Last active
September 6, 2021 18:36
-
-
Save jimmwayans/daa86a8260aa74351206ef55769cb772 to your computer and use it in GitHub Desktop.
A PowerShell script to create an AutomatedLab with a domain controller, client hosts and windows exchange servers for security lab.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #create an empty lab template and define path to files where VMs will be stored | |
| New-LabDefinition -Name 'CreativeLabENV' -DefaultVirtualizationEngine HyperV -VmPath "C:\AutomatedLab-VMs\VMs\CreativeLabENV\" # If you want to place vm files in custom dir add -VmPath "drive:\path\to\directory" | |
| #defining default parameter values, as these ones are the same for all the machines | |
| $PSDefaultParameterValues = @{ | |
| 'Add-LabMachineDefinition:DomainName' = 'creativelab.com' | |
| 'Add-LabMachineDefinition:OperatingSystem' = 'Windows Server 2012 R2 Datacenter Evaluation (Server with a GUI)' | |
| 'Add-LabMachineDefinition:UserLocale' = 'en-US' | |
| } | |
| #Network Definition | |
| Add-LabVirtualNetworkDefinition -Name "Private Network" -AddressSpace 192.168.20.0/24 -HyperVProperties @{ SwitchType = 'External'; AdapterName = 'Ethernet' } | |
| #Define an External, Internet connection | |
| #Add-LabVirtualNetworkDefinition -Name External -HyperVProperties @{ SwitchType = 'External'; AdapterName = 'Ethernet' } | |
| $ServerOS = 'Windows Server 2019 Standard (Desktop Experience)' | |
| $ClientOS = 'Windows 10 Enterprise Evaluation' | |
| Set-LabInstallationCredential -Username Lesah -Password 'Hackers14*' | |
| Add-LabDomainDefinition -Name "creativelab.com" -AdminUser Administrator -AdminPassword 'Hackers14*' | |
| Add-LabIsoImageDefinition -Name Office2016 -Path $labSources\ISOs\en_office_professional_plus_2016_x86_x64_dvd_6962141.iso | |
| Add-LabIsoImageDefinition -Name Office2019 -Path $labSources\ISOs\ProPlus2019Retail.iso | |
| Add-LabIsoImageDefinition -Name SQLServer2017 -Path $labSources\ISOs\es_sql_server_2016_enterprise_x64_dvd_8702752.iso | |
| $r = Get-LabPostInstallationActivity -CustomRole Exchange2013 -Properties @{ OrganizationName = 'Creative Exchange Organization' } | |
| $x = Get-LabPostInstallationActivity -CustomRole Exchange2016 -Properties @{ OrganizationName = 'Creative Exchange Organization' } | |
| $y = Get-LabPostInstallationActivity -CustomRole Exchange2019 -Properties @{ OrganizationName = 'Creative Exchange Organization' } | |
| Add-LabMachineDefinition -Name DC1 -Memory 4GB -IpAddress 192.168.20.210 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.1 -Gateway 192.168.20.1 -OperatingSystem 'Windows Server 2019 Standard (Desktop Experience)' -MinMemory 1GB -MaxMemory 4GB -Roles RootDC | |
| Add-LabMachineDefinition -Name DC2 -Memory 4GB -IpAddress 192.168.20.211 -DnsServer1 192.168.20.211 -DnsServer2 192.168.20.210 -Gateway 192.168.20.1 -OperatingSystem 'Windows Server 2016 Datacenter (Desktop Experience)' -MinMemory 1GB -MaxMemory 5GB -Roles DC | |
| Add-LabMachineDefinition -Name Server1 -Memory 8GB -IpAddress 192.168.20.212 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -PostInstallationActivity $r -Domain creativelab.com | |
| Add-LabMachineDefinition -Name Server2 -Memory 8GB -IpAddress 192.168.20.121 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -OperatingSystem 'Windows Server 2016 Standard (Desktop Experience)' -PostInstallationActivity $x -Domain creativelab.com | |
| Add-LabMachineDefinition -Name Server3 -Memory 8GB -IpAddress 192.168.20.122 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -OperatingSystem 'Windows Server 2019 Datacenter (Desktop Experience)' -PostInstallationActivity $y -Domain creativelab.com | |
| Add-LabMachineDefinition -Name EndUser1 -Memory 1GB -IpAddress 192.168.20.128 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -OperatingSystem 'Windows 10 Pro' -MinMemory 1GB -MaxMemory 5GB -Roles Office2016 -Domain creativelab.com | |
| Add-LabMachineDefinition -Name EndUser2 -Memory 1GB -IpAddress 192.168.20.126 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -OperatingSystem 'Windows 10 Enterprise Evaluation' -MinMemory 1GB -MaxMemory 5GB -Roles Office2019 -Domain creativelab.com | |
| $postInstallActivity = Get-LabPostInstallationActivity -CustomRole Office2019 -Properties @{ IsoPath = "$labSources\ISOs\ProPlus2019Retail.iso" } | |
| $role = Get-LabMachineRoleDefinition -Role SQLServer2017 -Properties @{Features = 'SQL,Tools'} | |
