diff options
20 files changed, 515 insertions, 41 deletions
diff --git a/ansible/main.yaml b/ansible/main.yaml index f3e6013..4e84f2e 100644 --- a/ansible/main.yaml +++ b/ansible/main.yaml @@ -6,57 +6,115 @@ include_role: name: proxmox_vm vars: - os_type: "windows" - template: "{{ windows_server_template_name }}" - id: "{{ windows_server_template_id }}" - vm: "{{ main_dc01_hostname }}.{{ main_domain_name }}" - newid: "{{ main_dc01_vmid }}" - vmid: "{{ main_dc01_vmid }}" - ip: "{{ main_dc01_ip_address }}" - gateway: "{{ network_gateway }}" - dns: "8.8.8.8" - hostname: "{{ main_dc01_hostname }}" - domain: "{{ main_domain_name }}" - fqdn: "{{ main_dc01_hostname }}.{{ main_domain_name }}" + os_type : "windows" + template : "{{ windows_server_template_name }}" + id : "{{ windows_server_template_id }}" + vm : "{{ main_dc01_hostname }}.{{ main_domain_name }}" + newid : "{{ main_dc01_vmid }}" + vmid : "{{ main_dc01_vmid }}" + ip : "{{ main_dc01_ip_address }}" + gateway : "{{ network_gateway }}" + dns : "8.8.8.8" + hostname : "{{ main_dc01_hostname }}" + domain : "{{ main_domain_name }}" + fqdn : "{{ main_dc01_hostname }}.{{ main_domain_name }}" - name: "add {{ main_dc01_hostname }}.{{ main_domain_name }} to in-memory inventory" add_host: - name: "{{ main_dc01_hostname }}.{{ main_domain_name }}" - ansible_host: "{{ main_dc01_ip_address }}" - ansible_connection: "{{ win_connector }}" - ansible_user: "{{ default_win_username }}" - ansible_password: "{{ default_win_password }}" - ansible_port: "{{ win_port }}" - ansible_winrm_transport: basic + name : "{{ main_dc01_hostname }}.{{ main_domain_name }}" + ansible_host : "{{ main_dc01_ip_address }}" + ansible_connection : "{{ win_connector }}" + ansible_user : "{{ default_win_username }}" + ansible_password : "{{ default_win_password }}" + ansible_port : "{{ win_port }}" + ansible_winrm_transport : basic ansible_winrm_server_cert_validation: ignore changed_when: false - + - name: "deploy {{ main_linux_srv01_hostname }}.{{ main_domain_name }} vm on {{ proxmox_hostname }}" include_role: name: proxmox_vm vars: - os_type: "linux" - template: "{{ linux_server_template_name }}" - id: "{{ linux_server_template_id }}" - vm: "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" - newid: "{{ main_linux_srv01_vmid }}" - vmid: "{{ main_linux_srv01_vmid }}" - ip: "{{ main_linux_srv01_ip_address }}" - gateway: "{{ network_gateway }}" - dns: "{{ main_dc01_ip_address }}" - hostname: "{{ main_linux_srv01_hostname }}" - domain: "{{ main_domain_name }}" - fqdn: "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" - + os_type : "linux" + template : "{{ linux_server_template_name }}" + id : "{{ linux_server_template_id }}" + vm : "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" + newid : "{{ main_linux_srv01_vmid }}" + vmid : "{{ main_linux_srv01_vmid }}" + ip : "{{ main_linux_srv01_ip_address }}" + gateway : "{{ network_gateway }}" + dns : "{{ main_dc01_ip_address }}" + hostname : "{{ main_linux_srv01_hostname }}" + domain : "{{ main_domain_name }}" + fqdn : "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" + - name: "add {{ main_linux_srv01_hostname }}.