Skip to content
This repository was archived by the owner on Nov 15, 2024. It is now read-only.

Commit 688f8df

Browse files
author
Jason Helmick
authored
Merge pull request #59 from theJasonHelmick/Dev-Release-Test
Dev release test
2 parents b7a089c + 1a1ec18 commit 688f8df

38 files changed

+2830
-1150
lines changed

Configurations/POC-MultiRole/VMConfiguration.ps1

Lines changed: 92 additions & 86 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,9 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
3434
@{ModuleName='xADCSDeployment';ModuleVersion = '1.0.0.0'}
3535

3636
#endregion
37-
37+
#region All Nodes
3838
node $AllNodes.Where({$true}).NodeName {
39+
#endregion
3940
#region LCM configuration
4041

4142
LocalConfigurationManager {
@@ -84,39 +85,19 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
8485
#endregion
8586

8687
#region Firewall Rules
87-
88-
xFirewall 'FPS-ICMP4-ERQ-In' {
89-
Name = 'FPS-ICMP4-ERQ-In'
90-
DisplayName = 'File and Printer Sharing (Echo Request - ICMPv4-In)'
91-
Description = 'Echo request messages are sent as ping requests to other nodes.'
92-
Direction = 'Inbound'
93-
Action = 'Allow'
94-
Enabled = 'True'
95-
Profile = 'Any'
96-
}
9788

98-
xFirewall 'FPS-ICMP6-ERQ-In' {
99-
Name = 'FPS-ICMP6-ERQ-In';
100-
DisplayName = 'File and Printer Sharing (Echo Request - ICMPv6-In)'
101-
Description = 'Echo request messages are sent as ping requests to other nodes.'
102-
Direction = 'Inbound'
103-
Action = 'Allow'
104-
Enabled = 'True'
105-
Profile = 'Any'
106-
}
89+
$LabData = Import-PowerShellDataFile .\*.psd1
90+
$FireWallRules = $labdata.Allnodes.FirealllRuleNames
10791

108-
xFirewall 'FPS-SMB-In-TCP' {
109-
Name = 'FPS-SMB-In-TCP'
110-
DisplayName = 'File and Printer Sharing (SMB-In)'
111-
Description = 'Inbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445]'
112-
Direction = 'Inbound'
113-
Action = 'Allow'
92+
foreach ($Rule in $FireWallRules) {
93+
xFirewall $Rule {
94+
Name = $Rule.name
11495
Enabled = 'True'
115-
Profile = 'Any'
11696
}
117-
#endregion
97+
} #End foreach
11898

119-
} #end nodes ALL
99+
} #end Firewall Rules
100+
#endregion
120101

121102
#region Domain Controller config
122103

@@ -290,6 +271,88 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
290271
} #end DHCP Config
291272
#endregion
292273

