Skip to content

Instantly share code, notes, and snippets.

@clong

clong/gist:437c29d68f3f4656c80ea042ed6dfa7e

Created February 4, 2021 07:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save clong/437c29d68f3f4656c80ea042ed6dfa7e to your computer and use it in GitHub Desktop.
Save clong/437c29d68f3f4656c80ea042ed6dfa7e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
$ ansible-playbook -v detectionlab.yml --tags "dc"
Using /Users/clong/git-repos/DetectionLab/Azure/Ansible/ansible.cfg as config file
PLAY [dc] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222]
TASK [dc : Set DNS Address] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true}
TASK [dc : Install git] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
[WARNING]: Chocolatey was missing from this system, so it was installed during this task run.
changed: [52.183.114.222] => {"changed": true, "rc": 0}
TASK [dc : Check if existing DetectionLab directory] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {"changed": false, "stat": {"exists": false}}
TASK [dc : Git clone Detectionlab] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": "git clone https://github.com/clong/DetectionLab.git", "delta": "0:00:13.640933", "end": "2021-02-04 06:52:59.278068", "rc": 0, "start": "2021-02-04 06:52:45.637135", "stderr": "Cloning into 'DetectionLab'...\nUpdating files: 79% (279/351)\rUpdating files: 80% (281/351)\rUpdating files: 81% (285/351)\rUpdating files: 82% (288/351)\rUpdating files: 83% (292/351)\rUpdating files: 84% (295/351)\rUpdating files: 85% (299/351)\rUpdating files: 86% (302/351)\rUpdating files: 87% (306/351)\rUpdating files: 88% (309/351)\rUpdating files: 89% (313/351)\rUpdating files: 90% (316/351)\rUpdating files: 91% (320/351)\rUpdating files: 92% (323/351)\rUpdating files: 93% (327/351)\rUpdating files: 94% (330/351)\rUpdating files: 95% (334/351)\rUpdating files: 96% (337/351)\rUpdating files: 97% (341/351)\rUpdating files: 98% (344/351)\rUpdating files: 99% (348/351)\rUpdating files: 100% (351/351)\rUpdating files: 100% (351/351), done.", "stderr_lines": ["Cloning into 'DetectionLab'...", "Updating files: 79% (279/351)", "Updating files: 80% (281/351)", "Updating files: 81% (285/351)", "Updating files: 82% (288/351)", "Updating files: 83% (292/351)", "Updating files: 84% (295/351)", "Updating files: 85% (299/351)", "Updating files: 86% (302/351)", "Updating files: 87% (306/351)", "Updating files: 88% (309/351)", "Updating files: 89% (313/351)", "Updating files: 90% (316/351)", "Updating files: 91% (320/351)", "Updating files: 92% (323/351)", "Updating files: 93% (327/351)", "Updating files: 94% (330/351)", "Updating files: 95% (334/351)", "Updating files: 96% (337/351)", "Updating files: 97% (341/351)", "Updating files: 98% (344/351)", "Updating files: 99% (348/351)", "Updating files: 100% (351/351)", "Updating files: 100% (351/351), done."], "stdout": "", "stdout_lines": []}
TASK [dc : Copy scripts to c:\vagrant] ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": "Copy-Item -Recurse c:\\DetectionLab\\Vagrant c:\\vagrant", "delta": "0:00:03.786437", "end": "2021-02-04 06:53:13.986417", "rc": 0, "start": "2021-02-04 06:53:10.199979", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [dc : Create an Administrator user] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"account_disabled": false, "account_locked": false, "changed": true, "description": "", "fullname": "Administrator", "groups": [{"name": "Users", "path": "WinNT://WORKGROUP/dc/Users"}, {"name": "Administrators", "path": "WinNT://WORKGROUP/dc/Administrators"}], "name": "Administrator", "password_expired": false, "password_never_expires": true, "path": "WinNT://WORKGROUP/dc/Administrator", "sid": "S-1-5-21-3306203141-1999782666-159962510-1001", "state": "present", "user_cannot_change_password": false}
TASK [dc : Create the Domain] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\provision.ps1", "delta": "0:04:55.129612", "end": "2021-02-04 06:58:21.740936", "rc": 0, "start": "2021-02-04 06:53:26.611324", "stderr": "", "stderr_lines": [], "stdout": "[06:53] Setting timezone to UTC...\n[06:53] Checking if Windows evaluation is expiring soon or expired...\n[06:53] 180 days left until expiration, no need to rearm.\n[06:53] Disabling the Invoke-WebRequest download progress bar globally for speed improvements.\n[06:53] See https://github.com/PowerShell/PowerShell/issues/2138 for more info\n[06:53] Disabling IPv6 on all network adatpers...\n\r\nName DisplayName ComponentID Enabled \r\n---- ----------- ----------- ------- \r\nEthernet Internet Protocol Version 6 (TCP/IPv6) ms_tcpip6 False \r\nThe operation completed successfully.\r\r\n[06:53] Current domain is set to 'workgroup'. Time to join the domain!\n[06:53] Installing bginfo...\n[06:53] Installing BGInfo...\n\r\nPSPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Program Files\\sysinternals\r\nPSParentPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Program Files\r\nPSChildName : sysinternals\r\nPSDrive : C\r\nPSProvider : Microsoft.PowerShell.Core\\FileSystem\r\nPSIsContainer : True\r\nName : sysinternals\r\nFullName : C:\\Program Files\\sysinternals\r\nParent : Program Files\r\nExists : True\r\nRoot : C:\\\r\nExtension : \r\nCreationTime : 2/4/2021 6:53:29 AM\r\nCreationTimeUtc : 2/4/2021 6:53:29 AM\r\nLastAccessTime : 2/4/2021 6:53:29 AM\r\nLastAccessTimeUtc : 2/4/2021 6:53:29 AM\r\nLastWriteTime : 2/4/2021 6:53:29 AM\r\nLastWriteTimeUtc : 2/4/2021 6:53:29 AM\r\nAttributes : Directory\r\nMode : d-----\r\nBaseName : sysinternals\r\nTarget : {}\r\nLinkType : \r\n\r\n[06:53] Installing RSAT tools\n\r\nSuccess : True\r\nRestartNeeded : No\r\nFeatureResult : {Remote Server Administration Tools, Active Directory Administrative Center, Active Directory module \r\n for Windows PowerShell, AD DS and AD LDS Tools...