summaryrefslogtreecommitdiff
path: root/ansible/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/scripts')
-rw-r--r--ansible/scripts/dc-wait-for-ready.ps16
-rw-r--r--ansible/scripts/init.ps12
-rw-r--r--ansible/scripts/populate-ad.ps124
-rw-r--r--ansible/scripts/setup-adcs.ps112
-rw-r--r--ansible/scripts/setup-child-domain.ps112
-rw-r--r--ansible/scripts/setup-defender-gpo.ps150
-rw-r--r--ansible/scripts/setup-gpo.ps18
-rw-r--r--ansible/scripts/setup-iis.ps116
-rw-r--r--ansible/scripts/setup-main-domain.ps112
-rw-r--r--ansible/scripts/setup-mssql-link.ps14
-rw-r--r--ansible/scripts/setup-mssql.ps116
-rw-r--r--ansible/scripts/setup-tree-domain.ps112
-rw-r--r--ansible/scripts/setup-websql.ps1258
13 files changed, 370 insertions, 62 deletions
diff --git a/ansible/scripts/dc-wait-for-ready.ps1 b/ansible/scripts/dc-wait-for-ready.ps1
index afdf8ee..246f0a3 100644
--- a/ansible/scripts/dc-wait-for-ready.ps1
+++ b/ansible/scripts/dc-wait-for-ready.ps1
@@ -4,14 +4,14 @@ Start-Transcript -Path $logFile -Append
while ($true) {
try {
- Write-Host "[INFO] Checking if domain is ready"
+ Write-Host "[inf] Checking if domain is ready"
Get-ADDomain
break
} catch {
- Write-Host "[INFO] Sleeping for 60s"
+ Write-Host "[inf] Sleeping for 60s"
Start-Sleep -Seconds 60
}
}
-Write-Host "[INFO] Domain is ready"
+Write-Host "[inf] Domain is ready"
Stop-Transcript \ No newline at end of file
diff --git a/ansible/scripts/init.ps1 b/ansible/scripts/init.ps1
index d6b9ff7..2a477de 100644
--- a/ansible/scripts/init.ps1
+++ b/ansible/scripts/init.ps1
@@ -2,7 +2,7 @@ New-Item -Path C:\Logs -ItemType Directory -Force
New-Item -Path C:\BgInfo -ItemType Directory -Force
New-Item -Path C:\setup -ItemType Directory -Force
-Write-Host "[INFO] Disabling password complexity policy"
+Write-Host "[inf] Disabling password complexity policy"
secedit /export /cfg C:\secpol.cfg
(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
diff --git a/ansible/scripts/populate-ad.ps1 b/ansible/scripts/populate-ad.ps1
index 0b57c77..17801e0 100644
--- a/ansible/scripts/populate-ad.ps1
+++ b/ansible/scripts/populate-ad.ps1
@@ -65,7 +65,7 @@ Function SetAclExtended($for, $to, $right, $extendedRightGUID, $inheritance)
Set-ADObject $to -Description "$($for | Select-Object -ExpandProperty Name) has $right, $extendedRightGUID on this object"
}
-Write-Host "[INFO] Setting weak NTLM compatibility level"
+Write-Host "[inf] Setting weak NTLM compatibility level"
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LmCompatibilityLevel" -Value 1 -Force
If (-Not (Get-ADOrganizationalUnit -SearchBase "$DomainNameDN" -Filter "Name -like '$DomainOU'")) {
@@ -98,14 +98,14 @@ ForEach ($user in $users) {
-PasswordNeverExpires $true
$created_users += $user
} catch {
- Write-Host "[ERR] Failed to create user $user"
+ Write-Host "[err] Failed to create user $user"
}
}
Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" }
Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" }
-Write-Host "[INFO] Created users: $($created_users -Join ', ')"
+Write-Host "[inf] Created users: $($created_users -Join ', ')"
$created_computers = @()
1..20 | % {
@@ -115,12 +115,12 @@ $created_computers = @()
New-ADComputer -SamAccountName "$server$_" -Name "$server$_" -DNSHostName "$server$_.$DomainName" -Path "OU=$ComputersOU,OU=$DomainOU,$DomainNameDN"
$created_computers += $server
} catch {