274+
#region Web config
275+
node $AllNodes.Where({$_.Role -eq 'Web'}).NodeName {
276+
277+
foreach ($feature in @(
278+
'web-Server'
279+
280+
)) {
281+
WindowsFeature $feature.Replace('-','') {
282+
Ensure = 'Present'
283+
Name = $feature
284+
IncludeAllSubFeature = $False
285+
}
286+
}
287+
288+
}#end Web Config
289+
#endregion
290+
291+
#region DomainJoin config
292+
node $AllNodes.Where({$_.Role -eq 'DomainJoin'}).NodeName {
293+
294+
$DomainCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ("$($node.DomainName)\$($Credential.UserName)", $Credential.Password)
295+
296+
xWaitForADDomain DscForestWait {
297+
DomainName = $Node.DomainName
298+
DomainUserCredential = $DomainCredential
299+
RetryCount = '20'
300+
RetryIntervalSec = '60'
301+
}
302+
303+
xComputer JoinDC {
304+
Name = $Node.NodeName
305+
DomainName = $Node.DomainName
306+
Credential = $DomainCredential
307+
DependsOn = '[xWaitForADDomain]DSCForestWait'
308+
}
309+
}#end DomianJoin Config
310+
#endregion
311+
312+
#region RSAT config
313+
node $AllNodes.Where({$_.Role -eq 'RSAT'}).NodeName {
314+
# Adds RSAT
315+
316+
xHotfix RSAT {
317+
Id = 'KB2693643'
318+
Path = 'c:\Resources\WindowsTH-RSAT_WS2016-x64.msu'
319+
Credential = $DomainCredential
320+
DependsOn = '[xcomputer]JoinDC'
321+
Ensure = 'Present'
322+
}
323+
324+
xPendingReboot Reboot {
325+
Name = 'AfterRSATInstall'
326+
DependsOn = '[xHotFix]RSAT'
327+
}
328+
329+
330+
}#end RSAT Config
331+
332+
#region RDP config
333+
node $AllNodes.Where({$_.Role -eq 'RDP'}).NodeName {
334+
# Adds RDP support and opens Firewall rules
335+
336+
Registry RDP {
337+
Key = 'HKLM:\System\ControlSet001\Control\Terminal Server'
338+
ValueName = 'fDenyTSConnections'
339+
ValueType = 'Dword'
340+
ValueData = '0'
341+
Ensure = 'Present'
342+
}
343+
foreach ($Rule in @(
344+
'RemoteDesktop-UserMode-In-TCP',
345+
'RemoteDesktop-UserMode-In-UDP',
346+
'RemoteDesktop-Shadow-In-TCP'
347+
)) {
348+
xFirewall $Rule {
349+
Name = $Rule
350+
Enabled = 'True'
351+
DependsOn = '[Registry]RDP'
352+
}
353+
} # End RDP
354+
}
355+
#endregion
293356
#region ADCS
294357

295358
node $AllNodes.Where({$_.Role -eq 'ADCS'}).NodeName {
@@ -687,63 +750,6 @@ $credential = New-Object -typename Pscredential -ArgumentList Administrator, $se
687750

688751
} #end ADCS Config
689752

690-
#region Web config
691-
node $AllNodes.Where({$_.Role -eq 'Web'}).NodeName {
692-
693-
foreach ($feature in @(
694-
'web-Server'
695-
696-
)) {
697-
WindowsFeature $feature.Replace('-','') {
698-
Ensure = 'Present'
699-
Name = $feature
700-
IncludeAllSubFeature = $False
701-
}
702-
}
703-
704-
}#end Web Config
705-
#endregion
706-
707-
#region DomainJoin config
708-
node $AllNodes.Where({$_.Role -eq 'DomainJoin'}).NodeName {
709-
710-
$DomainCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ("$($node.DomainName)\$($Credential.UserName)", $Credential.Password)
711-
712-
xWaitForADDomain DscForestWait {
713-
DomainName = $Node.DomainName
714-
DomainUserCredential = $DomainCredential
715-
RetryCount = '20'
716-
RetryIntervalSec = '60'
717-
}
718-
719-
xComputer JoinDC {
720-
Name = $Node.NodeName
721-
DomainName = $Node.DomainName
722-
Credential = $DomainCredential
723-
DependsOn = '[xWaitForADDomain]DSCForestWait'
724-
}
725-
}#end DomianJoin Config
726-
#endregion
727-
728-
#region RSAT config
729-
node $AllNodes.Where({$_.Role -eq 'RSAT'}).NodeName {
730-
731-
xHotfix RSAT {
732-
Id = 'KB2693643'
733-
Path = 'c:\Resources\WindowsTH-RSAT_WS2016-x64.msu'
734-
Credential = $DomainCredential
735-
DependsOn = '[xcomputer]JoinDC'
736-
Ensure = 'Present'
737-
}
738-
739-
xPendingReboot Reboot {
740-
Name = 'AfterRSATInstall'
741-
DependsOn = '[xHotFix]RSAT'
742-
}
743-
744-
745-
}#end RSAT Config
746-
#endregion
747753
} # End AllNodes
748754
#endregion
749755

Configurations/POC-MultiRole/VMConfigurationData.psd1

Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,13 @@ demonstrations and would need to be modified for your environment.
3232
IPNetwork = '192.168.3.0/24'
3333
IPNatName = 'LabNat'
3434
DnsServerAddress = '192.168.3.10'
35+
36+
# Firewall settings to enable
37+
FirewallRuleNames = @(
38+
'FPS-ICMP4-ERQ-In';
39+
'FPS-ICMP6-ERQ-In';
40+
'FPS-SMB-In-TCP'
41+
)
3542

3643
# Domain and Domain Controller information
3744
DomainName = "Company.Pri"
@@ -69,7 +76,7 @@ demonstrations and would need to be modified for your environment.
6976
# Lability default node settings
7077
Lability_SwitchName = 'LabNet'
7178
Lability_ProcessorCount = 1
72-
Lability_StartupMemory = 1GB
79+
Lability_MinimumMemory = 1GB
7380
SecureBoot = $false
7481
Lability_Media = '2016_x64_Standard_Core_EN_Eval' # Can be Core,Win10,2012R2,nano
7582
# 2016_x64_Standard_EN_Eval
@@ -86,14 +93,24 @@ demonstrations and would need to be modified for your environment.
8693
# WIN10_x64_Enterprise_EN_Eval
8794
}
8895

96+
<# Available Roles for computers
97+
DC = Domain Controller
98+
DHCP = Dynamic Host Configuration Protocol
99+
ADCS = Active Directory Certificate SErvices - plus autoenrollment GPO's and DSC and web server certs
100+
Web = Basic web server
101+
RSAT = Remote Server Administration Tools for the client
102+
RDP = enables RDP and opens up required firewall rules
103+
DomainJoin = joions a computer to the domain
104+
#>
89105
@{
90106
NodeName = 'DC1'
91107
IPAddress = '192.168.3.10'
92-
Role = @('DC', 'DHCP','ADCS')
108+
Role = @('DC', 'DHCP', 'ADCS')
93109
Lability_BootOrder = 10
94110
Lability_BootDelay = 60 # Number of seconds to delay before others
95111
Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
96-
Lability_StartupMemory = 2GB
112+
Lability_Media = '2016_x64_Standard_Core_EN_Eval'
113+
Lability_MinimumMemory = 2GB
97114
Lability_ProcessorCount = 2
98115
CustomBootStrap = @'
99116
# This must be set to handle larger .mof files
@@ -106,8 +123,9 @@ demonstrations and would need to be modified for your environment.
106123
IPAddress = '192.168.3.50'
107124
#Role = 'DomainJoin' # example of multiple roles @('DomainJoin', 'Web')
108125
Role = @('DomainJoin', 'Web')
109-
Lability_BootOrder = 20
126+
Lability_BootOrder = 20
110127
Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
128+
Lability_Media = '2016_x64_Standard_Core_EN_Eval'
111129
}
112130

113131
@{
@@ -123,22 +141,19 @@ demonstrations and would need to be modified for your environment.
123141
@{
124142
NodeName = 'Cli1'
125143
IPAddress = '192.168.3.100'
126-
Role = @('domainJoin', 'RSAT')
144+
Role = @('domainJoin', 'RSAT', 'RDP')
127145
Lability_ProcessorCount = 2
128-
Lability_StartupMemory = 4GB
146+
Lability_MinimumMemory = 2GB
129147
Lability_Media = 'WIN10_x64_Enterprise_EN_Eval'
130148
Lability_BootOrder = 20
131149
Lability_timeZone = 'US Mountain Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
132150
Lability_Resource = @('Win10RSAT')
133151
CustomBootStrap = @'
134152
# To enable PSRemoting on the client
135153
Enable-PSRemoting -SkipNetworkProfileCheck -Force;
136-
# To enable RDP
137-
Set-ItemProperty -Path "HKLM:\System\ControlSet001\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0;
138-
139154
'@
140155
}
141-
156+
#>
142157

143158
);
144159
NonNodeData = @{

Configurations/TEST-SingleDC/VMValidate.test.ps1

Lines changed: 0 additions & 71 deletions
This file was deleted.

0 commit comments

Comments
 (0)