{{ main_domain_name }} to in-memory inventory" add_host: - name: "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" - ansible_host: "{{ main_linux_srv01_ip_address }}" - ansible_connection: "{{ linux_connector }}" - ansible_user: "{{ default_linux_username }}" - ansible_password: "{{ default_linux_password }}" - ansible_port: "{{ linux_port }}" - ansible_host_key_checking: false + name : "{{ main_linux_srv01_hostname }}.{{ main_domain_name }}" + ansible_host : "{{ main_linux_srv01_ip_address }}" + ansible_connection : "{{ linux_connector }}" + ansible_user : "{{ default_linux_username }}" + ansible_password : "{{ default_linux_password }}" + ansible_port : "{{ linux_port }}" + ansible_host_key_checking : false + changed_when: false + + - name: "deploy {{ main_adcs01_hostname }}.{{ main_domain_name }} vm on {{ proxmox_hostname }}" + include_role: + name: proxmox_vm + vars: + os_type : "windows" + template : "{{ windows_server_template_name }}" + id : "{{ windows_server_template_id }}" + vm : "{{ main_adcs01_hostname }}.{{ main_domain_name }}" + newid : "{{ main_adcs01_vmid }}" + vmid : "{{ main_adcs01_vmid }}" + ip : "{{ main_adcs01_ip_address }}" + gateway : "{{ network_gateway }}" + dns : "{{ main_dc01_ip_address }}" + hostname : "{{ main_adcs01_hostname }}" + domain : "{{ main_domain_name }}" + fqdn : "{{ main_adcs01_hostname }}.{{ main_domain_name }}" + + - name: "add {{ main_adcs01_hostname }}.{{ main_domain_name }} to in-memory inventory" + add_host: + name : "{{ main_adcs01_hostname }}.{{ main_domain_name }}" + ansible_host : "{{ main_adcs01_ip_address }}" + ansible_connection : "{{ win_connector }}" + ansible_user : "{{ default_win_username }}" + ansible_password : "{{ default_win_password }}" + ansible_port : "{{ win_port }}" + ansible_winrm_transport : basic + ansible_winrm_server_cert_validation: ignore + changed_when: false + + - name: "deploy {{ main_mssql01_hostname }}.{{ main_domain_name }} vm on {{ proxmox_hostname }}" + include_role: + name: proxmox_vm + vars: + os_type : "windows" + template : "{{ windows_server_template_name }}" + id : "{{ windows_server_template_id }}" + vm : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" + newid : "{{ main_mssql01_vmid }}" + vmid : "{{ main_mssql01_vmid }}" + ip : "{{ main_mssql01_ip_address }}" + gateway : "{{ network_gateway }}" + dns : "{{ main_dc01_ip_address }}" + hostname : "{{ main_mssql01_hostname }}" + domain : "{{ main_domain_name }}" + fqdn : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" + + - name: "add {{ main_mssql01_hostname }}.{{ main_domain_name }} to in-memory inventory" + add_host: + name : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" + ansible_host : "{{ main_mssql01_ip_address }}" + ansible_connection : "{{ win_connector }}" + ansible_user : "{{ default_win_username }}" + ansible_password : "{{ default_win_password }}" + ansible_port : "{{ win_port }}" + ansible_winrm_transport : basic + ansible_winrm_server_cert_validation: ignore changed_when: false - name: configure hosts @@ -73,3 +131,12 @@ name: srv01 when: inventory_hostname == main_linux_srv01_hostname + '.' + main_domain_name + - name: "configure {{ main_adcs01_hostname }}.{{ main_domain_name }}" + include_role: + name: adcs01 + when: inventory_hostname == main_adcs01_hostname + '.' + main_domain_name + + - name: "configure {{ main_mssql01_hostname }}.