}\r\nExitCode : Success\r\n\r\n[06:54] Creating domain controller...\n \r\nThe task has completed successfully.\r\nSee log %windir%\\security\\logs\\scesrv.log for detail info.\r\nCompleted 5 percent (0/18) \tProcess Security Policy area \rCompleted 22 percent (3/18) \tProcess Security Policy area \rCompleted 44 percent (7/18) \tProcess Security Policy area \rCompleted 61 percent (10/18) \tProcess Security Policy area \rCompleted 77 percent (13/18) \tProcess Security Policy area \rCompleted 100 percent (18/18) \tProcess Security Policy area \r \r\nThe task has completed successfully.\r\nSee log %windir%\\security\\logs\\scesrv.log for detail info.\r\n\r\nSuccess : True\r\nRestartNeeded : No\r\nFeatureResult : {Active Directory Domain Services}\r\nExitCode : Success\r\n\r\n\r\nMessage : You must restart this computer to complete the operation.\r\n \r\nContext : DCPromo.General.2\r\nRebootRequired : True\r\nStatus : Success\r\n\r\n[06:57] Setting DNS\n[06:57] Setting timezone to UTC\n[06:57] Excluding NAT interface from DNS\nListenAddresses reset successful.\r\n\r\nCommand completed successfully.\r\n\r\n[06:57] Uninstalling Windows Defender...\n\r\nSuccess : True\r\nRestartNeeded : Yes\r\nFeatureResult : {Windows Defender, Windows Defender Features, GUI for Windows Defender}\r\nExitCode : SuccessRestartRequired\r\n\r\n\r\nSuccess : True\r\nRestartNeeded : Yes\r\nFeatureResult : {}\r\nExitCode : NoChangeNeeded\r\n\r\n\r\n\r\n", "stdout_lines": ["[06:53] Setting timezone to UTC...", "[06:53] Checking if Windows evaluation is expiring soon or expired...", "[06:53] 180 days left until expiration, no need to rearm.", "[06:53] Disabling the Invoke-WebRequest download progress bar globally for speed improvements.", "[06:53] See https://github.com/PowerShell/PowerShell/issues/2138 for more info", "[06:53] Disabling IPv6 on all network adatpers...", "", "Name DisplayName ComponentID Enabled ", "---- ----------- ----------- ------- ", "Ethernet Internet Protocol Version 6 (TCP/IPv6) ms_tcpip6 False ", "The operation completed successfully.", "", "[06:53] Current domain is set to 'workgroup'. Time to join the domain!", "[06:53] Installing bginfo...", "[06:53] Installing BGInfo...", "", "PSPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Program Files\\sysinternals", "PSParentPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Program Files", "PSChildName : sysinternals", "PSDrive : C", "PSProvider : Microsoft.PowerShell.Core\\FileSystem", "PSIsContainer : True", "Name : sysinternals", "FullName : C:\\Program Files\\sysinternals", "Parent : Program Files", "Exists : True", "Root : C:\\", "Extension : ", "CreationTime : 2/4/2021 6:53:29 AM", "CreationTimeUtc : 2/4/2021 6:53:29 AM", "LastAccessTime : 2/4/2021 6:53:29 AM", "LastAccessTimeUtc : 2/4/2021 6:53:29 AM", "LastWriteTime : 2/4/2021 6:53:29 AM", "LastWriteTimeUtc : 2/4/2021 6:53:29 AM", "Attributes : Directory", "Mode : d-----", "BaseName : sysinternals", "Target : {}", "LinkType : ", "", "[06:53] Installing RSAT tools", "", "Success : True", "RestartNeeded : No", "FeatureResult : {Remote Server Administration Tools, Active Directory Administrative Center, Active Directory module ", " for Windows PowerShell, AD DS and AD LDS Tools...}", "ExitCode : Success", "", "[06:54] Creating domain controller...", " ", "The task has completed successfully.", "See log %windir%\\security\\logs\\scesrv.log for detail info.", "Completed 5 percent (0/18) \tProcess Security Policy area ", "Completed 22 percent (3/18) \tProcess Security Policy area ", "Completed 44 percent (7/18) \tProcess Security Policy area ", "Completed 61 percent (10/18) \tProcess Security Policy area ", "Completed 77 percent (13/18) \tProcess Security Policy area ", "Completed 100 percent (18/18) \tProcess Security Policy area ", " ", "The task has completed successfully.", "See log %windir%\\security\\logs\\scesrv.log for detail info.", "", "Success : True", "RestartNeeded : No", "FeatureResult : {Active Directory Domain Services}", "ExitCode : Success", "", "", "Message : You must restart this computer to complete the operation.", " ", "Context : DCPromo.General.2", "RebootRequired : True", "Status : Success", "", "[06:57] Setting DNS", "[06:57] Setting timezone to UTC", "[06:57] Excluding NAT interface from DNS", "ListenAddresses reset successful.", "", "Command completed successfully.", "", "[06:57] Uninstalling Windows Defender...", "", "Success : True", "RestartNeeded : Yes", "FeatureResult : {Windows Defender, Windows Defender Features, GUI for Windows Defender}", "ExitCode : SuccessRestartRequired", "", "", "Success : True", "RestartNeeded : Yes", "FeatureResult : {}", "ExitCode : NoChangeNeeded", "", "", ""]}
TASK [dc : Reboot Afer Domain Creation] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "elapsed": 111, "rebooted": true}
TASK [dc : Configure OU] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-ou.ps1", "delta": "0:00:04.375079", "end": "2021-02-04 07:00:22.713492", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:00:18.338413", "stderr": "", "stderr_lines": [], "stdout": "[07:00] Creating Server and Workstation OUs...\n[07:00] Creating Server OU...\n[07:00] Created Servers OU.\n[07:00] Creating Workstations OU...\n[07:00] Created Workstations OU.\n", "stdout_lines": ["[07:00] Creating Server and Workstation OUs...", "[07:00] Creating Server OU...", "[07:00] Created Servers OU.", "[07:00] Creating Workstations OU...", "[07:00] Created Workstations OU."]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:00] Creating Server and Workstation OUs...",
"[07:00] Creating Server OU...",
"[07:00] Created Servers OU.",
"[07:00] Creating Workstations OU...",
"[07:00] Created Workstations OU."
