#Requires -RunAsAdministrator #Requires -Version 5.0 <# Bug1: Shared Folder on Client workstation is not working properly. Permission issues, make it sharable with everyone. #> function Get-OSType{ <# .SYNOPSIS Get the Operating system type ProductType 1 is Client operating systems ProductType 2 is Domain controllers ProductType 3 is Servers that are not domain controllers . .DESCRIPTION Get-OSType returns the operating system type. .EXAMPLE Get-OSType #> [CmdletBinding()] param() $osType = (Get-CimInstance -ClassName Win32_OperatingSystem).ProductType Write-Output $osType } function Install-ADLabDomainController{ <# .SYNOPSIS Install Active Directory Role and promote the server to Primary Domain Controller. .DESCRIPTION Install-ADLabDomainController is used to install the Role of AD Domain Services and promote the server to Primary Domain Controller. .EXAMPLE Install-ADLabDomainController #> [CmdletBinding()] param() if((Get-OSType) -ne 3) { Write-Warning "Server Install not detected. Exiting!!" exit } $ForestName = Read-Host "Enter Forest name. For example covid.inc" try { Install-WindowsFeature AD-Domain-Services -IncludeManagementTools -ErrorAction Stop } catch { Write-Warning "Unable to Install AD Domain Services Role" exit } try { Install-ADDSForest -DomainName $ForestName -InstallDNS -SafeModeAdministratorPassword (ConvertTo-SecureString "Password1" -AsPlainText -Force) -ErrorAction Stop } catch { Write-Warning "Unable to Install Domain Controller" } } function Initialize-ADLabDomainController{ <# .SYNOPSIS Configures Machine name and Static IP address. .DESCRIPTION Initialize-ADLabDomainController is used to configure friendly machine name and assign static IP address to the server . .PARAMETER NewComputerName The name of the machine. .EXAMPLE Initialize-ADLabDomainController -NewComputerName Skynet #> [CmdletBinding()] Param() if((Get-OSType) -ne 3) { Write-Host "Server Install not detected. Exiting!!" -BackgroundColor Yellow -ForegroundColor Black exit } Write-Host ("Machine will be restarted after the changes").ToUpper() -BackgroundColor Yellow -ForegroundColor Black $choice = Read-Host "Do you want to change the name of the machine? (Y/N)" switch ($choice) { Y { try { $NewComputerName = Read-Host "Please enter new machine name." Rename-Computer -NewName $NewComputerName -PassThru -ErrorAction Stop} catch {Write-Warning "Unable to rename the Machine."} } Default {Write-Host "Keeping the same machine name" -BackgroundColor Yellow -ForegroundColor Black } } $netInterface = Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPv4Address,InterfaceIndex | Sort-Object InterfaceIndex Write-Host "Following are the network interfaces configured on this machine" -BackgroundColor Yellow -ForegroundColor Black foreach($obj in $netInterface) { Write-Host "Interface: " $obj.InterfaceIndex " IP Address: " $obj.IPv4Address } try{ [Int32] $selection = Read-Host "Select the InterfaceIndex for Primary Domain Controller" -ErrorAction Stop $StaticIP = Read-Host "Enter the static IP adress to assign this machine" -ErrorAction Stop [Int32]$SubnetMask = Read-Host "Enter the Prefix length for the subnet mask. Example: Enter 24 for Subnet 255.255.255.0" -ErrorAction Stop $GatewayIP = Read-Host "Enter the IP address of the Gateway" -ErrorAction Stop Remove-NetIpAddress -InterfaceIndex $selection -AddressFamily IPv4 -ErrorAction Stop Remove-NetRoute -InterfaceIndex $selection -AddressFamily IPv4 -Confirm:$false -ErrorAction Stop New-NetIpAddress -InterfaceIndex $selection -IpAddress $StaticIP -PrefixLength $SubnetMask -DefaultGateway $GatewayIP -AddressFamily IPv4 -ErrorAction Stop Set-DnsClientServerAddress -InterfaceIndex $selection -ServerAddresses $StaticIP -ErrorAction Stop Restart-Computer } catch { Write-Warning "Unable to set the IP Address. Manully restart the machine!" } } function Initialize-ADLabWorkstation{ <# .SYNOPSIS Assign a friednly machine name and configure the DNS to Domain Controllers IP address. .DESCRIPTION Initialize-ADLabWorkstation is used to assign the workstation a friendly name and configure the DNS IP address to point to Domain Controller. .EXAMPLE Initialize-ADLabWorkstation #> [CmdletBinding()] Param() if((Get-OSType) -ne 1) { Write-Host "Workstation install not detected. Exiting!!" -BackgroundColor Yellow -ForegroundColor Black exit } Write-Host ("Machine will be restarted after the changes").ToUpper() -BackgroundColor Yellow -ForegroundColor Black $choice = Read-Host "Do you want to change the name of the machine? (Y/N)" switch ($choice) { Y { try { $NewComputerName = Read-Host "Please enter new machine name." Rename-Computer -NewName $NewComputerName -PassThru -ErrorAction Stop} catch {Write-Warning "Unable to rename the machine."} } Default {Write-Host "Keeping the same machine name" -BackgroundColor Yellow -ForegroundColor Black } } $netInterface = Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPv4Address,InterfaceIndex |Sort-Object InterfaceIndex Write-Host "Following are the network interfaces configured on this machine" -BackgroundColor Yellow -ForegroundColor Black foreach($obj in $netInterface) { Write-Host "Interface: " $obj.InterfaceIndex " IP Address: " $obj.IPv4Address } $selection = Read-Host "Select the InterfaceIndex for Workstation" $DomainControllerIPaddress = Read-Host "Please provide the IP address of the Domain Controller" try { Set-DnsClientServerAddress -InterfaceIndex $selection -ServerAddresses ($DomainControllerIPaddress) -ErrorAction Stop Restart-Computer } catch { Write-Warning "Unable to configure IP address for the DNS. Restart the machine manually." } } function New-ADLabDomainUser{ <# .SYNOPSIS Adds new users to the Domian Controller. .DESCRIPTION New-ADLabDomainUser configures three users on the domain controller and promote one of them to be Domain Admin. .EXAMPLE New-ADLabDomainUser #> [cmdletbinding()] param() if((Get-OSType) -ne 2) { Write-Host "Domain Controller not detected. Exiting!!" -BackgroundColor Yellow -ForegroundColor Black exit } #Add 3 Users Sarah Conner, Kyle Reese and John Conner. All with password "Password1" try { New-ADUser -Name "Sarah Conner" -GivenName "Sarah" -Surname "Conner" -SamAccountName "sconner" -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true New-ADUser -Name "Kyle Reese" -GivenName "Kyle" -Surname "Reese" -SamAccountName "kreese" -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true New-ADUser -Name "John Conner" -GivenName "John" -Surname "Conner" -SamAccountName "jconner" -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true } catch { Write-Warning "Unable to create user account" } #Add John Conner to Domain Admins Group try { Add-ADGroupMember -Identity "Domain Admins" -Members "jconner" } catch { Write-Warning "Unable to add John Conner to Domain Admins group" } } function New-ADLabAVGroupPolicy{ <# .SYNOPSIS Adds new group policy to disable windows defender. .DESCRIPTION New-ADLabAVGroupPolicy configures a new group policy to disable windows defender. .EXAMPLE New-ADLabAVGroupPolicy #> [cmdletbinding()] param() if((Get-OSType) -ne 2) { Write-Host "Domain Controller not detected. Exiting!!" -BackgroundColor Yellow -ForegroundColor Black exit } try { $someerror = $true New-GPO -Name "Disable Windows Defender" -Comment "This policy disables windows defender" -ErrorAction Stop } catch { $someerror = $false Write-Warning "Unable to create the Policy." } if($someerror) { Set-GPRegistryValue -Name "Disable Windows Defender" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" -ValueName "DisableAntiSpyware" -Type DWord -Value 1 Set-GPRegistryValue -Name "Disable Windows Defender" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -ValueName "DisableRealtimeMonitoring" -Type DWord -Value 1 New-GPLink -Name "Disable Windows Defender" -Target ((Get-ADDomain).DistinguishedName) } } function New-ADLabSMBShare{ <# .SYNOPSIS Adds new share called hackme on the Domain controller and Share on workstation. .DESCRIPTION New-ADLabSMBShare configures a a share on both Domain Controller and workstation. .EXAMPLE New-ADLabSMBShare #> [cmdletbinding()] param() if((Get-OSType) -eq 2) { try { $someerror = $true New-Item "C:\hackMe" -Type Directory -ErrorAction Stop } catch { Write-Warning "Unable to create hackme folder" } if($someerror) { try { New-SmbShare -Name "hackMe" -Path "C:\hackMe" -ErrorAction Stop } catch { Write-Warning "Unable to create Share" } } } elseif ((Get-OSType) -eq 1) { try { $someerror = $true New-Item "C:\Share" -Type Directory -ErrorAction Stop } catch { Write-Warning "Unable to create hackme folder" $someerror = $false } if($someerror) { try { New-SmbShare -Name "Share" -Path "C:\Share" -ErrorAction Stop } catch { Write-Warning "Unable to create Share" } } } else { Write-Warning "Invalid install. Exiting!!" exit } } function Add-ADLabWorkstationToDomain{ <# .SYNOPSIS Adds the workstation to the Domain. .DESCRIPTION Add-ADLabWorkstationToDomain adds the new workstation to our domain. .EXAMPLE Add-ADLabWorkstationToDomain #> [cmdletbinding()] param() if((Get-OSType) -ne 1) { Write-Host "Workstation install not detected. Exiting!!" -BackgroundColor Yellow -ForegroundColor Black exit } try { Add-Computer -DomainName (Read-Host "Enter Domain Name") -Restart -Force -ErrorAction Stop } catch { Write-Warning "Unable to Add workstation to the Domain." } } $ADLab = @" Art by Veronica Karlsson . // /) \ |\ // VK (\\| || \)u| |F /) \```.FF \ \ |J .'/ __ `. `| \ `-'J .'.' ______ __.--' `-. \_ J >. `'.' . _.-' ""`-------' `-.`.`. / )>. /.' .<' .' `-._>--' )\ `--'' F . ('.--'" (_/ '\ \ 'o`. |\ `. J \ | / | \ L \ J ( . | J \ . F _.--'`._ /`. \_) F `. | / "" "' F /\ |_ ___| `-_.' / / F J `--.___.-' F - / / F | L J /| (_ F | L F .'|| L F | | | /J | | J `. | | J | | ____.---.__ |_|______ \ L | F__|_|___.---------' --' `-`--`--.___.-'-'--- _ ____ ____ _____ _ _ _____ _____ ____ _____ _ _ ____ / \ | _ \ | _ \| ____| \ | |_ _| ____/ ___|_ _| | | / \ | __ ) / _ \ | | | | | |_) | _| | \| | | | | _| \___ \ | | | | / _ \ | _ \ / ___ \| |_| | | __/| |___| |\ | | | | |___ ___) || | | |___ / ___ \| |_) | /_/ \_\____/ |_| |_____|_| \_| |_| |_____|____/ |_| |_____/_/ \_\____/ Author: @browninfosecguy Version: 1.0 Usage: This Script can be used to configure both Domain Controller and Workstation. OPTIONS APPLICABLE TO SERVER: Option 1: Configure machine name and static IP address for the Domain Controller. Option 2: Install the "Active Directory Domain Services" role on the server and configure Domain Controller. Option 3: Set up network share on the Domain controller and Workstation. Option 4: Create Group policy to "disable" Windows Defender. Option 5: Create User accounts on the Domain Controller. OPTIONS APPLICABLE TO WORKSTATION: Option 3: Set up network share on the Domain controller and Workstation. Option 6: Configure machine name and set the DNS to IP address of Domain Controller. Option 7: Join the workstation to the Domain. "@ while ($true) { Clear-Host $ADLab $option = Read-Host "Select an option to continue (Choose Wisely)" switch ($option) { 1 { Initialize-ADLabDomainController } 2 { Install-ADLabDomainController } 3 { New-ADLabSMBShare } 4 { New-ADLabAVGroupPolicy } 5 { New-ADLabDomainUser } 6 {Initialize-ADLabWorkstation} 7 {Add-ADLabWorkstationToDomain} Default {"Please select right option!!!"} } }