{{ main_domain_name }}" + include_role: + name: mssql01 + when: inventory_hostname == main_mssql01_hostname + '.' + main_domain_name diff --git a/ansible/roles/adcs01/tasks/cleanup.yaml b/ansible/roles/adcs01/tasks/cleanup.yaml new file mode 100644 index 0000000..0e59407 --- /dev/null +++ b/ansible/roles/adcs01/tasks/cleanup.yaml @@ -0,0 +1,3 @@ +- name: execute cleanup.ps1 + ansible.windows.win_powershell: + script: C:\scripts\cleanup.ps1 diff --git a/ansible/roles/adcs01/tasks/init.yaml b/ansible/roles/adcs01/tasks/init.yaml new file mode 100644 index 0000000..418bb5d --- /dev/null +++ b/ansible/roles/adcs01/tasks/init.yaml @@ -0,0 +1,18 @@ +- name: execute init.ps1 + ansible.windows.win_powershell: + script: C:\scripts\init.ps1 + +- name: create C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate + win_file: + path: C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate + state: directory + +- name: upload ADCSTemplate module + ansible.builtin.copy: + src: ../../../files/adcs/ADCSTemplate + dest: C:\Program Files\WindowsPowerShell\Modules\ADCSTemplate + +- name: upload adcs templates + ansible.builtin.copy: + src: ../../../files/adcs/templates + dest: C:\setup diff --git a/ansible/roles/adcs01/tasks/install_software.yaml b/ansible/roles/adcs01/tasks/install_software.yaml new file mode 100644 index 0000000..a5018a8 --- /dev/null +++ b/ansible/roles/adcs01/tasks/install_software.yaml @@ -0,0 +1,3 @@ +- name: execute install-software.ps1 + ansible.windows.win_powershell: + script: C:\scripts\install-software.ps1 diff --git a/ansible/roles/adcs01/tasks/join_domain.yaml b/ansible/roles/adcs01/tasks/join_domain.yaml new file mode 100644 index 0000000..6736ba2 --- /dev/null +++ b/ansible/roles/adcs01/tasks/join_domain.yaml @@ -0,0 +1,13 @@ +- name: join domain + ansible.windows.win_domain_membership: + dns_domain_name: "{{ main_domain_name }}" + domain_admin_user: "{{ main_domain_name }}\\Administrator" + domain_admin_password: "{{ default_win_password }}" + state: domain + register: domain_state + +- name: reboot + win_reboot: + reboot_timeout: 3600 + when: domain_state.reboot_required + diff --git a/ansible/roles/adcs01/tasks/main.yaml b/ansible/roles/adcs01/tasks/main.yaml new file mode 100644 index 0000000..e3f8923 --- /dev/null +++ b/ansible/roles/adcs01/tasks/main.yaml @@ -0,0 +1,40 @@ +- name: wait for winrm to be available + ansible.builtin.wait_for: + host: "{{ ansible_host }}" + port: "{{ ansible_port }}" + timeout: 300 + delegate_to: localhost + +- name: execute init.ps1 + import_tasks: init.yaml + +- name: set hostname + import_tasks: set_hostname.yaml + +- name: reboot after hostname change + import_tasks: reboot.yaml + +- name: join domain and reboot + import_tasks: join_domain.yaml + +- name: execute setup-adcs.ps1 + import_tasks: setup_adcs.yaml + +- name: reboot after adcs setup + import_tasks: reboot.yaml + +- name: pause 5 minutes for adcs setup to complete + pause: + minutes: 5 + +- name: execute setup-adcs-esc.ps1 + import_tasks: setup_adcs_esc.yaml + +- name: reboot after adcs esc setup + import_tasks: reboot.yaml + +- name: execute install-software.ps1 + import_tasks: install_software.yaml + +- name: execute cleanup.ps1 + import_tasks: cleanup.yaml diff --git a/ansible/roles/adcs01/tasks/reboot.yaml b/ansible/roles/adcs01/tasks/reboot.yaml new file mode 100644 index 0000000..a7266d0 --- /dev/null +++ b/ansible/roles/adcs01/tasks/reboot.yaml @@ -0,0 +1,3 @@ +- name: reboot + win_reboot: + reboot_timeout: 3600 diff --git a/ansible/roles/adcs01/tasks/set_hostname.yaml b/ansible/roles/adcs01/tasks/set_hostname.yaml new file mode 100644 index 0000000..141268d --- /dev/null +++ b/ansible/roles/adcs01/tasks/set_hostname.yaml @@ -0,0 +1,2 @@ +- name: set hostname + win_shell: Rename-Computer -NewName "{{ main_adcs01_hostname }}" -Force diff --git a/ansible/roles/adcs01/tasks/setup_adcs.yaml b/ansible/roles/adcs01/tasks/setup_adcs.yaml new file mode 100644 index 0000000..9c6140e --- /dev/null +++ b/ansible/roles/adcs01/tasks/setup_adcs.yaml @@ -0,0 +1,7 @@ +- name: setup adcs + ansible.windows.win_powershell: + script: C:\scripts\setup-adcs.ps1 + parameters: + DomainName: "{{ main_domain_name }}" + Username: "Administrator" + Password: "{{ default_win_password }}" diff --git a/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml b/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml new file mode 100644 index 0000000..352d698 --- /dev/null +++ b/ansible/roles/adcs01/tasks/setup_adcs_esc.yaml @@ -0,0 +1,8 @@ +- name: setup adcs templates + win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-adcs-esc.ps1 -DomainName "{{ main_domain_name }}" + become: yes + become_method: runas + become_user: "{{ main_domain_name }}\\Administrator" + vars: + ansible_become_password: "{{ default_win_password }}" + diff --git a/ansible/roles/dc01/tasks/set_hostname.yaml b/ansible/roles/dc01/tasks/set_hostname.yaml index 5ad01b2..282d0cd 100644 --- a/ansible/roles/dc01/tasks/set_hostname.yaml +++ b/ansible/roles/dc01/tasks/set_hostname.yaml @@ -1,2 +1,2 @@ - name: set hostname - ansible.windows.win_shell: Rename-Computer -NewName "{{ main_dc01_hostname }}" -Force + win_shell: Rename-Computer -NewName "{{ main_dc01_hostname }}" -Force diff --git a/ansible/roles/mssql01/tasks/cleanup.yaml b/ansible/roles/mssql01/tasks/cleanup.yaml new file mode 100644 index 0000000..0e59407 --- /dev/null +++ b/ansible/roles/mssql01/tasks/cleanup.yaml @@ -0,0 +1,3 @@ +- name: execute cleanup.ps1 + ansible.windows.win_powershell: + script: C:\scripts\cleanup.ps1 diff --git a/ansible/roles/mssql01/tasks/init.yaml b/ansible/roles/mssql01/tasks/init.yaml new file mode 100644 index 0000000..a75d6cc --- /dev/null +++ b/ansible/roles/mssql01/tasks/init.yaml @@ -0,0 +1,9 @@ +- name: execute init.ps1 + ansible.windows.win_powershell: + script: C:\scripts\init.ps1 + +- name: copy mssql installer + ansible.builtin.copy: + src: files/SQL2019-SSEI-Expr.exe + dest: C:\setup\SQL2019-SSEI-Expr.exe + diff --git a/ansible/roles/mssql01/tasks/install_software.yaml b/ansible/roles/mssql01/tasks/install_software.yaml new file mode 100644 index 0000000..a5018a8 --- /dev/null +++ b/ansible/roles/mssql01/tasks/install_software.yaml @@ -0,0 +1,3 @@ +- name: execute install-software.ps1 + ansible.windows.win_powershell: + script: C:\scripts\install-software.ps1 diff --git a/ansible/roles/mssql01/tasks/join_domain.yaml b/ansible/roles/mssql01/tasks/join_domain.yaml new file mode 100644 index 0000000..6736ba2 --- /dev/null +++ b/ansible/roles/mssql01/tasks/join_domain.yaml @@ -0,0 +1,13 @@ +- name: join domain + ansible.windows.win_domain_membership: + dns_domain_name: "{{ main_domain_name }}" + domain_admin_user: "{{ main_domain_name }}\\Administrator" + domain_admin_password: "{{ default_win_password }}" + state: domain + register: domain_state + +- name: reboot + win_reboot: + reboot_timeout: 3600 + when: domain_state.reboot_required + diff --git a/ansible/roles/mssql01/tasks/main.yaml b/ansible/roles/mssql01/tasks/main.yaml new file mode 100644 index 0000000..3822369 --- /dev/null +++ b/ansible/roles/mssql01/tasks/main.yaml @@ -0,0 +1,34 @@ +- name: wait for winrm to be available + ansible.builtin.wait_for: + host: "{{ ansible_host }}" + port: "{{ ansible_port }}" + timeout: 300 + delegate_to: localhost + +- name: execute init.ps1 + import_tasks: init.yaml + +- name: set hostname + import_tasks: set_hostname.yaml + +- name: reboot after hostname change + import_tasks: reboot.yaml + +- name: join domain and reboot + import_tasks: join_domain.yaml + +- name: execute setup-mssql.ps1 + import_tasks: setup_mssql.yaml + +- name: reboot after mssql setup + import_tasks: reboot.yaml + +- name: pause 5 minutes for mssql setup to complete + pause: + minutes: 5 + +- name: execute install-software.ps1 + import_tasks: install_software.yaml + +- name: execute cleanup.ps1 + import_tasks: cleanup.yaml diff --git a/ansible/roles/mssql01/tasks/reboot.yaml b/ansible/roles/mssql01/tasks/reboot.yaml new file mode 100644 index 0000000..a7266d0 --- /dev/null +++ b/ansible/roles/mssql01/tasks/reboot.yaml @@ -0,0 +1,3 @@ +- name: reboot + win_reboot: + reboot_timeout: 3600 diff --git a/ansible/roles/mssql01/tasks/set_hostname.yaml b/ansible/roles/mssql01/tasks/set_hostname.yaml new file mode 100644 index 0000000..de974a4 --- /dev/null +++ b/ansible/roles/mssql01/tasks/set_hostname.yaml @@ -0,0 +1,2 @@ +- name: set hostname + win_shell: Rename-Computer -NewName "{{ main_mssql01_hostname }}" -Force diff --git a/ansible/roles/mssql01/tasks/setup_mssql.yaml b/ansible/roles/mssql01/tasks/setup_mssql.yaml new file mode 100644 index 0000000..4602242 --- /dev/null +++ b/ansible/roles/mssql01/tasks/setup_mssql.yaml @@ -0,0 +1,7 @@ +- name: setup mssql + ansible.windows.win_powershell: + script: C:\scripts\setup-mssql.ps1 + parameters: + DomainName: "{{ main_domain_name }}" + SvcUsername: svc_mssql01 + SvcPassword: "{{ default_win_svc_password }}" diff --git a/ansible/scripts/setup-websql.ps1 b/ansible/scripts/setup-websql.ps1 new file mode 100644 index 0000000..9f5db5c --- /dev/null +++ b/ansible/scripts/setup-websql.ps1 @@ -0,0 +1,236 @@ +param ( + [string]$DomainName = "contoso.com", + [string]$SvcUsername = "svc_websql01", + [string]$SvcPassword = "Svc1234!" +) + +$scriptName = $MyInvocation.MyCommand.Name +$logFile = "C:\Logs\${scriptName}_log.txt" +$NetBiosName = $DomainName.Split(".")[0].ToUpper() +$wwwroot1 = "C:\inetpub\wwwroot" +$wwwroot2 = "C:\inetpub\wwwroot2" +$wwwroot3 = "C:\inetpub\wwwroot3" + +Start-Transcript -Path $logFile -Append + +# --- IIS Setup --- +try { + Install-WindowsFeature -Name Web-Server -IncludeManagementTools + Install-WindowsFeature -Name Web-Asp-Net45 + Write-Host "[INFO] Installed IIS and ASP.NET" +} catch { + Write-Host "[ERR] Failed to install IIS and ASP.NET" +} + +# Upload form content +@" +using System; +using System.IO; +using System.Web.UI; + +public partial class UploadPage : Page +{ + protected void UploadFile(object sender, EventArgs e) + { + if (fileUpload.PostedFile != null && fileUpload.PostedFile.ContentLength > 0) + { + try + { + string filename = Path.GetFileName(fileUpload.PostedFile.FileName); + fileUpload.PostedFile.SaveAs(Server.MapPath(filename)); + lblMessage.Text = "File uploaded successfully!"; + } + catch (Exception ex) + { + lblMessage.Text = "Error: " + ex.Message; + } + } + else + { + lblMessage.Text = "Please select a file to upload."; + } + } +} +"@ | Out-File "$wwwroot1\upload.aspx.cs" -Force + +@" +<%@ Page Language="C#" AutoEventWireup="true" CodeFile="upload.aspx.cs" Inherits="UploadPage" %> +<!DOCTYPE html> +<html> +<head><title>File Upload Page</title></head> +<body> + <form id="form1" runat="server"> + <div> + <input type="file" id="fileUpload" runat="server" /> + <br /> + <asp:Button ID="btnUpload" runat="server" Text="Upload" OnClick="UploadFile" /> + <br /> + <asp:Label ID="lblMessage" runat="server" Text=""></asp:Label> + </div> + </form> +</body> +</html> +"@ | Out-File "$wwwroot1\upload.aspx" -Force + +@" +<?xml version="1.0"?> +<configuration> + <system.web> + <compilation debug="true" targetFramework="4.5"/> + <httpRuntime targetFramework="4.5"/> + <customErrors mode="Off"/> + </system.web> +</configuration> +"@ | Out-File "$wwwroot1\Web.config" -Force + +# Default site - port 80 +try { + New-WebSite -Name "MyASPXSite" -Port 80 -PhysicalPath $wwwroot1 -ApplicationPool "DefaultAppPool" + Set-ItemProperty "IIS:\AppPools\DefaultAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3} + New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow + Restart-WebAppPool -Name "DefaultAppPool" + Write-Host "[INFO] Site 1 created on port 80" +} catch { + Write-Host "[ERR] Failed to create site 1" +} + +# ACLs for wwwroot1 +try { + $svcRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$DomainName\$SvcUsername", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow") + $acl = Get-Acl $wwwroot1 + $acl.SetAccessRule($svcRule) + Set-Acl -Path $wwwroot1 -AclObject $acl + Write-Host "[INFO] ACL set for $wwwroot1" +} catch { + Write-Host "[ERR] Failed to set ACL for $wwwroot1" +} + +# Second site - port 8080 +try { + Copy-Item $wwwroot1 -Destination $wwwroot2 -Recurse -Force + New-WebAppPool -Name "DefaultAppPool2" + New-WebSite -Name "MyASPXSite2" -Port 8080 -PhysicalPath $wwwroot2 -ApplicationPool "DefaultAppPool2" + Set-ItemProperty "IIS:\AppPools\DefaultAppPool2" -Name processModel -Value @{identityType=2} + New-NetFirewallRule -DisplayName "HTTP (8080)" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow + $acl = Get-Acl $wwwroot2 + $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow") + $acl.SetAccessRule($rule) + Set-Acl -Path $wwwroot2 -AclObject $acl + Restart-WebAppPool -Name "DefaultAppPool2" + Write-Host "[INFO] Site 2 created on port 8080" +} catch { + Write-Host "[ERR] Failed to create site 2" +} + +# SQL Server Express setup +try { + New-Item -Path "C:\setup\media" -ItemType "Directory" -Force + @" +;SQL Server Configuration File +[OPTIONS] +IACCEPTSQLSERVERLICENSETERMS="True" +ACTION="Install" +ENU="True" +QUIET="True" +FEATURES=SQLENGINE,FULLTEXT +INSTANCENAME="SQLEXPRESS" +SQLSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE" +SQLSYSADMINACCOUNTS="BUILTIN\Administrators" +ADDCURRENTUSERASSQLADMIN="True" +TCPENABLED="1" +NPENABLED="0" +SAPWD="$SvcPassword" +"@ | Out-File "C:\setup\sql_conf.ini" + + Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET" -Wait + Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" + Restart-Service -Name "MSSQL`$SQLEXPRESS" + New-NetFirewallRule -DisplayName "SQLServer 1433" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow + + $env:Path += ";C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn" + SqlCmd -E -Q "CREATE LOGIN [$NetBiosName\$SvcUsername] FROM WINDOWS" + SqlCmd -E -Q "SP_ADDSRVROLEMEMBER '$NetBiosName\$SvcUsername', 'SYSADMIN'" + SqlCmd -E -Q "ALTER LOGIN sa ENABLE" + SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF" + Write-Host "[INFO] SQL Server installed/configured" +} catch { + Write-Host "[ERR] SQL Server setup failed" +} + +# Third site - port 9090 with upload + SQL query page +try { + Copy-Item $wwwroot1 -Destination $wwwroot3 -Recurse -Force + New-WebAppPool -Name "SqlQueryAppPool" + New-WebSite -Name "SqlQuerySite" -Port 9090 -PhysicalPath $wwwroot3 -ApplicationPool "SqlQueryAppPool" + Set-ItemProperty "IIS:\AppPools\SqlQueryAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3} + New-NetFirewallRule -DisplayName "HTTP (9090)" -Direction Inbound -Protocol TCP -LocalPort 9090 -Action Allow + + # SQL Query Page + @" +<%@ Page Language="C#" Debug="true" %> +<%@ Import Namespace="System.Data" %> +<%@ Import Namespace="System.Data.SqlClient" %> +<script runat="server"> + protected void Page_Load(object sender, EventArgs e) + { + if (IsPostBack) + { + string query = txtQuery.Value; + + string connStr = "Server=localhost\\SQLEXPRESS;Database=master;Integrated Security=true;"; + using (SqlConnection conn = new SqlConnection(connStr)) + { + try + { + conn.Open(); + SqlCommand cmd = new SqlCommand(query, conn); + SqlDataAdapter da = new SqlDataAdapter(cmd); + DataTable dt = new DataTable(); + da.Fill(dt); + + litResults.Text = "<table border='1'><tr>"; + foreach (DataColumn col in dt.Columns) + { + litResults.Text += $"<th>{col.ColumnName}</th>"; + } + litResults.Text += "</tr>"; + + foreach (DataRow row in dt.Rows) + { + litResults.Text += "<tr>"; + foreach (var item in row.ItemArray) + { + litResults.Text += $"<td>{item}</td>"; + } + litResults.Text += "</tr>"; + } + litResults.Text += "</table>"; + } + catch (Exception ex) + { + litResults.Text = "<span style='color:red;'>Error: " + ex.Message + "</span>"; + } + } + } + } +</script> +<html> +<head><title>SQL Query Tester</title></head> +<body> + <h2>Enter a SQL Query</h2> + <form id="form1" runat="server"> + <textarea id="txtQuery" runat="server" rows="5" cols="80">SELECT GETDATE()</textarea><br /><br /> + <asp:Button ID="btnRun" runat="server" Text="Run Query" OnClick="Page_Load" /><br /><br /> + <asp:Literal ID="litResults" runat="server" /> + </form> +</body> +</html> +"@ | Out-File "$wwwroot3\sqlquery.aspx" -Force + + Restart-WebAppPool -Name "SqlQueryAppPool" + Write-Host "[INFO] Site 3 created on port 9090 with SQL query page" +} catch { + Write-Host "[ERR] Failed to create SQL query site" +} + +Stop-Transcript |