]
}
TASK [dc : Configure WEF GPO] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-wef-gpo.ps1", "delta": "0:01:35.348492", "end": "2021-02-04 07:02:00.796554", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:00:25.448061", "stderr": "", "stderr_lines": [], "stdout": "[07:00] Importing the GPO to specify the WEF collector\n\r\n\r\nDisplayName : Windows Event Forwarding Server\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 31df18ac-6573-4f6f-91de-830fdf71a5fc\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:00:26 AM\r\nModificationTime : 2/4/2021 7:00:26 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Windows Event Forwarding Server\r\nGpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc\r\nEnabled : True\r\nEnforced : True\r\nOrder : 1\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Windows Event Forwarding Server\r\nGpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc\r\nEnabled : True\r\nEnforced : True\r\nOrder : 2\r\nTarget : OU=Domain Controllers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Windows Event Forwarding Server\r\nGpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc\r\nEnabled : True\r\nEnforced : True\r\nOrder : 1\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n[07:00] Importing the GPO to modify ACLs on Custom Event Channels\nDisplayName : Custom Event Channel Permissions\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 3db8f036-e762-443f-9526-717641733ca8\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:00:27 AM\r\nModificationTime : 2/4/2021 7:00:27 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Custom Event Channel Permissions\r\nGpoId : 3db8f036-e762-443f-9526-717641733ca8\r\nEnabled : True\r\nEnforced : True\r\nOrder : 2\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Custom Event Channel Permissions\r\nGpoId : 3db8f036-e762-443f-9526-717641733ca8\r\nEnabled : True\r\nEnforced : True\r\nOrder : 3\r\nTarget : OU=Domain Controllers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Custom Event Channel Permissions\r\nGpoId : 3db8f036-e762-443f-9526-717641733ca8\r\nEnabled : True\r\nEnforced : True\r\nOrder : 2\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\nUpdating policy...\r\r\n\r\r\nComputer Policy update has completed successfully.\r\r\nUser Policy update has completed successfully.\r\r\n\r\r\n\r\n\r\n", "stdout_lines": ["[07:00] Importing the GPO to specify the WEF collector", "", "", "DisplayName : Windows Event Forwarding Server", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 31df18ac-6573-4f6f-91de-830fdf71a5fc", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:00:26 AM", "ModificationTime : 2/4/2021 7:00:26 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Windows Event Forwarding Server", "GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc", "Enabled : True", "Enforced : True", "Order : 1", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Windows Event Forwarding Server", "GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc", "Enabled : True", "Enforced : True", "Order : 2", "Target : OU=Domain Controllers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Windows Event Forwarding Server", "GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc", "Enabled : True", "Enforced : True", "Order : 1", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "[07:00] Importing the GPO to modify ACLs on Custom Event Channels", "DisplayName : Custom Event Channel Permissions", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 3db8f036-e762-443f-9526-717641733ca8", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:00:27 AM", "ModificationTime : 2/4/2021 7:00:27 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Custom Event Channel Permissions", "GpoId : 3db8f036-e762-443f-9526-717641733ca8", "Enabled : True", "Enforced : True", "Order : 2", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Custom Event Channel Permissions", "GpoId : 3db8f036-e762-443f-9526-717641733ca8", "Enabled : True", "Enforced : True", "Order : 3", "Target : OU=Domain Controllers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Custom Event Channel Permissions", "GpoId : 3db8f036-e762-443f-9526-717641733ca8", "Enabled : True", "Enforced : True", "Order : 2", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "Updating policy...", "", "", "", "Computer Policy update has completed successfully.", "", "User Policy update has completed successfully.", "", "", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:00] Importing the GPO to specify the WEF collector",
"",
"",
"DisplayName : Windows Event Forwarding Server",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 31df18ac-6573-4f6f-91de-830fdf71a5fc",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:00:26 AM",
"ModificationTime : 2/4/2021 7:00:26 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Windows Event Forwarding Server",
"GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc",
"Enabled : True",
"Enforced : True",
"Order : 1",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Windows Event Forwarding Server",
"GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc",
"Enabled : True",
"Enforced : True",
"Order : 2",
"Target : OU=Domain Controllers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Windows Event Forwarding Server",
"GpoId : 31df18ac-6573-4f6f-91de-830fdf71a5fc",
"Enabled : True",
"Enforced : True",
"Order : 1",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"[07:00] Importing the GPO to modify ACLs on Custom Event Channels",
"DisplayName : Custom Event Channel Permissions",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 3db8f036-e762-443f-9526-717641733ca8",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:00:27 AM",
"ModificationTime : 2/4/2021 7:00:27 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Custom Event Channel Permissions",
"GpoId : 3db8f036-e762-443f-9526-717641733ca8",
"Enabled : True",
"Enforced : True",
"Order : 2",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Custom Event Channel Permissions",
"GpoId : 3db8f036-e762-443f-9526-717641733ca8",
"Enabled : True",
"Enforced : True",
"Order : 3",
"Target : OU=Domain Controllers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Custom Event Channel Permissions",
"GpoId : 3db8f036-e762-443f-9526-717641733ca8",
"Enabled : True",
"Enforced : True",
"Order : 2",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"Updating policy...",
"",
"",
"",
"Computer Policy update has completed successfully.",
"",
"User Policy update has completed successfully.",
"",
"",
"",
"",
""
]
}
TASK [dc : Configure Powershell Logging GPO] ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-powershelllogging.ps1", "delta": "0:00:13.218320", "end": "2021-02-04 07:02:18.186910", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:02:04.968590", "stderr": "", "stderr_lines": [], "stdout": "[07:02] Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging...\n\r\n\r\nDisplayName : Powershell Logging\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : addc9d8c-2a92-4249-a91b-14ad51c75934\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:02:05 AM\r\nModificationTime : 2/4/2021 7:02:05 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Powershell Logging\r\nGpoId : addc9d8c-2a92-4249-a91b-14ad51c75934\r\nEnabled : True\r\nEnforced : True\r\nOrder : 3\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Powershell Logging\r\nGpoId : addc9d8c-2a92-4249-a91b-14ad51c75934\r\nEnabled : True\r\nEnforced : True\r\nOrder : 3\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Powershell Logging\r\nGpoId : addc9d8c-2a92-4249-a91b-14ad51c75934\r\nEnabled : True\r\nEnforced : True\r\nOrder : 4\r\nTarget : OU=Domain Controllers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\nUpdating policy...\r\r\n\r\r\nComputer Policy update has completed successfully.\r\r\nUser Policy update has completed successfully.\r\r\n\r\r\n\r\n\r\n", "stdout_lines": ["[07:02] Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging...", "", "", "DisplayName : Powershell Logging", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : addc9d8c-2a92-4249-a91b-14ad51c75934", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:02:05 AM", "ModificationTime : 2/4/2021 7:02:05 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Powershell Logging", "GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934", "Enabled : True", "Enforced : True", "Order : 3", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Powershell Logging", "GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934", "Enabled : True", "Enforced : True", "Order : 3", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Powershell Logging", "GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934", "Enabled : True", "Enforced : True", "Order : 4", "Target : OU=Domain Controllers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "Updating policy...", "", "", "", "Computer Policy update has completed successfully.", "", "User Policy update has completed successfully.", "", "", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:02] Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging...",
"",
"",
"DisplayName : Powershell Logging",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : addc9d8c-2a92-4249-a91b-14ad51c75934",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:02:05 AM",
"ModificationTime : 2/4/2021 7:02:05 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Powershell Logging",
"GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934",
"Enabled : True",
"Enforced : True",
"Order : 3",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Powershell Logging",
"GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934",
"Enabled : True",
"Enforced : True",
"Order : 3",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Powershell Logging",
"GpoId : addc9d8c-2a92-4249-a91b-14ad51c75934",
"Enabled : True",
"Enforced : True",
"Order : 4",
"Target : OU=Domain Controllers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"Updating policy...",
"",
"",
"",
"Computer Policy update has completed successfully.",
"",
"User Policy update has completed successfully.",
"",
"",
"",
"",
""
]
}
TASK [dc : Configure Auditing Policy GPO] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-AuditingPolicyGPOs.ps1", "delta": "0:00:04.399839", "end": "2021-02-04 07:02:25.352463", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:02:20.952623", "stderr": "", "stderr_lines": [], "stdout": "[07:02] Configuring auditing policy GPOs...\n[07:02] Importing Domain Controllers Enhanced Auditing Policy...\n\r\n\r\nDisplayName : Domain Controllers Enhanced Auditing Policy\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : ea5d77af-56c6-4e6a-9025-8e605fba22d1\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:02:21 AM\r\nModificationTime : 2/4/2021 7:02:22 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Domain Controllers Enhanced Auditing Policy\r\nGpoId : ea5d77af-56c6-4e6a-9025-8e605fba22d1\r\nEnabled : True\r\nEnforced : True\r\nOrder : 5\r\nTarget : OU=Domain Controllers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n[07:02] Importing Servers Enhanced Auditing Policy...\nDisplayName : Servers Enhanced Auditing Policy\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 337aea53-803d-4412-a20e-cdf4cd0ab44e\r\nGpoStatus : UserSettingsDisabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:02:22 AM\r\nModificationTime : 2/4/2021 7:02:23 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Servers Enhanced Auditing Policy\r\nGpoId : 337aea53-803d-4412-a20e-cdf4cd0ab44e\r\nEnabled : True\r\nEnforced : True\r\nOrder : 4\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n[07:02] Importing Workstations Enhanced Auditing Policy...\nDisplayName : Workstations Enhanced Auditing Policy\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 5eda69f8-a22b-424e-92d3-84274675a3b0\r\nGpoStatus : UserSettingsDisabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:02:23 AM\r\nModificationTime : 2/4/2021 7:02:24 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Workstations Enhanced Auditing Policy\r\nGpoId : 5eda69f8-a22b-424e-92d3-84274675a3b0\r\nEnabled : True\r\nEnforced : True\r\nOrder : 4\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\n\r\n", "stdout_lines": ["[07:02] Configuring auditing policy GPOs...", "[07:02] Importing Domain Controllers Enhanced Auditing Policy...", "", "", "DisplayName : Domain Controllers Enhanced Auditing Policy", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : ea5d77af-56c6-4e6a-9025-8e605fba22d1", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:02:21 AM", "ModificationTime : 2/4/2021 7:02:22 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Domain Controllers Enhanced Auditing Policy", "GpoId : ea5d77af-56c6-4e6a-9025-8e605fba22d1", "Enabled : True", "Enforced : True", "Order : 5", "Target : OU=Domain Controllers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "[07:02] Importing Servers Enhanced Auditing Policy...", "DisplayName : Servers Enhanced Auditing Policy", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 337aea53-803d-4412-a20e-cdf4cd0ab44e", "GpoStatus : UserSettingsDisabled", "Description : ", "CreationTime : 2/4/2021 7:02:22 AM", "ModificationTime : 2/4/2021 7:02:23 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Servers Enhanced Auditing Policy", "GpoId : 337aea53-803d-4412-a20e-cdf4cd0ab44e", "Enabled : True", "Enforced : True", "Order : 4", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "[07:02] Importing Workstations Enhanced Auditing Policy...", "DisplayName : Workstations Enhanced Auditing Policy", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 5eda69f8-a22b-424e-92d3-84274675a3b0", "GpoStatus : UserSettingsDisabled", "Description : ", "CreationTime : 2/4/2021 7:02:23 AM", "ModificationTime : 2/4/2021 7:02:24 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Workstations Enhanced Auditing Policy", "GpoId : 5eda69f8-a22b-424e-92d3-84274675a3b0", "Enabled : True", "Enforced : True", "Order : 4", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:02] Configuring auditing policy GPOs...",
"[07:02] Importing Domain Controllers Enhanced Auditing Policy...",
"",
"",
"DisplayName : Domain Controllers Enhanced Auditing Policy",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : ea5d77af-56c6-4e6a-9025-8e605fba22d1",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:02:21 AM",
"ModificationTime : 2/4/2021 7:02:22 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Domain Controllers Enhanced Auditing Policy",
"GpoId : ea5d77af-56c6-4e6a-9025-8e605fba22d1",
"Enabled : True",
"Enforced : True",
"Order : 5",
"Target : OU=Domain Controllers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"[07:02] Importing Servers Enhanced Auditing Policy...",
"DisplayName : Servers Enhanced Auditing Policy",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 337aea53-803d-4412-a20e-cdf4cd0ab44e",
"GpoStatus : UserSettingsDisabled",
"Description : ",
"CreationTime : 2/4/2021 7:02:22 AM",
"ModificationTime : 2/4/2021 7:02:23 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Servers Enhanced Auditing Policy",
"GpoId : 337aea53-803d-4412-a20e-cdf4cd0ab44e",
"Enabled : True",
"Enforced : True",
"Order : 4",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"[07:02] Importing Workstations Enhanced Auditing Policy...",
"DisplayName : Workstations Enhanced Auditing Policy",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 5eda69f8-a22b-424e-92d3-84274675a3b0",
"GpoStatus : UserSettingsDisabled",
"Description : ",
"CreationTime : 2/4/2021 7:02:23 AM",
"ModificationTime : 2/4/2021 7:02:24 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Workstations Enhanced Auditing Policy",
"GpoId : 5eda69f8-a22b-424e-92d3-84274675a3b0",
"Enabled : True",
"Enforced : True",
"Order : 4",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
""
]
}
TASK [dc : Disable Windows Defender GPO] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-disable-windows-defender-gpo.ps1", "delta": "0:00:15.937684", "end": "2021-02-04 07:02:55.587472", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:02:39.649788", "stderr": "", "stderr_lines": [], "stdout": "[07:02] Importing the GPO to disable Windows Defender...\n\r\n\r\nDisplayName : Disable Windows Defender\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:02:40 AM\r\nModificationTime : 2/4/2021 7:02:41 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Disable Windows Defender\r\nGpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48\r\nEnabled : True\r\nEnforced : True\r\nOrder : 5\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Disable Windows Defender\r\nGpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48\r\nEnabled : True\r\nEnforced : True\r\nOrder : 5\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\nUpdating policy...\r\r\n\r\r\nComputer Policy update has completed successfully.\r\r\nUser Policy update has completed successfully.\r\r\n\r\r\n\r\n\r\n", "stdout_lines": ["[07:02] Importing the GPO to disable Windows Defender...", "", "", "DisplayName : Disable Windows Defender", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : b2b86acb-35ac-4aa5-9ee3-cb5821728b48", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:02:40 AM", "ModificationTime : 2/4/2021 7:02:41 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Disable Windows Defender", "GpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48", "Enabled : True", "Enforced : True", "Order : 5", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Disable Windows Defender", "GpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48", "Enabled : True", "Enforced : True", "Order : 5", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "Updating policy...", "", "", "", "Computer Policy update has completed successfully.", "", "User Policy update has completed successfully.", "", "", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:02] Importing the GPO to disable Windows Defender...",
"",
"",
"DisplayName : Disable Windows Defender",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : b2b86acb-35ac-4aa5-9ee3-cb5821728b48",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:02:40 AM",
"ModificationTime : 2/4/2021 7:02:41 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Disable Windows Defender",
"GpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48",
"Enabled : True",
"Enforced : True",
"Order : 5",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Disable Windows Defender",
"GpoId : b2b86acb-35ac-4aa5-9ee3-cb5821728b48",
"Enabled : True",
"Enforced : True",
"Order : 5",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"Updating policy...",
"",
"",
"",
"Computer Policy update has completed successfully.",
"",
"User Policy update has completed successfully.",
"",
"",
"",
"",
""
]
}
TASK [dc : Configure RDP Permissions GPO] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-rdp-user-gpo.ps1", "delta": "0:00:15.105379", "end": "2021-02-04 07:03:16.512253", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:03:01.406874", "stderr": "", "stderr_lines": [], "stdout": "[07:03] Importing the GPO to allow windomain/vagrant to RDP...\n\r\n\r\nDisplayName : Allow Domain Users RDP\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:03:01 AM\r\nModificationTime : 2/4/2021 7:03:02 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n\r\nDisplayName : Allow Domain Users RDP\r\nGpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080\r\nEnabled : True\r\nEnforced : True\r\nOrder : 6\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Allow Domain Users RDP\r\nGpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080\r\nEnabled : True\r\nEnforced : True\r\nOrder : 6\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\nUpdating policy...\r\r\n\r\r\nComputer Policy update has completed successfully.\r\r\nUser Policy update has completed successfully.\r\r\n\r\r\n\r\n\r\n", "stdout_lines": ["[07:03] Importing the GPO to allow windomain/vagrant to RDP...", "", "", "DisplayName : Allow Domain Users RDP", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 21dffdd3-fd97-4310-9a66-3a18b8d1f080", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:03:01 AM", "ModificationTime : 2/4/2021 7:03:02 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "", "DisplayName : Allow Domain Users RDP", "GpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080", "Enabled : True", "Enforced : True", "Order : 6", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Allow Domain Users RDP", "GpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080", "Enabled : True", "Enforced : True", "Order : 6", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "Updating policy...", "", "", "", "Computer Policy update has completed successfully.", "", "User Policy update has completed successfully.", "", "", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:03] Importing the GPO to allow windomain/vagrant to RDP...",
"",
"",
"DisplayName : Allow Domain Users RDP",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 21dffdd3-fd97-4310-9a66-3a18b8d1f080",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:03:01 AM",
"ModificationTime : 2/4/2021 7:03:02 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"",
"DisplayName : Allow Domain Users RDP",
"GpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080",
"Enabled : True",
"Enforced : True",
"Order : 6",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Allow Domain Users RDP",
"GpoId : 21dffdd3-fd97-4310-9a66-3a18b8d1f080",
"Enabled : True",
"Enforced : True",
"Order : 6",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"Updating policy...",
"",
"",
"",
"Computer Policy update has completed successfully.",
"",
"User Policy update has completed successfully.",
"",
"",
"",
"",
""
]
}
TASK [dc : Configure Taskbar Layout GPO] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\\\configure-taskbar-layout-gpo.ps1", "delta": "0:00:14.520273", "end": "2021-02-04 07:03:36.907633", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:03:22.387360", "stderr": "", "stderr_lines": [], "stdout": "[07:03] Importing the GPO to set the Taskbar layout...\n\r\n\r\nDisplayName : Taskbar Layout\r\nDomainName : windomain.local\r\nOwner : WINDOMAIN\\Domain Admins\r\nId : 353a8869-a431-455a-b290-d2a663da13b0\r\nGpoStatus : AllSettingsEnabled\r\nDescription : \r\nCreationTime : 2/4/2021 7:03:22 AM\r\nModificationTime : 2/4/2021 7:03:23 AM\r\nUserVersion : AD Version: 1, SysVol Version: 1\r\nComputerVersion : AD Version: 1, SysVol Version: 1\r\nWmiFilter : \r\n\r\n[07:03] Copying layout file to SYSVOL...\n\r\nDisplayName : Taskbar Layout\r\nGpoId : 353a8869-a431-455a-b290-d2a663da13b0\r\nEnabled : True\r\nEnforced : True\r\nOrder : 6\r\nTarget : OU=Domain Controllers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Taskbar Layout\r\nGpoId : 353a8869-a431-455a-b290-d2a663da13b0\r\nEnabled : True\r\nEnforced : True\r\nOrder : 7\r\nTarget : OU=Workstations,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\n\r\nDisplayName : Taskbar Layout\r\nGpoId : 353a8869-a431-455a-b290-d2a663da13b0\r\nEnabled : True\r\nEnforced : True\r\nOrder : 7\r\nTarget : OU=Servers,DC=windomain,DC=local\r\nGpoDomainName : windomain.local\r\n\r\nUpdating policy...\r\r\n\r\r\nComputer Policy update has completed successfully.\r\r\nUser Policy update has completed successfully.\r\r\n\r\r\n\r\n\r\n", "stdout_lines": ["[07:03] Importing the GPO to set the Taskbar layout...", "", "", "DisplayName : Taskbar Layout", "DomainName : windomain.local", "Owner : WINDOMAIN\\Domain Admins", "Id : 353a8869-a431-455a-b290-d2a663da13b0", "GpoStatus : AllSettingsEnabled", "Description : ", "CreationTime : 2/4/2021 7:03:22 AM", "ModificationTime : 2/4/2021 7:03:23 AM", "UserVersion : AD Version: 1, SysVol Version: 1", "ComputerVersion : AD Version: 1, SysVol Version: 1", "WmiFilter : ", "", "[07:03] Copying layout file to SYSVOL...", "", "DisplayName : Taskbar Layout", "GpoId : 353a8869-a431-455a-b290-d2a663da13b0", "Enabled : True", "Enforced : True", "Order : 6", "Target : OU=Domain Controllers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Taskbar Layout", "GpoId : 353a8869-a431-455a-b290-d2a663da13b0", "Enabled : True", "Enforced : True", "Order : 7", "Target : OU=Workstations,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "", "DisplayName : Taskbar Layout", "GpoId : 353a8869-a431-455a-b290-d2a663da13b0", "Enabled : True", "Enforced : True", "Order : 7", "Target : OU=Servers,DC=windomain,DC=local", "GpoDomainName : windomain.local", "", "Updating policy...", "", "", "", "Computer Policy update has completed successfully.", "", "User Policy update has completed successfully.", "", "", "", "", ""]}
TASK [dc : debug] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:03] Importing the GPO to set the Taskbar layout...",
"",
"",
"DisplayName : Taskbar Layout",
"DomainName : windomain.local",
"Owner : WINDOMAIN\\Domain Admins",
"Id : 353a8869-a431-455a-b290-d2a663da13b0",
"GpoStatus : AllSettingsEnabled",
"Description : ",
"CreationTime : 2/4/2021 7:03:22 AM",
"ModificationTime : 2/4/2021 7:03:23 AM",
"UserVersion : AD Version: 1, SysVol Version: 1",
"ComputerVersion : AD Version: 1, SysVol Version: 1",
"WmiFilter : ",
"",
"[07:03] Copying layout file to SYSVOL...",
"",
"DisplayName : Taskbar Layout",
"GpoId : 353a8869-a431-455a-b290-d2a663da13b0",
"Enabled : True",
"Enforced : True",
"Order : 6",
"Target : OU=Domain Controllers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Taskbar Layout",
"GpoId : 353a8869-a431-455a-b290-d2a663da13b0",
"Enabled : True",
"Enforced : True",
"Order : 7",
"Target : OU=Workstations,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"",
"DisplayName : Taskbar Layout",
"GpoId : 353a8869-a431-455a-b290-d2a663da13b0",
"Enabled : True",
"Enforced : True",
"Order : 7",
"Target : OU=Servers,DC=windomain,DC=local",
"GpoDomainName : windomain.local",
"",
"Updating policy...",
"",
"",
"",
"Computer Policy update has completed successfully.",
"",
"User Policy update has completed successfully.",
"",
"",
"",
"",
""
]
}
TASK [dc : Configure DC with raw Commands] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => (item=wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}) => {"ansible_loop_var": "item", "changed": true, "cmd": "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}", "delta": "0:00:16.329722", "end": "2021-02-04 07:03:58.068716", "item": "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}", "rc": 0, "start": "2021-02-04 07:03:41.738993", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
changed: [52.183.114.222] => (item=Set-SmbServerConfiguration -AuditSmb1Access $true -Force) => {"ansible_loop_var": "item", "changed": true, "cmd": "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", "delta": "0:00:02.819948", "end": "2021-02-04 07:04:04.399264", "item": "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", "rc": 0, "start": "2021-02-04 07:04:01.579315", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [common : Downloading the Palantir WEF Configuration] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\download_palantir_wef.ps1", "delta": "0:00:03.362004", "end": "2021-02-04 07:04:11.521560", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:04:08.159555", "stderr": "", "stderr_lines": [], "stdout": "[07:04] Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github...\n[07:04] Palantir WEF download complete!\n", "stdout_lines": ["[07:04] Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github...", "[07:04] Palantir WEF download complete!"]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:04] Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github...",
"[07:04] Palantir WEF download complete!"
]
}
TASK [common : Installing osquery] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\install-osquery.ps1", "delta": "0:00:13.340077", "end": "2021-02-04 07:04:28.588007", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:04:15.247929", "stderr": "", "stderr_lines": [], "stdout": "[07:04] Installing osquery...\nInstalling the following packages:\r\nosquery\r\nBy installing you accept licenses for the packages.\r\n\r\nosquery v4.5.1 [Approved]\r\nosquery package files install completed. Performing other installation steps.\r\nC:\\Program Files\\osquery\\log\r\nTrue\r\nPATH environment variable does not have C:\\Program Files\\osquery in it. Adding...\r\nEnvironment Vars (like PATH) have changed. Close/reopen your shell to\r\n see the changes (or in powershell/cmd.exe just type `refreshenv`).\r\n ShimGen has successfully created a shim for osqueryi.exe\r\n ShimGen has successfully created a shim for osqueryd.exe\r\n The install of osquery was successful.\r\n Software install location not explicitly set, could be in package or\r\n default install location if installer.\r\n\r\nChocolatey installed 1/1 packages. \r\n See the log for details (C:\\ProgramData\\chocolatey\\logs\\chocolatey.log).\r\n\r\n[07:04] Setting osquery to run as a service\n\r\nStatus Name DisplayName \r\n------ ---- ----------- \r\nStopped osqueryd osqueryd \r\n[07:04] Adding kolide to the hosts file\n\r\n\r\n", "stdout_lines": ["[07:04] Installing osquery...", "Installing the following packages:", "osquery", "By installing you accept licenses for the packages.", "", "osquery v4.5.1 [Approved]", "osquery package files install completed. Performing other installation steps.", "C:\\Program Files\\osquery\\log", "True", "PATH environment variable does not have C:\\Program Files\\osquery in it. Adding...", "Environment Vars (like PATH) have changed. Close/reopen your shell to", " see the changes (or in powershell/cmd.exe just type `refreshenv`).", " ShimGen has successfully created a shim for osqueryi.exe", " ShimGen has successfully created a shim for osqueryd.exe", " The install of osquery was successful.", " Software install location not explicitly set, could be in package or", " default install location if installer.", "", "Chocolatey installed 1/1 packages. ", " See the log for details (C:\\ProgramData\\chocolatey\\logs\\chocolatey.log).", "", "[07:04] Setting osquery to run as a service", "", "Status Name DisplayName ", "------ ---- ----------- ", "Stopped osqueryd osqueryd ", "[07:04] Adding kolide to the hosts file", "", ""]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:04] Installing osquery...",
"Installing the following packages:",
"osquery",
"By installing you accept licenses for the packages.",
"",
"osquery v4.5.1 [Approved]",
"osquery package files install completed. Performing other installation steps.",
"C:\\Program Files\\osquery\\log",
"True",
"PATH environment variable does not have C:\\Program Files\\osquery in it. Adding...",
"Environment Vars (like PATH) have changed. Close/reopen your shell to",
" see the changes (or in powershell/cmd.exe just type `refreshenv`).",
" ShimGen has successfully created a shim for osqueryi.exe",
" ShimGen has successfully created a shim for osqueryd.exe",
" The install of osquery was successful.",
" Software install location not explicitly set, could be in package or",
" default install location if installer.",
"",
"Chocolatey installed 1/1 packages. ",
" See the log for details (C:\\ProgramData\\chocolatey\\logs\\chocolatey.log).",
"",
"[07:04] Setting osquery to run as a service",
"",
"Status Name DisplayName ",
"------ ---- ----------- ",
"Stopped osqueryd osqueryd ",
"[07:04] Adding kolide to the hosts file",
"",
""
]
}
TASK [common : Installing SysInternals Tools] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\install-sysinternals.ps1", "delta": "0:00:08.409879", "end": "2021-02-04 07:04:40.853783", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:04:32.443904", "stderr": "", "stderr_lines": [], "stdout": "[07:04] Installing SysInternals Tooling...\n\r\n\r\n Directory: C:\\Tools\r\n\r\n\r\nMode LastWriteTime Length Name \r\n---- ------------- ------ ---- \r\nd----- 2/4/2021 7:04 AM Sysinternals \r\n\r\n\r\n Directory: C:\\ProgramData\r\n\r\n\r\nMode LastWriteTime Length Name \r\n---- ------------- ------ ---- \r\nd----- 2/4/2021 7:04 AM Sysmon \r\n[07:04] Downloading Autoruns64.exe...\n[07:04] Downloading Procmon.exe...\n[07:04] Downloading PsExec64.exe...\n[07:04] Downloading procexp64.exe...\n[07:04] Downloading Sysmon64.exe...\n[07:04] Downloading Tcpview.exe...\n[07:04] Downloading Olaf Hartong's Sysmon config...\n[07:04] Starting Sysmon...\n[07:04] Verifying that the Sysmon service is running...\n\r\n\r\n", "stdout_lines": ["[07:04] Installing SysInternals Tooling...", "", "", " Directory: C:\\Tools", "", "", "Mode LastWriteTime Length Name ", "---- ------------- ------ ---- ", "d----- 2/4/2021 7:04 AM Sysinternals ", "", "", " Directory: C:\\ProgramData", "", "", "Mode LastWriteTime Length Name ", "---- ------------- ------ ---- ", "d----- 2/4/2021 7:04 AM Sysmon ", "[07:04] Downloading Autoruns64.exe...", "[07:04] Downloading Procmon.exe...", "[07:04] Downloading PsExec64.exe...", "[07:04] Downloading procexp64.exe...", "[07:04] Downloading Sysmon64.exe...", "[07:04] Downloading Tcpview.exe...", "[07:04] Downloading Olaf Hartong's Sysmon config...", "[07:04] Starting Sysmon...", "[07:04] Verifying that the Sysmon service is running...", "", ""]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:04] Installing SysInternals Tooling...",
"",
"",
" Directory: C:\\Tools",
"",
"",
"Mode LastWriteTime Length Name ",
"---- ------------- ------ ---- ",
"d----- 2/4/2021 7:04 AM Sysinternals ",
"",
"",
" Directory: C:\\ProgramData",
"",
"",
"Mode LastWriteTime Length Name ",
"---- ------------- ------ ---- ",
"d----- 2/4/2021 7:04 AM Sysmon ",
"[07:04] Downloading Autoruns64.exe...",
"[07:04] Downloading Procmon.exe...",
"[07:04] Downloading PsExec64.exe...",
"[07:04] Downloading procexp64.exe...",
"[07:04] Downloading Sysmon64.exe...",
"[07:04] Downloading Tcpview.exe...",
"[07:04] Downloading Olaf Hartong's Sysmon config...",
"[07:04] Starting Sysmon...",
"[07:04] Verifying that the Sysmon service is running...",
"",
""
]
}
TASK [common : Installing Velociraptor] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\install-velociraptor.ps1", "delta": "0:00:17.202826", "end": "2021-02-04 07:05:09.395544", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:04:52.192717", "stderr": "", "stderr_lines": [], "stdout": "[07:04] Adding logger to the hosts file\n[07:04] Determining latest release of Velociraptor...\n[07:04] Downloading Velociraptor...\n[07:04] Installing Velociraptor...\n[07:05] Velociraptor successfully installed!\n", "stdout_lines": ["[07:04] Adding logger to the hosts file", "[07:04] Determining latest release of Velociraptor...", "[07:04] Downloading Velociraptor...", "[07:04] Installing Velociraptor...", "[07:05] Velociraptor successfully installed!"]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:04] Adding logger to the hosts file",
"[07:04] Determining latest release of Velociraptor...",
"[07:04] Downloading Velociraptor...",
"[07:04] Installing Velociraptor...",
"[07:05] Velociraptor successfully installed!"
]
}
TASK [common : Installing AutorunsToWineventlog] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\install-autorunstowineventlog.ps1", "delta": "0:00:05.324661", "end": "2021-02-04 07:05:18.920460", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:05:13.595798", "stderr": "", "stderr_lines": [], "stdout": "[07:05] Installing AutorunsToWinEventLog...\n\r\n\r\n Directory: C:\\Program Files\r\n\r\n\r\nMode LastWriteTime Length Name \r\n---- ------------- ------ ---- \r\nd----- 2/4/2021 7:05 AM AutorunsToWinEventLog \r\n\r\nActions : {MSFT_TaskExecAction}\r\nAuthor : \r\nDate : \r\nDescription : \r\nDocumentation : \r\nPrincipal : MSFT_TaskPrincipal2\r\nSecurityDescriptor : \r\nSettings : MSFT_TaskSettings3\r\nSource : \r\nState : Ready\r\nTaskName : AutorunsToWinEventLog\r\nTaskPath : \\\r\nTriggers : {MSFT_TaskDailyTrigger}\r\nURI : \\AutorunsToWinEventLog\r\nVersion : \r\nPSComputerName : \r\n\r\n\r\nActions : {MSFT_TaskExecAction}\r\nAuthor : \r\nDate : \r\nDescription : \r\nDocumentation : \r\nPrincipal : MSFT_TaskPrincipal2\r\nSecurityDescriptor : \r\nSettings : MSFT_TaskSettings3\r\nSource : \r\nState : Ready\r\nTaskName : AutorunsToWinEventLog\r\nTaskPath : \\\r\nTriggers : {MSFT_TaskDailyTrigger}\r\nURI : \\AutorunsToWinEventLog\r\nVersion : \r\nPSComputerName : \r\n\r\n[07:05] AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am\n\r\n\r\n", "stdout_lines": ["[07:05] Installing AutorunsToWinEventLog...", "", "", " Directory: C:\\Program Files", "", "", "Mode LastWriteTime Length Name ", "---- ------------- ------ ---- ", "d----- 2/4/2021 7:05 AM AutorunsToWinEventLog ", "", "Actions : {MSFT_TaskExecAction}", "Author : ", "Date : ", "Description : ", "Documentation : ", "Principal : MSFT_TaskPrincipal2", "SecurityDescriptor : ", "Settings : MSFT_TaskSettings3", "Source : ", "State : Ready", "TaskName : AutorunsToWinEventLog", "TaskPath : \\", "Triggers : {MSFT_TaskDailyTrigger}", "URI : \\AutorunsToWinEventLog", "Version : ", "PSComputerName : ", "", "", "Actions : {MSFT_TaskExecAction}", "Author : ", "Date : ", "Description : ", "Documentation : ", "Principal : MSFT_TaskPrincipal2", "SecurityDescriptor : ", "Settings : MSFT_TaskSettings3", "Source : ", "State : Ready", "TaskName : AutorunsToWinEventLog", "TaskPath : \\", "Triggers : {MSFT_TaskDailyTrigger}", "URI : \\AutorunsToWinEventLog", "Version : ", "PSComputerName : ", "", "[07:05] AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am", "", ""]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:05] Installing AutorunsToWinEventLog...",