- Write-Host "[ERR] Failed to create server $server$_"
+ Write-Host "[err] Failed to create server $server$_"
}
}
}
-Write-Host "[INFO] Created computers: $($created_computers -Join ', ')"
+Write-Host "[inf] Created computers: $($created_computers -Join ', ')"
$svc_users = @{
"svc_mssql01" = @{"type" = "spn"; "value" = "MSSQLSVC"}
@@ -166,7 +166,7 @@ ForEach ($user in $svc_users.keys) {
$created_svc_users += "$user ($value/$comp)"
} catch {
- Write-Host "[ERR] Failed to create $value/$comp for $user"
+ Write-Host "[err] Failed to create $value/$comp for $user"
}
}
"group" {
@@ -183,13 +183,13 @@ ForEach ($user in $svc_users.keys) {
$created_svc_users += "$user ($value)"
} catch {
- Write-Host "[ERR] Failed to add $user to $value"
+ Write-Host "[err] Failed to add $user to $value"
}
}
}
}
-Write-Host "[INFO] Created svc users: $($created_svc_users -Join ', ')"
+Write-Host "[inf] Created svc users: $($created_svc_users -Join ', ')"
$dcsync_user = Get-RandomObject -User
$acl = Get-Acl -Path "AD:$DomainNameDN"
@@ -210,19 +210,19 @@ $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRul
Set-Acl -Path "AD:$adminsdholder" -AclObject $acl
Set-ADObject $adminsdholder_user -Description "GenericAll on AdminSDHolder"
-Write-Host "[INFO] Configuring anonymous LDAP binding via dsHeuristics for contoso.com"
+Write-Host "[inf] Configuring anonymous LDAP binding via dsHeuristics for contoso.com"
$rootDSE = Get-ADRootDSE
$configNC = $rootDSE.ConfigurationNamingContext
$directoryServicePath = "CN=Directory Service,CN=Windows NT,CN=Services,$configNC"
$directoryService = Get-ADObject -Identity $directoryServicePath -Properties dsHeuristics
$currentHeuristics = $directoryService.dsHeuristics
$newHeuristics = "0000002"
-Write-Host "[INFO] Overwriting dsHeuristics with '0000002'"
+Write-Host "[inf] Overwriting dsHeuristics with '0000002'"
Set-ADObject -Identity $directoryServicePath `
-Replace @{"dsHeuristics" = $newHeuristics} `
-Description "Anonymous LDAP enabled for contoso.com" `
-ErrorAction Stop
-Write-Host "[INFO] Successfully set dsHeuristics to '$newHeuristics'"
+Write-Host "[inf] Successfully set dsHeuristics to '$newHeuristics'"
Set-ADDomain -Identity $DomainName -Replace @{"ms-DS-MachineAccountQuota"=50}
@@ -301,7 +301,7 @@ Set-ADObject -Identity $constrained_delegation_comp1 -Add @{'msDS-AllowedToDeleg
Set-ADAccountControl -Identity $constrained_delegation_comp1 -TrustedForDelegation $false -TrustedToAuthForDelegation $true
Set-ADObject $constrained_delegation_comp1 -Description "msDS-AllowedToDelegateTo to $($constrained_delegation_comp2 | Select-Object -ExpandProperty Name)"
-Write-Host "[INFO] Created vulnerable ACLs, delegation, and Kerberos configurations"
+Write-Host "[inf] Created vulnerable ACLs, delegation, and Kerberos configurations"
@"
Domain content
diff --git a/ansible/scripts/setup-adcs.ps1 b/ansible/scripts/setup-adcs.ps1
index 134b9a9..408e7b0 100644
--- a/ansible/scripts/setup-adcs.ps1
+++ b/ansible/scripts/setup-adcs.ps1
@@ -18,9 +18,9 @@ try {
Install-WindowsFeature -Name ADCS-Web-Enrollment
Install-WindowsFeature -Name RSAT
- Write-Host "[INFO] Installed ADCS Windows Features"
+ Write-Host "[inf] Installed ADCS Windows Features"
} catch {
- Write-Host "[ERR] Failed to install ADCS Windows Features"
+ Write-Host "[err] Failed to install ADCS Windows Features"
}
try {
@@ -35,16 +35,16 @@ try {
-CACommonName $CACommonName `
-Force
- Write-Host "[INFO] Installed ADCS Certification Authority"
+ Write-Host "[inf] Installed ADCS Certification Authority"
} catch {
- Write-Host "[ERR] Failed to install ADCS Certification Authority"
+ Write-Host "[err] Failed to install ADCS Certification Authority"
}
try {
Install-AdcsWebEnrollment -Force
- Write-Host "[INFO] Installed ADCS Web Enrollment"
+ Write-Host "[inf] Installed ADCS Web Enrollment"
} catch {
- Write-Host "[ERR] Failed to install ADCS Web Enrollment"
+ Write-Host "[err] Failed to install ADCS Web Enrollment"
}
Stop-Transcript \ No newline at end of file
diff --git a/ansible/scripts/setup-child-domain.ps1 b/ansible/scripts/setup-child-domain.ps1
index ad23d45..77aead2 100644
--- a/ansible/scripts/setup-child-domain.ps1
+++ b/ansible/scripts/setup-child-domain.ps1
@@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append
$p = ConvertTo-SecureString $Password -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential("$ParentDomainName\$Username", $p)
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
$computerName = $env:COMPUTERNAME
$adminPassword = $Password
$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
$adminUser.SetPassword($adminPassword)
-Write-Host "[INFO] Installing AD-Domain-Services feature"
+Write-Host "[inf] Installing AD-Domain-Services feature"
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
Import-Module ADDSDeployment
try {
- Write-Host "[INFO] Installing New Child Domain in Existing Forest"
+ Write-Host "[inf] Installing New Child Domain in Existing Forest"
Install-ADDSDomain `
-InstallDns `
-ParentDomainName $ParentDomainName `
@@ -41,9 +41,9 @@ try {
-Credential $c `
-SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
- Write-Host "[INFO] Successfully added new child domain: $ChildDomainName"
+ Write-Host "[inf] Successfully added new child domain: $ChildDomainName"
} catch {
- Write-Host "[ERR] Failed to add new child domain: $ChildDomainName"
+ Write-Host "[err] Failed to add new child domain: $ChildDomainName"
Write-Host $_.Exception.Message
}
diff --git a/ansible/scripts/setup-defender-gpo.ps1 b/ansible/scripts/setup-defender-gpo.ps1
new file mode 100644
index 0000000..688949a
--- /dev/null
+++ b/ansible/scripts/setup-defender-gpo.ps1
@@ -0,0 +1,50 @@
+param (
+ [string]$DomainName = "contoso.com"
+)
+
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+Import-Module GroupPolicy -ErrorAction Stop
+
+$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])"
+$DomainUsers = Get-ADGroup "Domain Users" -ErrorAction Stop
+
+$GpoName = "DisableMicrosoftDefender"
+
+try {
+ $GPO = New-GPO -Name $GpoName -Comment "GPO to disable Microsoft Defender in test environment" -ErrorAction Stop
+ Write-Host "[INFO] Created GPO '$GpoName'"
+
+ Set-GPPermission -Name $GPO.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group -ErrorAction Stop
+ Write-Host "[INFO] Set GpoEditDeleteModifySecurity permissions for '$($DomainUsers.Name)' on GPO '$GpoName'"
+
+ $RegistrySettings = @(
+ @{
+ Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"
+ ValueName = "DisableAntiSpyware"
+ Value = 1
+ Type = "DWORD"
+ },
+ @{
+ Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"
+ ValueName = "DisableRealtimeMonitoring"
+ Value = 1
+ Type = "DWORD"
+ }
+ )
+
+ foreach ($Setting in $RegistrySettings) {
+ Set-GPRegistryValue -Name $GpoName -Key $Setting.Key -ValueName $Setting.ValueName -Type $Setting.Type -Value $Setting.Value -ErrorAction Stop
+ Write-Host "[INFO] Set registry value: $($Setting.Key)\$($Setting.ValueName) = $($Setting.Value)"
+ }
+
+ New-GPLink -Name $GPO.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes -ErrorAction Stop
+ Write-Host "[INFO] Created GP link for '$GpoName' on $DomainNameDN"
+}
+catch {
+ Write-Host "[ERR] Failed to configure GPO '$GpoName': $_"
+}
+
+Stop-Transcript
diff --git a/ansible/scripts/setup-gpo.ps1 b/ansible/scripts/setup-gpo.ps1
index 8d0bb5d..f837ffc 100644
--- a/ansible/scripts/setup-gpo.ps1
+++ b/ansible/scripts/setup-gpo.ps1
@@ -13,17 +13,17 @@ try {
Set-GPPermission -Name $GPO1.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
Set-GPPermission -Name $GPO2.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
- Write-Host "[INFO] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+ Write-Host "[inf] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
} catch {
- Write-Host "[ERR] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+ Write-Host "[err] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
}
try {
New-GPLink -Name $GPO1.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
New-GPLink -Name $GPO2.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
- Write-Host "[INFO] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+ Write-Host "[inf] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
} catch {
- Write-Host "[ERR] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+ Write-Host "[err] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
}
Stop-Transcript
diff --git a/ansible/scripts/setup-iis.ps1 b/ansible/scripts/setup-iis.ps1
index 1bbe48d..1ebdd82 100644
--- a/ansible/scripts/setup-iis.ps1
+++ b/ansible/scripts/setup-iis.ps1
@@ -19,9 +19,9 @@ try {
New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
Restart-WebAppPool -Name "DefaultAppPool"
- Write-Host "[INFO] Created first IIS WebSite, Firewall rule and AppPool"
+ Write-Host "[inf] Created first IIS WebSite, Firewall rule and AppPool"
} catch {
- Write-Host "[ERR] Failed to create first IIS WebSite, Firewall rule and AppPool"
+ Write-Host "[err] Failed to create first IIS WebSite, Firewall rule and AppPool"
}
try {
@@ -30,9 +30,9 @@ try {
$acl.SetAccessRule($svcIIS03Rule)
Set-Acl -Path $wwwroot1 -AclObject $acl
- Write-Host "[INFO] Set ACL for $wwwroot1"
+ Write-Host "[inf] Set ACL for $wwwroot1"
} catch {
- Write-Host "[ERR] Failed to set ACL for $wwwroot1"
+ Write-Host "[err] Failed to set ACL for $wwwroot1"
}
@"
@@ -107,9 +107,9 @@ try {
Set-ItemProperty "IIS:\AppPools\DefaultAppPool2" -Name processModel -Value @{ identityType=2 }
New-NetFirewallRule -DisplayName "HTTP (8080)" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
- Write-Host "[INFO] Created second IIS WebSite, Firewall rule and AppPool"
+ Write-Host "[inf] Created second IIS WebSite, Firewall rule and AppPool"
} catch {
- Write-Host "[ERR] Failed to create second IIS WebSite, Firewall rule and AppPool"
+ Write-Host "[err] Failed to create second IIS WebSite, Firewall rule and AppPool"
}
try {
@@ -119,9 +119,9 @@ try {
$acl.SetAccessRule($rule)
Set-Acl -Path $wwwroot2 -AclObject $acl
- Write-Host "[INFO] Set ACL for $wwwroot2"
+ Write-Host "[inf] Set ACL for $wwwroot2"
} catch {
- Write-Host "[ERR] Failed to set ACL for $wwwroot2"
+ Write-Host "[err] Failed to set ACL for $wwwroot2"
}
Restart-WebAppPool -Name "DefaultAppPool2"
diff --git a/ansible/scripts/setup-main-domain.ps1 b/ansible/scripts/setup-main-domain.ps1
index 75500ab..770e275 100644
--- a/ansible/scripts/setup-main-domain.ps1
+++ b/ansible/scripts/setup-main-domain.ps1
@@ -10,20 +10,20 @@ Start-Transcript -Path $logFile -Append
$NetBiosName = $DomainName.Split(".")[0].ToUpper()
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
$computerName = $env:COMPUTERNAME
$adminPassword = "packer"
$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
$adminUser.SetPassword($adminPassword)
-Write-Host "[INFO] Installing Ad-Domain-Services Windows feature + subfeatures"
+Write-Host "[inf] Installing Ad-Domain-Services Windows feature + subfeatures"
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
Import-Module ADDSDeployment
try {
- Write-Host "[INFO] Installing ADDSForest"
+ Write-Host "[inf] Installing ADDSForest"
Install-ADDSForest `
-InstallDns `
-CreateDnsDelegation:$false `
@@ -37,9 +37,9 @@ try {
-NoRebootOnCompletion `
-Force `
-SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
- Write-Host "[INFO] Created Active Directory domain for $DomainName"
+ Write-Host "[inf] Created Active Directory domain for $DomainName"
} catch {
- Write-Host "[ERR] Failed to create Active Directory domain for $DomainName"
+ Write-Host "[err] Failed to create Active Directory domain for $DomainName"
Write-Host $_.Exception.Message
}
Stop-Transcript
diff --git a/ansible/scripts/setup-mssql-link.ps1 b/ansible/scripts/setup-mssql-link.ps1
index 8f51058..db1e76c 100644
--- a/ansible/scripts/setup-mssql-link.ps1
+++ b/ansible/scripts/setup-mssql-link.ps1
@@ -11,8 +11,8 @@ try {
SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc', @optvalue=N'true'"
SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc out', @optvalue=N'true'"
SqlCmd -E -Q "EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = N'$LinkServer', @locallogin = NULL , @useself = N'True'"
- Write-Host "[INFO] Linked $LinkServer to mssql02"
+ Write-Host "[inf] Linked $LinkServer to mssql02"
} catch {
- Write-Host "[ERR] Failed to link $LinkServer to mssql02"
+ Write-Host "[err] Failed to link $LinkServer to mssql02"
}
Stop-Transcript \ No newline at end of file
diff --git a/ansible/scripts/setup-mssql.ps1 b/ansible/scripts/setup-mssql.ps1
index 032490f..0be1575 100644
--- a/ansible/scripts/setup-mssql.ps1
+++ b/ansible/scripts/setup-mssql.ps1
@@ -57,16 +57,16 @@ FTSVCACCOUNT="NT Service\MSSQLFDLauncher"
try {
Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET /HIDEPROGRESSBAR" -Wait
- Write-Host "[INFO] Installed SQL Server Express"
+ Write-Host "[inf] Installed SQL Server Express"
} catch {
- Write-Host "[ERR] Failed to install SQL Server Express"
+ Write-Host "[err] Failed to install SQL Server Express"
}
try {
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" -Force
- Write-Host "[INFO] Set MSSQL port to 1433"
+ Write-Host "[inf] Set MSSQL port to 1433"
} catch {
- Write-Host "[ERR] Failed to set MSSQL port to 1433"
+ Write-Host "[err] Failed to set MSSQL port to 1433"
}
Restart-Service -Name "MSSQL`$SQLEXPRESS"
@@ -78,11 +78,11 @@ try {
SqlCmd -E -Q "ALTER LOGIN sa ENABLE"
SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF"
- Write-Host "[INFO] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
- Write-Host "[INFO] Enabled SA login"
+ Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+ Write-Host "[inf] Enabled SA login"
} catch {
- Write-Host "[ERR] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
- Write-Host "[ERR] Failed to enable SA login"
+ Write-Host "[err] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+ Write-Host "[err] Failed to enable SA login"
}
diff --git a/ansible/scripts/setup-tree-domain.ps1 b/ansible/scripts/setup-tree-domain.ps1
index 0f661a1..d6908c1 100644
--- a/ansible/scripts/setup-tree-domain.ps1
+++ b/ansible/scripts/setup-tree-domain.ps1
@@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append
$p = ConvertTo-SecureString $Password -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential("$ParentForestRootDomain\$Username", $p)
-Write-Host "[INFO] Setting Administrator password"
+Write-Host "[inf] Setting Administrator password"
$computerName = $env:COMPUTERNAME
$adminPassword = $Password
$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
$adminUser.SetPassword($adminPassword)
-Write-Host "[INFO] Installing AD-Domain-Services feature"
+Write-Host "[inf] Installing AD-Domain-Services feature"
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-Write-Host "[INFO] Importing ADDSDeployment module"
+Write-Host "[inf] Importing ADDSDeployment module"
Import-Module ADDSDeployment
try {
- Write-Host "[INFO] Installing New Tree Domain in Existing Forest"
+ Write-Host "[inf] Installing New Tree Domain in Existing Forest"
Install-ADDSDomain `
-InstallDns `
-ParentDomainName $ParentForestRootDomain `
@@ -41,9 +41,9 @@ try {
-Credential $c `
-SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword")
- Write-Host "[INFO] Successfully added new tree domain: $NewTreeDomainName"
+ Write-Host "[inf] Successfully added new tree domain: $NewTreeDomainName"
} catch {
- Write-Host "[ERR] Failed to add new tree domain: $NewTreeDomainName"
+ Write-Host "[err] Failed to add new tree domain: $NewTreeDomainName"
Write-Host $_.Exception.Message
}
diff --git a/ansible/scripts/setup-websql.ps1 b/ansible/scripts/setup-websql.ps1
new file mode 100644
index 0000000..02e370b
--- /dev/null
+++ b/ansible/scripts/setup-websql.ps1
@@ -0,0 +1,258 @@
+param (
+ [string]$DomainName = "contoso.com",
+ #[string]$SvcUsername = "svc_websql01",
+ [string]$SvcUsername = "svc_mssql02",
+ [string]$SvcPassword = "Svc1234!"
+)
+
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+$NetBiosName = $DomainName.Split(".")[0].ToUpper()
+$wwwroot1 = "C:\inetpub\wwwroot"
+$wwwroot2 = "C:\inetpub\wwwroot2"
+$wwwroot3 = "C:\inetpub\wwwroot3"
+
+Start-Transcript -Path $logFile -Append
+
+try {
+ New-Item -Path "C:\setup\media" -ItemType "Directory" -Force
+ @"
+;SQL Server Configuration File
+[OPTIONS]
+IACCEPTSQLSERVERLICENSETERMS="True"
+ACTION="Install"
+ENU="True"
+QUIET="True"
+QUIETSIMPLE="False"
+UpdateEnabled="False"
+ERRORREPORTING="False"
+USEMICROSOFTUPDATE="False"
+FEATURES=SQLENGINE,FULLTEXT
+UpdateSource="MU"
+HELP="False"
+INDICATEPROGRESS="False"
+X86="False"
+INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server"
+INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server"
+INSTANCENAME="SQLEXPRESS"
+SQMREPORTING="False"
+INSTANCEID="SQLEXPRESS"
+RSINSTALLMODE="DefaultNativeMode"
+INSTANCEDIR="C:\Program Files\Microsoft SQL Server"
+AGTSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
+AGTSVCSTARTUPTYPE="Automatic"
+COMMFABRICPORT="0"
+COMMFABRICNETWORKLEVEL="0"
+COMMFABRICENCRYPTION="0"
+MATRIXCMBRICKCOMMPORT="0"
+SQLSVCSTARTUPTYPE="Automatic"
+FILESTREAMLEVEL="0"
+ENABLERANU="False"
+SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS"
+SQLSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
+SAPWD="$SvcPassword"
+SQLSYSADMINACCOUNTS="BUILTIN\Administrators"
+ADDCURRENTUSERASSQLADMIN="True"
+TCPENABLED="1"
+NPENABLED="0"
+BROWSERSVCSTARTUPTYPE="Disabled"
+RSSVCSTARTUPTYPE="manual"
+FTSVCACCOUNT="NT Service\MSSQLFDLauncher"
+"@ | Out-File "C:\setup\sql_conf.ini"
+
+ Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET /HIDEPROGRESSBAR" -Wait
+ Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" -Force
+ Restart-Service -Name "MSSQL`$SQLEXPRESS"
+ New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
+
+ $env:Path += ";C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn"
+ SqlCmd -E -Q "CREATE LOGIN [$NetBiosName\$SvcUsername] FROM WINDOWS"
+ SqlCmd -E -Q "SP_ADDSRVROLEMEMBER '$NetBiosName\$SvcUsername', 'SYSADMIN'"
+
+ SqlCmd -E -Q "ALTER LOGIN sa ENABLE"
+ SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF"
+ Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin"
+ Write-Host "[inf] Enabled SA login"
+} catch {
+ Write-Host "[err] SQL Server setup failed"
+}
+
+try {
+ Install-WindowsFeature -Name Web-Server -IncludeManagementTools
+ Install-WindowsFeature -Name Web-Asp-Net45
+ Write-Host "[inf] Installed IIS and ASP.NET"
+} catch {
+ Write-Host "[err] Failed to install IIS and ASP.NET"
+}
+
+@"
+using System;
+using System.IO;
+using System.Web.UI;
+
+public partial class UploadPage : Page
+{
+ protected void UploadFile(object sender, EventArgs e)
+ {
+ if (fileUpload.PostedFile != null && fileUpload.PostedFile.ContentLength > 0)
+ {
+ try
+ {
+ string filename = Path.GetFileName(fileUpload.PostedFile.FileName);
+ fileUpload.PostedFile.SaveAs(Server.MapPath(filename));
+ lblMessage.Text = "File uploaded successfully!";
+ }
+ catch (Exception ex)
+ {
+ lblMessage.Text = "Error: " + ex.Message;
+ }
+ }
+ else
+ {
+ lblMessage.Text = "Please select a file to upload.";
+ }
+ }
+}
+"@ | Out-File "$wwwroot1\upload.aspx.cs" -Force
+
+@"
+<%@ Page Language="C#" AutoEventWireup="true" CodeFile="upload.aspx.cs" Inherits="UploadPage" %>
+<!DOCTYPE html>
+<html>
+<head><title>File Upload Page</title></head>
+<body>
+ <form id="form1" runat="server">
+ <div>
+ <input type="file" id="fileUpload" runat="server" />
+ <br />
+ <asp:Button ID="btnUpload" runat="server" Text="Upload" OnClick="UploadFile" />
+ <br />
+ <asp:Label ID="lblMessage" runat="server" Text=""></asp:Label>
+ </div>
+ </form>
+</body>
+</html>
+"@ | Out-File "$wwwroot1\upload.aspx" -Force
+
+@"
+<?xml version="1.0"?>
+<configuration>
+ <system.web>
+ <compilation debug="true" targetFramework="4.5"/>
+ <httpRuntime targetFramework="4.5"/>
+ <customErrors mode="Off"/>
+ </system.web>
+</configuration>
+"@ | Out-File "$wwwroot1\Web.config" -Force
+
+try {
+ New-WebSite -Name "MyASPXSite" -Port 80 -PhysicalPath $wwwroot1 -ApplicationPool "DefaultAppPool"
+ Set-ItemProperty "IIS:\AppPools\DefaultAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3}
+ New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
+ Restart-WebAppPool -Name "DefaultAppPool"
+ Write-Host "[inf] Site 1 created on port 80"
+} catch {
+ Write-Host "[err] Failed to create site 1"
+}
+
+try {
+ $svcRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$DomainName\$SvcUsername", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
+ $acl = Get-Acl $wwwroot1
+ $acl.SetAccessRule($svcRule)
+ Set-Acl -Path $wwwroot1 -AclObject $acl
+ Write-Host "[inf] ACL set for $wwwroot1"
+} catch {
+ Write-Host "[err] Failed to set ACL for $wwwroot1"
+}
+
+try {
+ Copy-Item $wwwroot1 -Destination $wwwroot2 -Recurse -Force
+ New-WebAppPool -Name "DefaultAppPool2"
+ New-WebSite -Name "MyASPXSite2" -Port 8080 -PhysicalPath $wwwroot2 -ApplicationPool "DefaultAppPool2"
+ Set-ItemProperty "IIS:\AppPools\DefaultAppPool2" -Name processModel -Value @{identityType=2}
+ New-NetFirewallRule -DisplayName "HTTP (8080)" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
+ $acl = Get-Acl $wwwroot2
+ $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
+ $acl.SetAccessRule($rule)
+ Set-Acl -Path $wwwroot2 -AclObject $acl
+ Restart-WebAppPool -Name "DefaultAppPool2"
+ Write-Host "[inf] Site 2 created on port 8080"
+} catch {
+ Write-Host "[err] Failed to create site 2"
+}
+
+try {
+ Copy-Item $wwwroot1 -Destination $wwwroot3 -Recurse -Force
+ New-WebAppPool -Name "SqlQueryAppPool"
+ New-WebSite -Name "SqlQuerySite" -Port 9090 -PhysicalPath $wwwroot3 -ApplicationPool "SqlQueryAppPool"
+ Set-ItemProperty "IIS:\AppPools\SqlQueryAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3}
+ New-NetFirewallRule -DisplayName "HTTP (9090)" -Direction Inbound -Protocol TCP -LocalPort 9090 -Action Allow
+
+ @"
+<%@ Page Language="C#" Debug="true" %>
+<%@ Import Namespace="System.Data" %>
+<%@ Import Namespace="System.Data.SqlClient" %>
+<script runat="server">
+ protected void Page_Load(object sender, EventArgs e)
+ {
+ if (IsPostBack)
+ {
+ string query = txtQuery.Value;
+
+ string connStr = "Server=localhost\\SQLEXPRESS;Database=master;Integrated Security=true;";
+ using (SqlConnection conn = new SqlConnection(connStr))
+ {
+ try
+ {
+ conn.Open();
+ SqlCommand cmd = new SqlCommand(query, conn);
+ SqlDataAdapter da = new SqlDataAdapter(cmd);
+ DataTable dt = new DataTable();
+ da.Fill(dt);
+
+ litResults.Text = "<table border='1'><tr>";
+ foreach (DataColumn col in dt.Columns)
+ {
+ litResults.Text += string.Format("<th>{0}</th>", col.ColumnName);
+ }
+ litResults.Text += "</tr>";
+
+ foreach (DataRow row in dt.Rows)
+ {
+ litResults.Text += "<tr>";
+ foreach (var item in row.ItemArray)
+ {
+ litResults.Text += string.Format("<td>{0}</td>", item);
+ }
+ litResults.Text += "</tr>";
+ }
+ litResults.Text += "</table>";
+ }
+ catch (Exception ex)
+ {
+ litResults.Text = "<span style='color:red;'>Error: " + ex.Message + "</span>";
+ }
+ }
+ }
+ }
+</script>
+<html>
+<head><title>SQL Query Tester</title></head>
+<body>
+ <h2>Enter a SQL Query</h2>
+ <form id="form1" runat="server">
+ <textarea id="txtQuery" runat="server" rows="5" cols="80">SELECT GETDATE()</textarea><br /><br />
+ <asp:Button ID="btnRun" runat="server" Text="Run Query" OnClick="Page_Load" /><br /><br />
+ <asp:Literal ID="litResults" runat="server" />
+ </form>
+</body>
+</html>
+"@ | Out-File "$wwwroot3\sqlquery.aspx" -Force
+
+ Restart-WebAppPool -Name "SqlQueryAppPool"
+ Write-Host "[inf] Site 3 created on port 9090 with SQL query page"
+} catch {
+ Write-Host "[err] Failed to create SQL query site"
+}
+
+Stop-Transcript
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-14 15:24:07 +0000