diff options
Diffstat (limited to 'ansible')
28 files changed, 242 insertions, 167 deletions
diff --git a/ansible/.env.proxmox.example b/ansible/.env.proxmox.example index 7b9a1d6..82fbeaa 100644 --- a/ansible/.env.proxmox.example +++ b/ansible/.env.proxmox.example @@ -28,26 +28,18 @@ export main_domain_name="contoso.com" export main_dc01_vmid="5000" export main_dc01_hostname="dc01" -export main_dc01_ip_address="192.168.1.50" +export main_dc01_ip_address="192.168.1.100" export main_linux_srv01_vmid="5001" export main_linux_srv01_hostname="srv01" -export main_linux_srv01_ip_address="192.168.1.51" +export main_linux_srv01_ip_address="192.168.1.101" -export network_gateway="192.168.1.1" +export main_adcs01_vmid="5002" +export main_adcs01_hostname="adcs01" +export main_adcs01_ip_address="192.168.1.102" + +export main_websql01_vmid="5003" +export main_websql01_hostname="websql01" +export main_websql01_ip_address="192.168.1.103" -#export mssql01_hostname="mssql01" -#export mssql02_hostname="mssql02" -#export web01_hostname="web01" -#export adcs01_hostname="adcs01" -#export workstation01_hostname="workstation01" -#export linux_srv01_hostname="srv01" -#export kali_attackbox_hostname="kali-attackbox" -# -#export mssql01_ip_address="192.168.1.111" -#export mssql02_ip_address="192.168.1.112" -#export web01_ip_address="192.168.1.113" -#export adcs01_ip_address="192.168.1.114" -#export workstation01_ip_address="192.168.1.115" -#export linux_srv01_ip_address="192.168.1.116" -#export kali_attackbox_ip_address="192.168.1.120" +export network_gateway="192.168.1.1" diff --git a/ansible/group_vars/all/main.yaml b/ansible/group_vars/all/main.yaml index 2a2246c..1969a09 100644 --- a/ansible/group_vars/all/main.yaml +++ b/ansible/group_vars/all/main.yaml @@ -34,8 +34,8 @@ tree_dc02_hostname : "{{ lookup('ansible.builtin.env', 'tree_dc02_h tree_dc02_vmid : "{{ lookup('ansible.builtin.env', 'tree_dc02_vmid') }}" child_dc03_hostname : "{{ lookup('ansible.builtin.env', 'child_dc03_hostname') }}" child_dc03_vmid : "{{ lookup('ansible.builtin.env', 'child_dc03_vmid') }}" -main_mssql01_hostname : "{{ lookup('ansible.builtin.env', 'main_mssql01_hostname') }}" -main_mssql01_vmid : "{{ lookup('ansible.builtin.env', 'main_mssql01_vmid') }}" +main_websql01_hostname : "{{ lookup('ansible.builtin.env', 'main_websql01_hostname') }}" +main_websql01_vmid : "{{ lookup('ansible.builtin.env', 'main_websql01_vmid') }}" main_mssql02_hostname : "{{ lookup('ansible.builtin.env', 'main_mssql02_hostname') }}" main_mssql02_vmid : "{{ lookup('ansible.builtin.env', 'main_mssql02_vmid') }}" main_web01_hostname : "{{ lookup('ansible.builtin.env', 'main_web01_hostname') }}" @@ -50,7 +50,7 @@ kali_attackbox_vmid : "{{ lookup('ansible.builtin.env', 'kali_attack main_dc01_ip_address : "{{ lookup('ansible.builtin.env', 'main_dc01_ip_address') }}" tree_dc02_ip_address : "{{ lookup('ansible.builtin.env', 'tree_dc02_ip_address') }}" child_dc03_ip_address : "{{ lookup('ansible.builtin.env', 'child_dc03_ip_address') }}" -main_mssql01_ip_address : "{{ lookup('ansible.builtin.env', 'main_mssql01_ip_address') }}" +main_websql01_ip_address : "{{ lookup('ansible.builtin.env', 'main_websql01_ip_address') }}" main_mssql02_ip_address : "{{ lookup('ansible.builtin.env', 'main_mssql02_ip_address') }}" main_web01_ip_address : "{{ lookup('ansible.builtin.env', 'main_web01_ip_address') }}" main_adcs01_ip_address : "{{ lookup('ansible.builtin.env', 'main_adcs01_ip_address') }}" diff --git a/ansible/main.yaml b/ansible/main.yaml index 4e84f2e..340c51a 100644 --- a/ansible/main.yaml +++ b/ansible/main.yaml @@ -88,27 +88,27 @@ ansible_winrm_server_cert_validation: ignore changed_when: false - - name: "deploy {{ main_mssql01_hostname }}.{{ main_domain_name }} vm on {{ proxmox_hostname }}" + - name: "deploy {{ main_websql01_hostname }}.{{ main_domain_name }} vm on {{ proxmox_hostname }}" include_role: name: proxmox_vm vars: os_type : "windows" template : "{{ windows_server_template_name }}" id : "{{ windows_server_template_id }}" - vm : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" - newid : "{{ main_mssql01_vmid }}" - vmid : "{{ main_mssql01_vmid }}" - ip : "{{ main_mssql01_ip_address }}" + vm : "{{ main_websql01_hostname }}.{{ main_domain_name }}" + newid : "{{ main_websql01_vmid }}" + vmid : "{{ main_websql01_vmid }}" + ip : "{{ main_websql01_ip_address }}" gateway : "{{ network_gateway }}" dns : "{{ main_dc01_ip_address }}" - hostname : "{{ main_mssql01_hostname }}" + hostname : "{{ main_websql01_hostname }}" domain : "{{ main_domain_name }}" - fqdn : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" + fqdn : "{{ main_websql01_hostname }}.{{ main_domain_name }}" - - name: "add {{ main_mssql01_hostname }}.{{ main_domain_name }} to in-memory inventory" + - name: "add {{ main_websql01_hostname }}.{{ main_domain_name }} to in-memory inventory" add_host: - name : "{{ main_mssql01_hostname }}.{{ main_domain_name }}" - ansible_host : "{{ main_mssql01_ip_address }}" + name : "{{ main_websql01_hostname }}.{{ main_domain_name }}" + ansible_host : "{{ main_websql01_ip_address }}" ansible_connection : "{{ win_connector }}" ansible_user : "{{ default_win_username }}" ansible_password : "{{ default_win_password }}" @@ -136,7 +136,7 @@ name: adcs01 when: inventory_hostname == main_adcs01_hostname + '.' + main_domain_name - - name: "configure {{ main_mssql01_hostname }}.{{ main_domain_name }}" + - name: "configure {{ main_websql01_hostname }}.{{ main_domain_name }}" include_role: - name: mssql01 - when: inventory_hostname == main_mssql01_hostname + '.' + main_domain_name + name: websql01 + when: inventory_hostname == main_websql01_hostname + '.' + main_domain_name diff --git a/ansible/roles/dc01/tasks/main.yaml b/ansible/roles/dc01/tasks/main.yaml index d9b0b40..472c191 100644 --- a/ansible/roles/dc01/tasks/main.yaml +++ b/ansible/roles/dc01/tasks/main.yaml @@ -29,6 +29,9 @@ - name: execute setup-gpo.ps1 as domain admin import_tasks: setup_gpo.yaml +- name: execute setup-defender-gpo.ps1 as domain admin + import_tasks: setup_defender_gpo.yaml + - name: reboot after gpo setup import_tasks: reboot.yaml diff --git a/ansible/roles/dc01/tasks/setup_defender_gpo.yaml b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml new file mode 100644 index 0000000..56e7809 --- /dev/null +++ b/ansible/roles/dc01/tasks/setup_defender_gpo.yaml @@ -0,0 +1,7 @@ +- name: execute setup-defender-gpo.ps1 as domain admin + ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ main_domain_name }}" + become: yes + become_method: runas + become_user: "{{ main_domain_name }}\\Administrator" + vars: + ansible_become_password: "{{ default_win_password }}" diff --git a/ansible/roles/mssql01/tasks/set_hostname.yaml b/ansible/roles/mssql01/tasks/set_hostname.yaml deleted file mode 100644 index de974a4..0000000 --- a/ansible/roles/mssql01/tasks/set_hostname.yaml +++ /dev/null @@ -1,2 +0,0 @@ -- name: set hostname - win_shell: Rename-Computer -NewName "{{ main_mssql01_hostname }}" -Force diff --git a/ansible/roles/proxmox_vm/tasks/set_network.yaml b/ansible/roles/proxmox_vm/tasks/set_network.yaml index c75aa0f..5420fc2 100644 --- a/ansible/roles/proxmox_vm/tasks/set_network.yaml +++ b/ansible/roles/proxmox_vm/tasks/set_network.yaml @@ -1,6 +1,7 @@ -- name: "{{ fqdn }} : set up static ip address on windows" +- name: "{{ fqdn }} : (windows) set up static ip address on" win_shell: | - Start-Transcript -Path C:\set_domain_network_log.txt -Append + New-Item -Path C:\Logs -ItemType Directory -Force + Start-Transcript -Path C:\Logs\set_domain_network_log.txt -Append Get-NetIpAddress -InterfaceAlias 'Ethernet' | Remove-NetIPAddress -Confirm:$false New-NetIPAddress -InterfaceAlias 'Ethernet' -IPAddress "{{ ip }}" -PrefixLength 24 -DefaultGateway "{{ gateway }}" Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses "{{ dns }}" @@ -18,36 +19,36 @@ ansible_winrm_transport: basic ansible_winrm_server_cert_validation: ignore -- name: "{{ fqdn }} : configure network for linux" +- name: "{{ fqdn }} : (linux) configure network" block: - - name: "{{ fqdn }} : get default interface" + - name: "{{ fqdn }} : (linux) get default interface" ansible.builtin.shell: ip route get 8.8.8.8 | sed -n 's/.*dev \([^\ ]*\).*/\1/p' register: interface_result - - name: "{{ fqdn }} : set default interface variable" + - name: "{{ fqdn }} : (linux) set default interface variable" ansible.builtin.set_fact: linux_interface_name: "{{ interface_result.stdout }}" netplan_ip_address: "{{ ip }}" - - name: "{{ fqdn }} : find netplan configs in /etc/netplan" + - name: "{{ fqdn }} : (linux) find netplan configs in /etc/netplan" ansible.builtin.find: paths: /etc/netplan recurse: yes register: yaml_configs - - name: "{{ fqdn }} : remove all netplan configs in /etc/netplan" + - name: "{{ fqdn }} : (linux) remove all netplan configs in /etc/netplan" ansible.builtin.file: path: "{{ item.path }}" state: absent loop: "{{ yaml_configs.files }}" - - name: "{{ fqdn }} : set netplan static ip address" + - name: "{{ fqdn }} : (linux) set netplan static ip address" ansible.builtin.template: src: static_ip_netplan.yaml.j2 dest: /etc/netplan/01-netcfg.yaml mode: '0644' - - name: "{{ fqdn }} : apply netplan configuration" + - name: "{{ fqdn }} : (linux) apply netplan configuration" ansible.builtin.command: netplan apply async: 15 poll: 0 diff --git a/ansible/roles/mssql01/tasks/cleanup.yaml b/ansible/roles/websql01/tasks/cleanup.yaml index 0e59407..0e59407 100644 --- a/ansible/roles/mssql01/tasks/cleanup.yaml +++ b/ansible/roles/websql01/tasks/cleanup.yaml diff --git a/ansible/roles/mssql01/tasks/init.yaml b/ansible/roles/websql01/tasks/init.yaml index a75d6cc..a75d6cc 100644 --- a/ansible/roles/mssql01/tasks/init.yaml +++ b/ansible/roles/websql01/tasks/init.yaml diff --git a/ansible/roles/mssql01/tasks/install_software.yaml b/ansible/roles/websql01/tasks/install_software.yaml index a5018a8..a5018a8 100644 --- a/ansible/roles/mssql01/tasks/install_software.yaml +++ b/ansible/roles/websql01/tasks/install_software.yaml diff --git a/ansible/roles/mssql01/tasks/join_domain.yaml b/ansible/roles/websql01/tasks/join_domain.yaml index 6736ba2..6736ba2 100644 --- a/ansible/roles/mssql01/tasks/join_domain.yaml +++ b/ansible/roles/websql01/tasks/join_domain.yaml diff --git a/ansible/roles/mssql01/tasks/main.yaml b/ansible/roles/websql01/tasks/main.yaml index 3822369..f176701 100644 --- a/ansible/roles/mssql01/tasks/main.yaml +++ b/ansible/roles/websql01/tasks/main.yaml @@ -17,8 +17,8 @@ - name: join domain and reboot import_tasks: join_domain.yaml -- name: execute setup-mssql.ps1 - import_tasks: setup_mssql.yaml +- name: execute setup-websql.ps1 + import_tasks: setup_websql.yaml - name: reboot after mssql setup import_tasks: reboot.yaml diff --git a/ansible/roles/mssql01/tasks/reboot.yaml b/ansible/roles/websql01/tasks/reboot.yaml index a7266d0..a7266d0 100644 --- a/ansible/roles/mssql01/tasks/reboot.yaml +++ b/ansible/roles/websql01/tasks/reboot.yaml diff --git a/ansible/roles/websql01/tasks/set_hostname.yaml b/ansible/roles/websql01/tasks/set_hostname.yaml new file mode 100644 index 0000000..7c53a16 --- /dev/null +++ b/ansible/roles/websql01/tasks/set_hostname.yaml @@ -0,0 +1,2 @@ +- name: set hostname + win_shell: Rename-Computer -NewName "{{ main_websql01_hostname }}" -Force diff --git a/ansible/roles/mssql01/tasks/setup_mssql.yaml b/ansible/roles/websql01/tasks/setup_websql.yaml index 4602242..ea527b6 100644 --- a/ansible/roles/mssql01/tasks/setup_mssql.yaml +++ b/ansible/roles/websql01/tasks/setup_websql.yaml @@ -1,7 +1,7 @@ -- name: setup mssql +- name: setup websql ansible.windows.win_powershell: - script: C:\scripts\setup-mssql.ps1 + script: C:\scripts\setup-websql.ps1 parameters: DomainName: "{{ main_domain_name }}" - SvcUsername: svc_mssql01 + SvcUsername: svc_mssql02 SvcPassword: "{{ default_win_svc_password }}" diff --git a/ansible/scripts/dc-wait-for-ready.ps1 b/ansible/scripts/dc-wait-for-ready.ps1 index afdf8ee..246f0a3 100644 --- a/ansible/scripts/dc-wait-for-ready.ps1 +++ b/ansible/scripts/dc-wait-for-ready.ps1 @@ -4,14 +4,14 @@ Start-Transcript -Path $logFile -Append while ($true) { try { - Write-Host "[INFO] Checking if domain is ready" + Write-Host "[inf] Checking if domain is ready" Get-ADDomain break } catch { - Write-Host "[INFO] Sleeping for 60s" + Write-Host "[inf] Sleeping for 60s" Start-Sleep -Seconds 60 } } -Write-Host "[INFO] Domain is ready" +Write-Host "[inf] Domain is ready" Stop-Transcript
\ No newline at end of file diff --git a/ansible/scripts/init.ps1 b/ansible/scripts/init.ps1 index d6b9ff7..2a477de 100644 --- a/ansible/scripts/init.ps1 +++ b/ansible/scripts/init.ps1 @@ -2,7 +2,7 @@ New-Item -Path C:\Logs -ItemType Directory -Force New-Item -Path C:\BgInfo -ItemType Directory -Force New-Item -Path C:\setup -ItemType Directory -Force -Write-Host "[INFO] Disabling password complexity policy" +Write-Host "[inf] Disabling password complexity policy" secedit /export /cfg C:\secpol.cfg (Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY diff --git a/ansible/scripts/populate-ad.ps1 b/ansible/scripts/populate-ad.ps1 index 0b57c77..17801e0 100644 --- a/ansible/scripts/populate-ad.ps1 +++ b/ansible/scripts/populate-ad.ps1 @@ -65,7 +65,7 @@ Function SetAclExtended($for, $to, $right, $extendedRightGUID, $inheritance) Set-ADObject $to -Description "$($for | Select-Object -ExpandProperty Name) has $right, $extendedRightGUID on this object" } -Write-Host "[INFO] Setting weak NTLM compatibility level" +Write-Host "[inf] Setting weak NTLM compatibility level" Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LmCompatibilityLevel" -Value 1 -Force If (-Not (Get-ADOrganizationalUnit -SearchBase "$DomainNameDN" -Filter "Name -like '$DomainOU'")) { @@ -98,14 +98,14 @@ ForEach ($user in $users) { -PasswordNeverExpires $true $created_users += $user } catch { - Write-Host "[ERR] Failed to create user $user" + Write-Host "[err] Failed to create user $user" } } Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" } Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" } -Write-Host "[INFO] Created users: $($created_users -Join ', ')" +Write-Host "[inf] Created users: $($created_users -Join ', ')" $created_computers = @() 1..20 | % { @@ -115,12 +115,12 @@ $created_computers = @() New-ADComputer -SamAccountName "$server$_" -Name "$server$_" -DNSHostName "$server$_.$DomainName" -Path "OU=$ComputersOU,OU=$DomainOU,$DomainNameDN" $created_computers += $server } catch { - Write-Host "[ERR] Failed to create server $server$_" + Write-Host "[err] Failed to create server $server$_" } } } -Write-Host "[INFO] Created computers: $($created_computers -Join ', ')" +Write-Host "[inf] Created computers: $($created_computers -Join ', ')" $svc_users = @{ "svc_mssql01" = @{"type" = "spn"; "value" = "MSSQLSVC"} @@ -166,7 +166,7 @@ ForEach ($user in $svc_users.keys) { $created_svc_users += "$user ($value/$comp)" } catch { - Write-Host "[ERR] Failed to create $value/$comp for $user" + Write-Host "[err] Failed to create $value/$comp for $user" } } "group" { @@ -183,13 +183,13 @@ ForEach ($user in $svc_users.keys) { $created_svc_users += "$user ($value)" } catch { - Write-Host "[ERR] Failed to add $user to $value" + Write-Host "[err] Failed to add $user to $value" } } } } -Write-Host "[INFO] Created svc users: $($created_svc_users -Join ', ')" +Write-Host "[inf] Created svc users: $($created_svc_users -Join ', ')" $dcsync_user = Get-RandomObject -User $acl = Get-Acl -Path "AD:$DomainNameDN" @@ -210,19 +210,19 @@ $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRul Set-Acl -Path "AD:$adminsdholder" -AclObject $acl Set-ADObject $adminsdholder_user -Description "GenericAll on AdminSDHolder" -Write-Host "[INFO] Configuring anonymous LDAP binding via dsHeuristics for contoso.com" +Write-Host "[inf] Configuring anonymous LDAP binding via dsHeuristics for contoso.com" $rootDSE = Get-ADRootDSE $configNC = $rootDSE.ConfigurationNamingContext $directoryServicePath = "CN=Directory Service,CN=Windows NT,CN=Services,$configNC" $directoryService = Get-ADObject -Identity $directoryServicePath -Properties dsHeuristics $currentHeuristics = $directoryService.dsHeuristics $newHeuristics = "0000002" -Write-Host "[INFO] Overwriting dsHeuristics with '0000002'" +Write-Host "[inf] Overwriting dsHeuristics with '0000002'" Set-ADObject -Identity $directoryServicePath ` -Replace @{"dsHeuristics" = $newHeuristics} ` -Description "Anonymous LDAP enabled for contoso.com" ` -ErrorAction Stop -Write-Host "[INFO] Successfully set dsHeuristics to '$newHeuristics'" +Write-Host "[inf] Successfully set dsHeuristics to '$newHeuristics'" Set-ADDomain -Identity $DomainName -Replace @{"ms-DS-MachineAccountQuota"=50} @@ -301,7 +301,7 @@ Set-ADObject -Identity $constrained_delegation_comp1 -Add @{'msDS-AllowedToDeleg Set-ADAccountControl -Identity $constrained_delegation_comp1 -TrustedForDelegation $false -TrustedToAuthForDelegation $true Set-ADObject $constrained_delegation_comp1 -Description "msDS-AllowedToDelegateTo to $($constrained_delegation_comp2 | Select-Object -ExpandProperty Name)" -Write-Host "[INFO] Created vulnerable ACLs, delegation, and Kerberos configurations" +Write-Host "[inf] Created vulnerable ACLs, delegation, and Kerberos configurations" @" Domain content diff --git a/ansible/scripts/setup-adcs.ps1 b/ansible/scripts/setup-adcs.ps1 index 134b9a9..408e7b0 100644 --- a/ansible/scripts/setup-adcs.ps1 +++ b/ansible/scripts/setup-adcs.ps1 @@ -18,9 +18,9 @@ try { Install-WindowsFeature -Name ADCS-Web-Enrollment Install-WindowsFeature -Name RSAT - Write-Host "[INFO] Installed ADCS Windows Features" + Write-Host "[inf] Installed ADCS Windows Features" } catch { - Write-Host "[ERR] Failed to install ADCS Windows Features" + Write-Host "[err] Failed to install ADCS Windows Features" } try { @@ -35,16 +35,16 @@ try { -CACommonName $CACommonName ` -Force - Write-Host "[INFO] Installed ADCS Certification Authority" + Write-Host "[inf] Installed ADCS Certification Authority" } catch { - Write-Host "[ERR] Failed to install ADCS Certification Authority" + Write-Host "[err] Failed to install ADCS Certification Authority" } try { Install-AdcsWebEnrollment -Force - Write-Host "[INFO] Installed ADCS Web Enrollment" + Write-Host "[inf] Installed ADCS Web Enrollment" } catch { - Write-Host "[ERR] Failed to install ADCS Web Enrollment" + Write-Host "[err] Failed to install ADCS Web Enrollment" } Stop-Transcript
\ No newline at end of file diff --git a/ansible/scripts/setup-child-domain.ps1 b/ansible/scripts/setup-child-domain.ps1 index ad23d45..77aead2 100644 --- a/ansible/scripts/setup-child-domain.ps1 +++ b/ansible/scripts/setup-child-domain.ps1 @@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append $p = ConvertTo-SecureString $Password -AsPlainText -Force $c = New-Object System.Management.Automation.PSCredential("$ParentDomainName\$Username", $p) -Write-Host "[INFO] Setting Administrator password" +Write-Host "[inf] Setting Administrator password" $computerName = $env:COMPUTERNAME $adminPassword = $Password $adminUser = [ADSI] "WinNT://$computerName/Administrator,User" $adminUser.SetPassword($adminPassword) -Write-Host "[INFO] Installing AD-Domain-Services feature" +Write-Host "[inf] Installing AD-Domain-Services feature" Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools -Write-Host "[INFO] Importing ADDSDeployment module" +Write-Host "[inf] Importing ADDSDeployment module" Import-Module ADDSDeployment try { - Write-Host "[INFO] Installing New Child Domain in Existing Forest" + Write-Host "[inf] Installing New Child Domain in Existing Forest" Install-ADDSDomain ` -InstallDns ` -ParentDomainName $ParentDomainName ` @@ -41,9 +41,9 @@ try { -Credential $c ` -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword") - Write-Host "[INFO] Successfully added new child domain: $ChildDomainName" + Write-Host "[inf] Successfully added new child domain: $ChildDomainName" } catch { - Write-Host "[ERR] Failed to add new child domain: $ChildDomainName" + Write-Host "[err] Failed to add new child domain: $ChildDomainName" Write-Host $_.Exception.Message } diff --git a/ansible/scripts/setup-defender-gpo.ps1 b/ansible/scripts/setup-defender-gpo.ps1 new file mode 100644 index 0000000..688949a --- /dev/null +++ b/ansible/scripts/setup-defender-gpo.ps1 @@ -0,0 +1,50 @@ +param ( + [string]$DomainName = "contoso.com" +) + +$scriptName = $MyInvocation.MyCommand.Name +$logFile = "C:\Logs\${scriptName}_log.txt" +Start-Transcript -Path $logFile -Append + +Import-Module GroupPolicy -ErrorAction Stop + +$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])" +$DomainUsers = Get-ADGroup "Domain Users" -ErrorAction Stop + +$GpoName = "DisableMicrosoftDefender" + +try { + $GPO = New-GPO -Name $GpoName -Comment "GPO to disable Microsoft Defender in test environment" -ErrorAction Stop + Write-Host "[INFO] Created GPO '$GpoName'" + + Set-GPPermission -Name $GPO.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group -ErrorAction Stop + Write-Host "[INFO] Set GpoEditDeleteModifySecurity permissions for '$($DomainUsers.Name)' on GPO '$GpoName'" + + $RegistrySettings = @( + @{ + Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" + ValueName = "DisableAntiSpyware" + Value = 1 + Type = "DWORD" + }, + @{ + Key = "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" + ValueName = "DisableRealtimeMonitoring" + Value = 1 + Type = "DWORD" + } + ) + + foreach ($Setting in $RegistrySettings) { + Set-GPRegistryValue -Name $GpoName -Key $Setting.Key -ValueName $Setting.ValueName -Type $Setting.Type -Value $Setting.Value -ErrorAction Stop + Write-Host "[INFO] Set registry value: $($Setting.Key)\$($Setting.ValueName) = $($Setting.Value)" + } + + New-GPLink -Name $GPO.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes -ErrorAction Stop + Write-Host "[INFO] Created GP link for '$GpoName' on $DomainNameDN" +} +catch { + Write-Host "[ERR] Failed to configure GPO '$GpoName': $_" +} + +Stop-Transcript diff --git a/ansible/scripts/setup-gpo.ps1 b/ansible/scripts/setup-gpo.ps1 index 8d0bb5d..f837ffc 100644 --- a/ansible/scripts/setup-gpo.ps1 +++ b/ansible/scripts/setup-gpo.ps1 @@ -13,17 +13,17 @@ try { Set-GPPermission -Name $GPO1.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group Set-GPPermission -Name $GPO2.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group - Write-Host "[INFO] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity" + Write-Host "[inf] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity" } catch { - Write-Host "[ERR] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity" + Write-Host "[err] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity" } try { New-GPLink -Name $GPO1.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes New-GPLink -Name $GPO2.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes - Write-Host "[INFO] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN" + Write-Host "[inf] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN" } catch { - Write-Host "[ERR] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN" + Write-Host "[err] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN" } Stop-Transcript diff --git a/ansible/scripts/setup-iis.ps1 b/ansible/scripts/setup-iis.ps1 index 1bbe48d..1ebdd82 100644 --- a/ansible/scripts/setup-iis.ps1 +++ b/ansible/scripts/setup-iis.ps1 @@ -19,9 +19,9 @@ try { New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow Restart-WebAppPool -Name "DefaultAppPool" - Write-Host "[INFO] Created first IIS WebSite, Firewall rule and AppPool" + Write-Host "[inf] Created first IIS WebSite, Firewall rule and AppPool" } catch { - Write-Host "[ERR] Failed to create first IIS WebSite, Firewall rule and AppPool" + Write-Host "[err] Failed to create first IIS WebSite, Firewall rule and AppPool" } try { @@ -30,9 +30,9 @@ try { $acl.SetAccessRule($svcIIS03Rule) Set-Acl -Path $wwwroot1 -AclObject $acl - Write-Host "[INFO] Set ACL for $wwwroot1" + Write-Host "[inf] Set ACL for $wwwroot1" } catch { - Write-Host "[ERR] Failed to set ACL for $wwwroot1" + Write-Host "[err] Failed to set ACL for $wwwroot1" } @" @@ -107,9 +107,9 @@ try { Set-ItemProperty "IIS:\AppPools\DefaultAppPool2" -Name processModel -Value @{ identityType=2 } New-NetFirewallRule -DisplayName "HTTP (8080)" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow - Write-Host "[INFO] Created second IIS WebSite, Firewall rule and AppPool" + Write-Host "[inf] Created second IIS WebSite, Firewall rule and AppPool" } catch { - Write-Host "[ERR] Failed to create second IIS WebSite, Firewall rule and AppPool" + Write-Host "[err] Failed to create second IIS WebSite, Firewall rule and AppPool" } try { @@ -119,9 +119,9 @@ try { $acl.SetAccessRule($rule) Set-Acl -Path $wwwroot2 -AclObject $acl - Write-Host "[INFO] Set ACL for $wwwroot2" + Write-Host "[inf] Set ACL for $wwwroot2" } catch { - Write-Host "[ERR] Failed to set ACL for $wwwroot2" + Write-Host "[err] Failed to set ACL for $wwwroot2" } Restart-WebAppPool -Name "DefaultAppPool2" diff --git a/ansible/scripts/setup-main-domain.ps1 b/ansible/scripts/setup-main-domain.ps1 index 75500ab..770e275 100644 --- a/ansible/scripts/setup-main-domain.ps1 +++ b/ansible/scripts/setup-main-domain.ps1 @@ -10,20 +10,20 @@ Start-Transcript -Path $logFile -Append $NetBiosName = $DomainName.Split(".")[0].ToUpper() -Write-Host "[INFO] Setting Administrator password" +Write-Host "[inf] Setting Administrator password" $computerName = $env:COMPUTERNAME $adminPassword = "packer" $adminUser = [ADSI] "WinNT://$computerName/Administrator,User" $adminUser.SetPassword($adminPassword) -Write-Host "[INFO] Installing Ad-Domain-Services Windows feature + subfeatures" +Write-Host "[inf] Installing Ad-Domain-Services Windows feature + subfeatures" Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools -Write-Host "[INFO] Importing ADDSDeployment module" +Write-Host "[inf] Importing ADDSDeployment module" Import-Module ADDSDeployment try { - Write-Host "[INFO] Installing ADDSForest" + Write-Host "[inf] Installing ADDSForest" Install-ADDSForest ` -InstallDns ` -CreateDnsDelegation:$false ` @@ -37,9 +37,9 @@ try { -NoRebootOnCompletion ` -Force ` -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword") - Write-Host "[INFO] Created Active Directory domain for $DomainName" + Write-Host "[inf] Created Active Directory domain for $DomainName" } catch { - Write-Host "[ERR] Failed to create Active Directory domain for $DomainName" + Write-Host "[err] Failed to create Active Directory domain for $DomainName" Write-Host $_.Exception.Message } Stop-Transcript diff --git a/ansible/scripts/setup-mssql-link.ps1 b/ansible/scripts/setup-mssql-link.ps1 index 8f51058..db1e76c 100644 --- a/ansible/scripts/setup-mssql-link.ps1 +++ b/ansible/scripts/setup-mssql-link.ps1 @@ -11,8 +11,8 @@ try { SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc', @optvalue=N'true'" SqlCmd -E -Q "EXEC master.dbo.sp_serveroption @server=N'$LinkServer', @optname=N'rpc out', @optvalue=N'true'" SqlCmd -E -Q "EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = N'$LinkServer', @locallogin = NULL , @useself = N'True'" - Write-Host "[INFO] Linked $LinkServer to mssql02" + Write-Host "[inf] Linked $LinkServer to mssql02" } catch { - Write-Host "[ERR] Failed to link $LinkServer to mssql02" + Write-Host "[err] Failed to link $LinkServer to mssql02" } Stop-Transcript
\ No newline at end of file diff --git a/ansible/scripts/setup-mssql.ps1 b/ansible/scripts/setup-mssql.ps1 index 032490f..0be1575 100644 --- a/ansible/scripts/setup-mssql.ps1 +++ b/ansible/scripts/setup-mssql.ps1 @@ -57,16 +57,16 @@ FTSVCACCOUNT="NT Service\MSSQLFDLauncher" try { Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET /HIDEPROGRESSBAR" -Wait - Write-Host "[INFO] Installed SQL Server Express" + Write-Host "[inf] Installed SQL Server Express" } catch { - Write-Host "[ERR] Failed to install SQL Server Express" + Write-Host "[err] Failed to install SQL Server Express" } try { Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" -Force - Write-Host "[INFO] Set MSSQL port to 1433" + Write-Host "[inf] Set MSSQL port to 1433" } catch { - Write-Host "[ERR] Failed to set MSSQL port to 1433" + Write-Host "[err] Failed to set MSSQL port to 1433" } Restart-Service -Name "MSSQL`$SQLEXPRESS" @@ -78,11 +78,11 @@ try { SqlCmd -E -Q "ALTER LOGIN sa ENABLE" SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF" - Write-Host "[INFO] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin" - Write-Host "[INFO] Enabled SA login" + Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin" + Write-Host "[inf] Enabled SA login" } catch { - Write-Host "[ERR] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin" - Write-Host "[ERR] Failed to enable SA login" + Write-Host "[err] Failed to add $NetBiosName\$SvcUsername as MSSQL login and sysadmin" + Write-Host "[err] Failed to enable SA login" } diff --git a/ansible/scripts/setup-tree-domain.ps1 b/ansible/scripts/setup-tree-domain.ps1 index 0f661a1..d6908c1 100644 --- a/ansible/scripts/setup-tree-domain.ps1 +++ b/ansible/scripts/setup-tree-domain.ps1 @@ -14,20 +14,20 @@ Start-Transcript -Path $logFile -Append $p = ConvertTo-SecureString $Password -AsPlainText -Force $c = New-Object System.Management.Automation.PSCredential("$ParentForestRootDomain\$Username", $p) -Write-Host "[INFO] Setting Administrator password" +Write-Host "[inf] Setting Administrator password" $computerName = $env:COMPUTERNAME $adminPassword = $Password $adminUser = [ADSI] "WinNT://$computerName/Administrator,User" $adminUser.SetPassword($adminPassword) -Write-Host "[INFO] Installing AD-Domain-Services feature" +Write-Host "[inf] Installing AD-Domain-Services feature" Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools -Write-Host "[INFO] Importing ADDSDeployment module" +Write-Host "[inf] Importing ADDSDeployment module" Import-Module ADDSDeployment try { - Write-Host "[INFO] Installing New Tree Domain in Existing Forest" + Write-Host "[inf] Installing New Tree Domain in Existing Forest" Install-ADDSDomain ` -InstallDns ` -ParentDomainName $ParentForestRootDomain ` @@ -41,9 +41,9 @@ try { -Credential $c ` -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText -Force "$SafeModePassword") - Write-Host "[INFO] Successfully added new tree domain: $NewTreeDomainName" + Write-Host "[inf] Successfully added new tree domain: $NewTreeDomainName" } catch { - Write-Host "[ERR] Failed to add new tree domain: $NewTreeDomainName" + Write-Host "[err] Failed to add new tree domain: $NewTreeDomainName" Write-Host $_.Exception.Message } diff --git a/ansible/scripts/setup-websql.ps1 b/ansible/scripts/setup-websql.ps1 index 9f5db5c..02e370b 100644 --- a/ansible/scripts/setup-websql.ps1 +++ b/ansible/scripts/setup-websql.ps1 @@ -1,6 +1,7 @@ param ( [string]$DomainName = "contoso.com", - [string]$SvcUsername = "svc_websql01", + #[string]$SvcUsername = "svc_websql01", + [string]$SvcUsername = "svc_mssql02", [string]$SvcPassword = "Svc1234!" ) @@ -13,16 +14,77 @@ $wwwroot3 = "C:\inetpub\wwwroot3" Start-Transcript -Path $logFile -Append -# --- IIS Setup --- +try { + New-Item -Path "C:\setup\media" -ItemType "Directory" -Force + @" +;SQL Server Configuration File +[OPTIONS] +IACCEPTSQLSERVERLICENSETERMS="True" +ACTION="Install" +ENU="True" +QUIET="True" +QUIETSIMPLE="False" +UpdateEnabled="False" +ERRORREPORTING="False" +USEMICROSOFTUPDATE="False" +FEATURES=SQLENGINE,FULLTEXT +UpdateSource="MU" +HELP="False" +INDICATEPROGRESS="False" +X86="False" +INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server" +INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server" +INSTANCENAME="SQLEXPRESS" +SQMREPORTING="False" +INSTANCEID="SQLEXPRESS" +RSINSTALLMODE="DefaultNativeMode" +INSTANCEDIR="C:\Program Files\Microsoft SQL Server" +AGTSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE" +AGTSVCSTARTUPTYPE="Automatic" +COMMFABRICPORT="0" +COMMFABRICNETWORKLEVEL="0" +COMMFABRICENCRYPTION="0" +MATRIXCMBRICKCOMMPORT="0" +SQLSVCSTARTUPTYPE="Automatic" +FILESTREAMLEVEL="0" +ENABLERANU="False" +SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" +SQLSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE" +SAPWD="$SvcPassword" +SQLSYSADMINACCOUNTS="BUILTIN\Administrators" +ADDCURRENTUSERASSQLADMIN="True" +TCPENABLED="1" +NPENABLED="0" +BROWSERSVCSTARTUPTYPE="Disabled" +RSSVCSTARTUPTYPE="manual" +FTSVCACCOUNT="NT Service\MSSQLFDLauncher" +"@ | Out-File "C:\setup\sql_conf.ini" + + Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET /HIDEPROGRESSBAR" -Wait + Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" -Force + Restart-Service -Name "MSSQL`$SQLEXPRESS" + New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow + + $env:Path += ";C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn" + SqlCmd -E -Q "CREATE LOGIN [$NetBiosName\$SvcUsername] FROM WINDOWS" + SqlCmd -E -Q "SP_ADDSRVROLEMEMBER '$NetBiosName\$SvcUsername', 'SYSADMIN'" + + SqlCmd -E -Q "ALTER LOGIN sa ENABLE" + SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF" + Write-Host "[inf] Added $NetBiosName\$SvcUsername as MSSQL login and sysadmin" + Write-Host "[inf] Enabled SA login" +} catch { + Write-Host "[err] SQL Server setup failed" +} + try { Install-WindowsFeature -Name Web-Server -IncludeManagementTools Install-WindowsFeature -Name Web-Asp-Net45 - Write-Host "[INFO] Installed IIS and ASP.NET" + Write-Host "[inf] Installed IIS and ASP.NET" } catch { - Write-Host "[ERR] Failed to install IIS and ASP.NET" + Write-Host "[err] Failed to install IIS and ASP.NET" } -# Upload form content @" using System; using System.IO; @@ -83,29 +145,26 @@ public partial class UploadPage : Page </configuration> "@ | Out-File "$wwwroot1\Web.config" -Force -# Default site - port 80 try { New-WebSite -Name "MyASPXSite" -Port 80 -PhysicalPath $wwwroot1 -ApplicationPool "DefaultAppPool" Set-ItemProperty "IIS:\AppPools\DefaultAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3} New-NetFirewallRule -DisplayName "HTTP (80)" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow Restart-WebAppPool -Name "DefaultAppPool" - Write-Host "[INFO] Site 1 created on port 80" + Write-Host "[inf] Site 1 created on port 80" } catch { - Write-Host "[ERR] Failed to create site 1" + Write-Host "[err] Failed to create site 1" } -# ACLs for wwwroot1 try { $svcRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$DomainName\$SvcUsername", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow") $acl = Get-Acl $wwwroot1 $acl.SetAccessRule($svcRule) Set-Acl -Path $wwwroot1 -AclObject $acl - Write-Host "[INFO] ACL set for $wwwroot1" + Write-Host "[inf] ACL set for $wwwroot1" } catch { - Write-Host "[ERR] Failed to set ACL for $wwwroot1" + Write-Host "[err] Failed to set ACL for $wwwroot1" } -# Second site - port 8080 try { Copy-Item $wwwroot1 -Destination $wwwroot2 -Recurse -Force New-WebAppPool -Name "DefaultAppPool2" @@ -117,47 +176,11 @@ try { $acl.SetAccessRule($rule) Set-Acl -Path $wwwroot2 -AclObject $acl Restart-WebAppPool -Name "DefaultAppPool2" - Write-Host "[INFO] Site 2 created on port 8080" -} catch { - Write-Host "[ERR] Failed to create site 2" -} - -# SQL Server Express setup -try { - New-Item -Path "C:\setup\media" -ItemType "Directory" -Force - @" -;SQL Server Configuration File -[OPTIONS] -IACCEPTSQLSERVERLICENSETERMS="True" -ACTION="Install" -ENU="True" -QUIET="True" -FEATURES=SQLENGINE,FULLTEXT -INSTANCENAME="SQLEXPRESS" -SQLSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE" -SQLSYSADMINACCOUNTS="BUILTIN\Administrators" -ADDCURRENTUSERASSQLADMIN="True" -TCPENABLED="1" -NPENABLED="0" -SAPWD="$SvcPassword" -"@ | Out-File "C:\setup\sql_conf.ini" - - Start-Process -FilePath "C:\setup\SQL2019-SSEI-Expr.exe" -ArgumentList "/configurationfile=C:\setup\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=C:\setup\media /QUIET" -Wait - Set-ItemProperty -Path "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" -Name "TcpPort" -Value "1433" - Restart-Service -Name "MSSQL`$SQLEXPRESS" - New-NetFirewallRule -DisplayName "SQLServer 1433" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow - - $env:Path += ";C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn" - SqlCmd -E -Q "CREATE LOGIN [$NetBiosName\$SvcUsername] FROM WINDOWS" - SqlCmd -E -Q "SP_ADDSRVROLEMEMBER '$NetBiosName\$SvcUsername', 'SYSADMIN'" - SqlCmd -E -Q "ALTER LOGIN sa ENABLE" - SqlCmd -E -Q "ALTER LOGIN sa WITH PASSWORD = '$SvcPassword', CHECK_POLICY=OFF" - Write-Host "[INFO] SQL Server installed/configured" + Write-Host "[inf] Site 2 created on port 8080" } catch { - Write-Host "[ERR] SQL Server setup failed" + Write-Host "[err] Failed to create site 2" } -# Third site - port 9090 with upload + SQL query page try { Copy-Item $wwwroot1 -Destination $wwwroot3 -Recurse -Force New-WebAppPool -Name "SqlQueryAppPool" @@ -165,7 +188,6 @@ try { Set-ItemProperty "IIS:\AppPools\SqlQueryAppPool" -Name processModel -Value @{userName="$SvcUsername";password="$SvcPassword";identityType=3} New-NetFirewallRule -DisplayName "HTTP (9090)" -Direction Inbound -Protocol TCP -LocalPort 9090 -Action Allow - # SQL Query Page @" <%@ Page Language="C#" Debug="true" %> <%@ Import Namespace="System.Data" %> @@ -191,7 +213,7 @@ try { litResults.Text = "<table border='1'><tr>"; foreach (DataColumn col in dt.Columns) { - litResults.Text += $"<th>{col.ColumnName}</th>"; + litResults.Text += string.Format("<th>{0}</th>", col.ColumnName); } litResults.Text += "</tr>"; @@ -200,7 +222,7 @@ try { litResults.Text += "<tr>"; foreach (var item in row.ItemArray) { - litResults.Text += $"<td>{item}</td>"; + litResults.Text += string.Format("<td>{0}</td>", item); } litResults.Text += "</tr>"; } @@ -228,9 +250,9 @@ try { "@ | Out-File "$wwwroot3\sqlquery.aspx" -Force Restart-WebAppPool -Name "SqlQueryAppPool" - Write-Host "[INFO] Site 3 created on port 9090 with SQL query page" + Write-Host "[inf] Site 3 created on port 9090 with SQL query page" } catch { - Write-Host "[ERR] Failed to create SQL query site" + Write-Host "[err] Failed to create SQL query site" } Stop-Transcript |