Update with Windows10

From Jeff Hicks

Author: Jason Helmick

Configurations/Windows10/Instructions.md

@@ -0,0 +1,44 @@
+# Lab definition
+
+This lab builds the following:
+
+* 1 Workgroup joined Windows 10 Client with RSAT tools installed.
+
+It will also create a local user account with a password of `P@ssw0rd` using same name as the person running the configuration. In other words, it will use the value of `$env:username`.
+
+## To get started:
+
+    To run the full lab setup, which includes Setup-Lab, Run-Lab, Enable-Internet, and Validate-Lab:
+    PS> Unattend-Lab
+    
+    To run the commands individually to setup the lab environment:
+
+    Run the following for initial setup:
+    PS> Setup-Lab
+
+    To start the LAb, and apply configurations the first time:
+    PS> Run-Lab
+
+    To enable Internet access for the VM's, run:
+    PS> Enable-Internet
+
+    To validate when configurations have converged:
+    PS> Validate-Lab
+   
+    Once validation is complete you should connect to the VM, logon as the non-administrator account and let Windows 10 finish setting up. Then restart the computer applying any pending updates. After this you can, and should, snapshot the VM.
+
+## To Stop and snapshot the lab
+
+    To stop the lab VM's:
+    PS> Shutdown-lab
+
+    To checkpoint the VM's:
+    PS> Snapshot-Lab
+
+    To quickly rebuild the labs from the checkpoint, run:
+    PS> Refresh-Lab
+
+## To remove a lab
+    
+    To destroy the lab to build again:
+    PS> Wipe-Lab

Configurations/Windows10/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Jeff Hicks
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Configurations/Windows10/VMConfiguration.ps1

@@ -0,0 +1,166 @@
+#requires -version 5.0
+
+<# Notes:
+
+Authors: Jason Helmick and Melissa (Missy) Januszko
+
+The bulk of this DC, DHCP, ADCS config is authored by Melissa (Missy) Januszko and Jason Helmick.
+Currently on her public DSC hub located here: https://github.com/majst32/DSC_public.git
+
+Additional contributors of note: Jeff Hicks
+
+       
+Disclaimer
+
+This example code is provided without copyright and AS IS.  It is free for you to use and modify.
+Note: These demos should not be run as a script. These are the commands that I use in the 
+demonstrations and would need to be modified for your environment.
+
+#> 
+
+Configuration AutoLab {
+
+$LabData = Import-PowerShellDataFile -Path .\VMConfigurationData.psd1
+$Secure = ConvertTo-SecureString -String "$($labdata.allnodes.labpassword)" -AsPlainText -Force 
+$credential = New-Object -typename Pscredential -ArgumentList Administrator, $secure 
+
+Import-DscResource -ModuleName "PSDesiredStateConfiguration" -ModuleVersion "1.1"
+Import-DscResource -ModuleName "xPSDesiredStateConfiguration" -ModuleVersion "5.0.0.0"
+Import-DscResource -ModuleName "xComputerManagement" -ModuleVersion "1.8.0.0"
+Import-DscResource -ModuleName "xNetworking" -ModuleVersion "3.0.0.0"
+Import-DscResource -ModuleName "xWindowsUpdate" -ModuleVersion "2.5.0.0"
+Import-DscResource -ModuleName "xPendingReboot" -ModuleVersion "0.3.0.0"
+
+    Node $AllNodes.Where({$true}).NodeName {
+         xComputer ComputerName {
+            Name = $Node.NodeName
+            WorkGroupName = "Lab"
+        }
+         user Administrator {
+            UserName = "Administrator"
+            Disabled = $false
+            Password = $credential
+            PasswordChangeRequired = $false
+            PasswordNeverExpires = $True
+         }
+
+         #create a local account with the same name as the person
+         #running this config
+         user $env:username {
+            UserName = $env:username
+            Disabled = $false
+            Password = $credential
+            PasswordChangeRequired = $false
+            PasswordNeverExpires = $True
+         }
+
+         #add the user to the local Administrators group
+         group Administrators {
+             GroupName = "Administrators"
+             MembersToInclude = $env:username
+             DependsOn = "[user]$($env:username)"
+         }
+
+         #force a reboot after completing everything
+         xPendingReboot Complete {
+            Name = "Post-Config Reboot"
+            SkipPendingComputerRename = $True
+            DependsOn = @("[group]Administrators","[xComputer]ComputerName","[user]Administrator")
+         }
+
+#region LCM configuration
+        LocalConfigurationManager {
+            RebootNodeIfNeeded   = $true
+            AllowModuleOverwrite = $true
+            ConfigurationMode = 'ApplyOnly'
+        }
+#endregion
+  
+#region IPaddress settings 
+    If (-not [System.String]::IsNullOrEmpty($node.IPAddress)) {
+        xIPAddress 'PrimaryIPAddress' {
+            IPAddress      = $node.IPAddress
+            InterfaceAlias = $node.InterfaceAlias
+            PrefixLength   = $node.SubnetMask
+            AddressFamily  = $node.AddressFamily
+        }
+
+        If (-not [System.String]::IsNullOrEmpty($node.DefaultGateway)) {     
+            xDefaultGatewayAddress 'PrimaryDefaultGateway' {
+                InterfaceAlias = $node.InterfaceAlias
+                Address = $node.DefaultGateway
+                AddressFamily = $node.AddressFamily
+            }
+        }
+
+        If (-not [System.String]::IsNullOrEmpty($node.DnsServerAddress)) {                    
+            xDnsServerAddress 'PrimaryDNSClient' {
+                Address        = $node.DnsServerAddress
+                InterfaceAlias = $node.InterfaceAlias
+                AddressFamily  = $node.AddressFamily
+            }
+        }
+
+        If (-not [System.String]::IsNullOrEmpty($node.DnsConnectionSuffix)) {
+            xDnsConnectionSuffix 'PrimaryConnectionSuffix' {
+                InterfaceAlias = $node.InterfaceAlias
+                ConnectionSpecificSuffix = $node.DnsConnectionSuffix
+            }
+        }
+    } #End IF
+            
+#endregion
+
+#region Firewall Rules
+    
+    $FireWallRules = $labdata.Allnodes.FirewallRuleNames
+
+        foreach ($Rule in $FireWallRules) {
+        xFirewall $Rule {
+            Name = $Rule
+            Enabled = 'True'
+         }
+        } #End foreach
+    }
+#endregion
+
+#region RSAT config
+   node $AllNodes.Where({$_.Role -eq 'RSAT'}).NodeName {
+        # Adds RSAT
+      
+        xHotfix RSAT {
+            Id = 'KB2693643'
+            Path = 'c:\Resources\WindowsTH-RSAT_WS2016-x64.msu'
+            Ensure = 'Present'
+        }
+    
+    } #end RSAT Config
+
+#region RDP config
+   node $AllNodes.Where({$_.Role -eq 'RDP'}).NodeName {
+        # Adds RDP support and opens Firewall rules
+
+        Registry RDP {
+            Key = 'HKLM:\System\ControlSet001\Control\Terminal Server'
+            ValueName = 'fDenyTSConnections'
+            ValueType = 'Dword'
+            ValueData = '0'
+            Ensure = 'Present'
+        }
+        foreach ($Rule in @(
+                'RemoteDesktop-UserMode-In-TCP',
+                'RemoteDesktop-UserMode-In-UDP',
+                'RemoteDesktop-Shadow-In-TCP'
+        )) {
+        xFirewall $Rule {
+            Name = $Rule
+            Enabled = 'True'
+            DependsOn = '[Registry]RDP'
+        }
+    } # End RDP
+    }
+#endregion
+}   
+
+AutoLab -OutputPath .\ -ConfigurationData .\VMConfigurationData.psd1
+

Configurations/Windows10/VMConfigurationData.psd1

@@ -0,0 +1,133 @@
+<# Notes:
+       
+Disclaimer
+
+This example code is provided without copyright and AS IS.  It is free for you to use and modify.
+Note: These demos should not be run as a script. These are the commands that I use in the 
+demonstrations and would need to be modified for your environment.
+
+#> 
+
+@{
+    AllNodes = @(
+        @{
+            NodeName = '*'
+
+            # Lab Password - assigned to Administrator and Users
+            LabPassword = 'P@ssw0rd'
+            PSDscAllowPlainTextPassword = $true
+            PSDscAllowDomainUser = $true
+            
+            # Common networking
+            InterfaceAlias = 'Ethernet'
+            DefaultGateway = '192.168.3.1'
+            SubnetMask = 24
+            AddressFamily = 'IPv4'
+            IPNetwork = '192.168.3.0/24'
+            IPNatName = 'LabNat'
+            DnsServerAddress = '8.8.8.8'
+
+            # Firewall settings to enable
+            FirewallRuleNames = @(
+                'FPS-ICMP4-ERQ-In';
+                'FPS-ICMP6-ERQ-In';
+                'FPS-SMB-In-TCP'
+            )                      
+
+            # Lability default node settings
+            Lability_SwitchName = 'LabNet'
+            Lability_ProcessorCount = 1
+            Lability_MinimumMemory = 1GB
+            SecureBoot = $false
+            Lability_Media = '2016_x64_Standard_Core_EN_Eval' # Can be Core,Win10,2012R2,nano
+                                                       # 2016_x64_Standard_EN_Eval
+                                                       # 2016_x64_Standard_Core_EN_Eval
+                                                       # 2016_x64_Datacenter_EN_Eval
+                                                       # 2016_x64_Datacenter_Core_EN_Eval
+                                                       # 2016_x64_Standard_Nano_EN_Eval
+                                                       # 2016_x64_Datacenter_Nano_EN_Eval
+                                                       # 2012R2_x64_Standard_EN_Eval
+                                                       # 2012R2_x64_Standard_EN_V5_Eval
+                                                       # 2012R2_x64_Standard_Core_EN_Eval
+                                                       # 2012R2_x64_Standard_Core_EN_V5_Eval
+                                                       # 2012R2_x64_Datacenter_EN_V5_Eval
+                                                       # WIN10_x64_Enterprise_EN_Eval
+        }
+
+<#    Available Roles for computers
+        DC = Domain Controller
+        DHCP = Dynamic Host Configuration Protocol
+        ADCS = Active Directory Certificate SErvices - plus autoenrollment GPO's and DSC and web server certs
+        Web = Basic web server
+        RSAT = Remote Server Administration Tools for the client
+        RDP = enables RDP and opens up required firewall rules
+        DomainJoin = joins a computer to the domain
+#>
+
+        @{
+            NodeName = 'Win10Ent'
+            IPAddress = '192.168.3.101'
+            Role = @('RSAT', 'RDP')
+            Lability_ProcessorCount = 2
+            Lability_MinimumMemory = 2GB
+            Lability_Media = 'WIN10_x64_Enterprise_EN_Eval'
+            Lability_BootOrder = 20
+            Lability_timeZone = 'Central Standard Time' #[System.TimeZoneInfo]::GetSystemTimeZones()
+            Lability_Resource = @('Win10RSAT')
+            CustomBootStrap = @'
+                    # To enable PSRemoting on the client
+                    Enable-PSRemoting -SkipNetworkProfileCheck -Force;
+'@
+        }        
+    );
+    NonNodeData = @{
+        Lability = @{
+            # EnvironmentPrefix = 'PS-GUI-' # this will prefix the VM names                                    
+            Media = (
+                @{
+                    ## This media is a replica of the default '2016_x64_Standard_Nano_EN_Eval' media
+                    ## with the additional 'Microsoft-NanoServer-DSC-Package' package added.
+                    Id = '2016_x64_Standard_Nano_DSC_EN_Eval';
+                    Filename = '2016_x64_EN_Eval.iso';
+                    Description = 'Windows Server 2016 Standard Nano 64bit English Evaluation';
+                    Architecture = 'x64';
+                    ImageName = 'Windows Server 2016 SERVERSTANDARDNANO';
+                    MediaType = 'ISO';
+                    OperatingSystem = 'Windows';
+                    Uri = 'http://download.microsoft.com/download/1/6/F/16FA20E6-4662-482A-920B-1A45CF5AAE3C/14393.0.160715-1616.RS1_RELEASE_SERVER_EVAL_X64FRE_EN-US.ISO';
+                    Checksum = '18A4F00A675B0338F3C7C93C4F131BEB';
+                    CustomData = @{
+                        SetupComplete = 'CoreCLR';
+                        PackagePath = '\NanoServer\Packages';
+                        PackageLocale = 'en-US';
+                        WimPath = '\NanoServer\NanoServer.wim';
+                        Package = @(
+                            'Microsoft-NanoServer-Guest-Package',
+                            'Microsoft-NanoServer-DSC-Package'
+                        )
+                    }
+                }
+            ) # Custom media additions that are different than the supplied defaults (media.json)
+            Network = @( # Virtual switch in Hyper-V
+                @{ Name = 'LabNet'; Type = 'Internal'; NetAdapterName = 'Ethernet'; AllowManagementOS = $true;}
+            );
+            DSCResource = @(
+                ## Download published version from the PowerShell Gallery or Github
+                @{ Name = 'xComputerManagement'; RequiredVersion = '1.8.0.0'; Provider = 'PSGallery'; },
+                @{ Name = 'xNetworking'; RequiredVersion = '3.0.0.0'; Provider = 'PSGallery'; },
+                @{ Name = 'xWindowsUpdate' ; RequiredVersion = '2.5.0.0'; Provider = 'PSGallery';},
+                @{ Name = 'xPSDesiredStateConfiguration'; RequiredVersion = '5.0.0.0'; Provider = 'PSGallery'},
+                @{ Name = 'xPendingReboot'; RequiredVersion = '0.3.0.0'; Provider = 'PSGallery'}
+            );
+            Resource = @(
+                @{                    
+                    Id = 'Win10RSAT'
+                    Filename = 'WindowsTH-RSAT_WS2016-x64.msu'
+                    Uri = 'https://download.microsoft.com/download/1/D/8/1D8B5022-5477-4B9A-8104-6A71FF9D98AB/WindowsTH-RSAT_WS2016-x64.msu'
+                    Expand = $false                    
+                    #DestinationPath = '\software' # Default is resources folder
+                }
+            );
+        };
+    };
+};