| Add-LabMachineDefinition -Name AdminPC -Roles $role -Memory 4GB -Processors 4 -OperatingSystem $ServerOS -IpAddress 192.168.20.131 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -PostInstallationActivity $postInstallActivity -Domain creativelab.com | |
| Add-LabMachineDefinition -Name ClientPC -Memory 2GB -Processors 4 -OperatingSystem $ClientOS -IpAddress 192.168.20.133 -DnsServer1 192.168.20.210 -DnsServer2 192.168.20.211 -Gateway 192.168.20.1 -PostInstallationActivity $postInstallActivity -Domain creativelab.com | |
| #Download Software | |
| $AzInfoProtectionFileName = 'AzInfoProtection_UL.exe' | |
| $AzInfoProtectionFilePath = Join-Path -Path $labSources\SoftwarePackages -ChildPath $AzInfoProtectionFileName | |
| $AzInfoProtectionUri = 'https://download.microsoft.com/download/4/9/1/491251F7-46BA-46EC-B2B5-099155DD3C27/AzInfoProtection_UL.exe' | |
| if (-not (Test-Path -Path $AzInfoProtectionFilePath)) | |
| { | |
| Get-LabInternetFile -Uri $AzInfoProtectionUri -Path $AzInfoProtectionFilePath | |
| } | |
| $officeDeploymentToolFileName = 'OfficeDeploymentTool.exe' | |
| $officeDeploymentToolFilePath = Join-Path -Path $labSources\SoftwarePackages -ChildPath $officeDeploymentToolFileName | |
| $officeDeploymentToolUri = 'https://download.microsoft.com/download/2/7/A/27AF1BE6-DD20-4CB4-B154-EBAB8A7D4A7E/officedeploymenttool_12827-20268.exe' | |
| if (-not (Test-Path -Path $officeDeploymentToolFilePath)) | |
| { | |
| Get-LabInternetFile -Uri $officeDeploymentToolUri -Path $officeDeploymentToolFilePath | |
| } | |
| $PIIZIPFileName = 'docs.zip' | |
| $PIIZIPFilePath = Join-Path -Path $labSources\SoftwarePackages -ChildPath $PIIZIPFileName | |
| $PIIZIPUri = 'https://github.com/InfoProtectionTeam/Files/raw/master/Scripts/docs.zip' | |
| if (-not (Test-Path -Path $PIIZIPFilePath)) | |
| { | |
| Get-LabInternetFile -Uri $PIIZIPUri -Path $PIIZIPFilePath | |
| } | |
| Install-Lab -NetworkSwitches | |
| Install-Lab -BaseImages -VMs -Domains -StartRemainingMachines | |
| Install-Lab -Office2016 | |
| Install-Lab -Office2019 | |
| Install-Lab -PostInstallations | |
| Install-LabSoftwarePackage -ComputerName $vms -Path $labSources\SoftwarePackages\Notepad++.exe -CommandLine /S -AsJob | |
| Install-LabSoftwarePackage -ComputerName $vms -Path $labSources\SoftwarePackages\7zip.exe -CommandLine /S -AsJob | |
| Install-LabSoftwarePackage -ComputerName $vms -Path $labSources\SoftwarePackages\wazuh-agent.msi /q WAZUH_MANAGER='192.168.20.36' WAZUH_REGISTRATION_SERVER='192.168.20.36' WAZUH_AGENT_GROUP='Windows,Workstations' -CommandLine /S -AsJob | |
| Get-Job -Name 'Installation of*' | Wait-Job | Out-Null | |
| #Copy and extract PII docs on AdminPC | |
| Copy-LabFileItem -Path C:\LabSources\Files\docs.zip -ComputerName (Get-LabVm -ComputerName DC1) -DestinationFolderPath C:\PII | |
| Copy-LabFileItem -Path C:\LabSources\Files\docs.zip -ComputerName (Get-LabVm -ComputerName DC2) -DestinationFolderPath C:\PII | |
| Invoke-LabCommand -ScriptBlock { Expand-Archive -LiteralPath C:\PII\docs.zip -DestinationPath C:\PII\ } -ComputerName Server3 | |
| Invoke-LabCommand -ScriptBlock { Expand-Archive -LiteralPath C:\PII\docs.zip -DestinationPath C:\Users\Public\Documents;New-SmbShare -Name Documents -Path C:\Users\Public\Documents -FullAccess Everyone} -ComputerName EndUser1 | |
| #Copy and extract PII docs on AdminPC - 2 | |
| Copy-LabFileItem -Path C:\LabSources\SoftwarePackages\docs.zip -ComputerName (Get-LabVm -ComputerName AdminPC) -DestinationFolderPath C:\PII | |
| Invoke-LabCommand -ScriptBlock { Expand-Archive -LiteralPath C:\PII\docs.zip -DestinationPath C:\PII\ } -ComputerName AdminPC | |
| Invoke-LabCommand -ScriptBlock { Expand-Archive -LiteralPath C:\PII\docs.zip -DestinationPath C:\Users\Public\Documents;New-SmbShare -Name Documents -Path C:\Users\Public\Documents -FullAccess Everyone} -ComputerName AdminPC | |
| #Update Office 365 ProPlus | |
| Invoke-LabCommand -ScriptBlock { Set-Location "C:\Program Files\Common Files\microsoft shared\ClickToRun\"; .\OfficeC2RClient.exe /update user } -ComputerName AdminPC | |
| Invoke-LabCommand -ScriptBlock { Set-Location "C:\Program Files\Common Files\microsoft shared\ClickToRun\"; .\OfficeC2RClient.exe /update user } -ComputerName ClientPC | |
| Show-LabDeploymentSummary -Detailed | |
| Restart-LabVM -ComputerName Server1 -Wait | |
| Restart-LabVM -ComputerName Server2 -Wait | |
| Restart-LabVM -ComputerName Server3 | |
| Checkpoint-LabVM -All -SnapshotName 'FirstSnapshot' | |
| Show-LabDeploymentSummary -Detailed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment