetPassword($adminPassword)
 
-Write-Host "[INFO] Installing AD-Domain-Services feature"
+Write-Host "[inf] Installing AD-Domain-Services feature"
 Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
 
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
 Import-Module ADDSDeployment
 
 try {
-    Write-Host "[INFO] Installing New Tree Domain in Existing Forest"
+    Write-Host "[inf] Installing New Tree Domain in Existing Forest"
     Install-ADDSDomain `
         -InstallDns `
         -ParentDomainName $ParentForestRootDomain `
@@ -41,9 +41,9 @@ try {
         -Credential $c `
         -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
 
-    Write-Host "[INFO] Successfully added new tree domain: $NewTreeDomainName"
+    Write-Host "[inf] Successfully added new tree domain: $NewTreeDomainName"
 } catch {
-    Write-Host "[ERR] Failed to add new tree domain: $NewTreeDomainName"
+    Write-Host "[err] Failed to add new tree domain: $NewTreeDomainName"
     Write-Host $_.Exception.Message
 }
 
diff --git a/ansible/scripts/setup-websql.ps1 b/ansible/scripts/setup-websql.ps1
index 7865091..02e370b 100644
--- a/ansible/scripts/setup-websql.ps1
+++ b/ansible/scripts/setup-websql.ps1
@@ -71,18 +71,18 @@ FTSVCACCOUNT="NT Service\MSSQLFDLauncher"
 
     SqlCmd -E -Q "ALTER LOGIN sa ENABLE"
     SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF"
-    Write-Host "[INFO] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
-    Write-Host "[INFO] Enabled SA login"
+    Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+    Write-Host "[inf] Enabled SA login"
 } catch {
-    Write-Host "[ERR] SQL Server setup failed"
+    Write-Host "[err] SQL Server setup failed"
 }
 
 try {
     Install-WindowsFeature -Name Web-Server -IncludeManagementTools
     Install-WindowsFeature -Name Web-Asp-Net45
-    Write-Host "[INFO] Installed IIS and ASP.NET"
+    Write-Host "[inf] Installed IIS and ASP.NET"
 } catch {
-    Write-Host "[ERR] Failed to install IIS and ASP.NET"
+    Write-Host "[err] Failed to install IIS and ASP.NET"
 }
 
 @"
@@ -150,9 +150,9 @@ try {
     Set-ItemProperty "IIS:\AppPools\DefaultAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3}
     New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
     Restart-WebAppPool -Name "DefaultAppPool"
-    Write-Host "[INFO] Site 1 created on port 80"
+    Write-Host "[inf] Site 1 created on port 80"
 } catch {
-    Write-Host "[ERR] Failed to create site 1"
+    Write-Host "[err] Failed to create site 1"
 }
 
 try {
@@ -160,9 +160,9 @@ try {
     $acl = Get-Acl $wwwroot1
     $acl.SetAccessRule($svcRule)
     Set-Acl -Path $wwwroot1 -AclObject $acl
-    Write-Host "[INFO] ACL set for $wwwroot1"
+    Write-Host "[inf] ACL set for $wwwroot1"
 } catch {
-    Write-Host "[ERR] Failed to set ACL for $wwwroot1"
+    Write-Host "[err] Failed to set ACL for $wwwroot1"
 }
 
 try {
@@ -176,9 +176,9 @@ try {
     $acl.SetAccessRule($rule)
     Set-Acl -Path $wwwroot2 -AclObject $acl
     Restart-WebAppPool -Name "DefaultAppPool2"
-    Write-Host "[INFO] Site 2 created on port 8080"
+    Write-Host "[inf] Site 2 created on port 8080"
 } catch {
-    Write-Host "[ERR] Failed to create site 2"
+    Write-Host "[err] Failed to create site 2"
 }
 
 try {
@@ -250,9 +250,9 @@ try {
 "@ | Out-File "$wwwroot3\sqlquery.aspx" -Force
 
     Restart-WebAppPool -Name "SqlQueryAppPool"
-    Write-Host "[INFO] Site 3 created on port 9090 with SQL query page"
+    Write-Host "[inf] Site 3 created on port 9090 with SQL query page"
 } catch {
-    Write-Host "[ERR] Failed to create SQL query site"
+    Write-Host "[err] Failed to create SQL query site"
 }
 
 Stop-Transcript