"",
"",
" Directory: C:\\Program Files",
"",
"",
"Mode LastWriteTime Length Name ",
"---- ------------- ------ ---- ",
"d----- 2/4/2021 7:05 AM AutorunsToWinEventLog ",
"",
"Actions : {MSFT_TaskExecAction}",
"Author : ",
"Date : ",
"Description : ",
"Documentation : ",
"Principal : MSFT_TaskPrincipal2",
"SecurityDescriptor : ",
"Settings : MSFT_TaskSettings3",
"Source : ",
"State : Ready",
"TaskName : AutorunsToWinEventLog",
"TaskPath : \\",
"Triggers : {MSFT_TaskDailyTrigger}",
"URI : \\AutorunsToWinEventLog",
"Version : ",
"PSComputerName : ",
"",
"",
"Actions : {MSFT_TaskExecAction}",
"Author : ",
"Date : ",
"Description : ",
"Documentation : ",
"Principal : MSFT_TaskPrincipal2",
"SecurityDescriptor : ",
"Settings : MSFT_TaskSettings3",
"Source : ",
"State : Ready",
"TaskName : AutorunsToWinEventLog",
"TaskPath : \\",
"Triggers : {MSFT_TaskDailyTrigger}",
"URI : \\AutorunsToWinEventLog",
"Version : ",
"PSComputerName : ",
"",
"[07:05] AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am",
"",
""
]
}
TASK [common : Installing Red Team Tooling] *******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "cmd": ".\\install-redteam.ps1", "delta": "0:00:24.949813", "end": "2021-02-04 07:05:48.021904", "failed_when_result": false, "rc": 0, "start": "2021-02-04 07:05:23.072091", "stderr": "", "stderr_lines": [], "stdout": "[07:05] Installing Red Team Tooling...\n[07:05] Windows Defender has already been disabled or uninstalled.\n[07:05] Determining latest release of Mimikatz...\n[07:05] Downloading Powersploit...\n[07:05] Downloading BadBlood...\n[07:05] Downloading Invoke-AtomicRedTeam and atomic tests...\n\r\nName Version Source Summary \r\n---- ------- ------ ------- \r\nnuget 2.8.5.208 https://onege... NuGet provider for the OneGet meta-package manager \r\nInstallation of Invoke-AtomicRedTeam is complete. You can now use the Invoke-AtomicTest function\nSee Wiki at https://github.com/redcanaryco/invoke-atomicredteam/wiki for complete details\n[07:05] Updating Profile.ps1 to import the Invoke-AtomicRedTeam module...\n\r\nPSPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools\\PurpleSharp\r\nPSParentPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools\r\nPSChildName : PurpleSharp\r\nPSDrive : C\r\nPSProvider : Microsoft.PowerShell.Core\\FileSystem\r\nPSIsContainer : True\r\nName : PurpleSharp\r\nFullName : C:\\Tools\\PurpleSharp\r\nParent : Tools\r\nExists : True\r\nRoot : C:\\\r\nExtension : \r\nCreationTime : 2/4/2021 7:05:44 AM\r\nCreationTimeUtc : 2/4/2021 7:05:44 AM\r\nLastAccessTime : 2/4/2021 7:05:44 AM\r\nLastAccessTimeUtc : 2/4/2021 7:05:44 AM\r\nLastWriteTime : 2/4/2021 7:05:44 AM\r\nLastWriteTimeUtc : 2/4/2021 7:05:44 AM\r\nAttributes : Directory\r\nMode : d-----\r\nBaseName : PurpleSharp\r\nTarget : {}\r\nLinkType : \r\n\r\n[07:05] Determining latest release of Purplesharp...\n[07:05] Red Team tooling installation complete!\n\r\n\r\n", "stdout_lines": ["[07:05] Installing Red Team Tooling...", "[07:05] Windows Defender has already been disabled or uninstalled.", "[07:05] Determining latest release of Mimikatz...", "[07:05] Downloading Powersploit...", "[07:05] Downloading BadBlood...", "[07:05] Downloading Invoke-AtomicRedTeam and atomic tests...", "", "Name Version Source Summary ", "---- ------- ------ ------- ", "nuget 2.8.5.208 https://onege... NuGet provider for the OneGet meta-package manager ", "Installation of Invoke-AtomicRedTeam is complete. You can now use the Invoke-AtomicTest function", "See Wiki at https://github.com/redcanaryco/invoke-atomicredteam/wiki for complete details", "[07:05] Updating Profile.ps1 to import the Invoke-AtomicRedTeam module...", "", "PSPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools\\PurpleSharp", "PSParentPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools", "PSChildName : PurpleSharp", "PSDrive : C", "PSProvider : Microsoft.PowerShell.Core\\FileSystem", "PSIsContainer : True", "Name : PurpleSharp", "FullName : C:\\Tools\\PurpleSharp", "Parent : Tools", "Exists : True", "Root : C:\\", "Extension : ", "CreationTime : 2/4/2021 7:05:44 AM", "CreationTimeUtc : 2/4/2021 7:05:44 AM", "LastAccessTime : 2/4/2021 7:05:44 AM", "LastAccessTimeUtc : 2/4/2021 7:05:44 AM", "LastWriteTime : 2/4/2021 7:05:44 AM", "LastWriteTimeUtc : 2/4/2021 7:05:44 AM", "Attributes : Directory", "Mode : d-----", "BaseName : PurpleSharp", "Target : {}", "LinkType : ", "", "[07:05] Determining latest release of Purplesharp...", "[07:05] Red Team tooling installation complete!", "", ""]}
TASK [common : debug] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [52.183.114.222] => {
"msg": [
"[07:05] Installing Red Team Tooling...",
"[07:05] Windows Defender has already been disabled or uninstalled.",
"[07:05] Determining latest release of Mimikatz...",
"[07:05] Downloading Powersploit...",
"[07:05] Downloading BadBlood...",
"[07:05] Downloading Invoke-AtomicRedTeam and atomic tests...",
"",
"Name Version Source Summary ",
"---- ------- ------ ------- ",
"nuget 2.8.5.208 https://onege... NuGet provider for the OneGet meta-package manager ",
"Installation of Invoke-AtomicRedTeam is complete. You can now use the Invoke-AtomicTest function",
"See Wiki at https://github.com/redcanaryco/invoke-atomicredteam/wiki for complete details",
"[07:05] Updating Profile.ps1 to import the Invoke-AtomicRedTeam module...",
"",
"PSPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools\\PurpleSharp",
"PSParentPath : Microsoft.PowerShell.Core\\FileSystem::C:\\Tools",
"PSChildName : PurpleSharp",
"PSDrive : C",
"PSProvider : Microsoft.PowerShell.Core\\FileSystem",
"PSIsContainer : True",
"Name : PurpleSharp",
"FullName : C:\\Tools\\PurpleSharp",
"Parent : Tools",
"Exists : True",
"Root : C:\\",
"Extension : ",
"CreationTime : 2/4/2021 7:05:44 AM",
"CreationTimeUtc : 2/4/2021 7:05:44 AM",
"LastAccessTime : 2/4/2021 7:05:44 AM",
"LastAccessTimeUtc : 2/4/2021 7:05:44 AM",
"LastWriteTime : 2/4/2021 7:05:44 AM",
"LastWriteTimeUtc : 2/4/2021 7:05:44 AM",
"Attributes : Directory",
"Mode : d-----",
"BaseName : PurpleSharp",
"Target : {}",
"LinkType : ",
"",
"[07:05] Determining latest release of Purplesharp...",
"[07:05] Red Team tooling installation complete!",
"",
""
]
}
TASK [common : Install Utilities] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [52.183.114.222] => {"changed": true, "rc": 0}
PLAY [wef] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
PLAY [win10] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
PLAY RECAP ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
52.183.114.222 : ok=37 changed=22 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment