Skip to content

COVAIL/atdp-domain-controller-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
gpo
gpo
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
apply_domain_audit_gpo.ps1
apply_domain_audit_gpo.ps1
 
 
cert_functions.psm1
cert_functions.psm1
 
 
configure_windows_event_forwarding.ps1
configure_windows_event_forwarding.ps1
 
 
event_forwarding_module_functions.psm1
event_forwarding_module_functions.psm1
 
 
gen_all_cert_requests.ps1
gen_all_cert_requests.ps1
 
 
gen_client_csr.ps1
gen_client_csr.ps1
 
 
import_all_certs.ps1
import_all_certs.ps1
 
 
import_client_cert.ps1
import_client_cert.ps1
 
 
remove_all_atdp_certs.ps1
remove_all_atdp_certs.ps1
 
 
remove_atdp_certs.ps1
remove_atdp_certs.ps1
 
 
set_domain_sacls.ps1
set_domain_sacls.ps1
 
 
test_all_client_configurations.ps1
test_all_client_configurations.ps1
 
 
test_cert_client_connectivity.ps1
test_cert_client_connectivity.ps1
 
 
test_wec_connectivity.ps1
test_wec_connectivity.ps1
 
 

Repository files navigation

ATDP - Domain Controller Automation Scripts

Certificate Functions

  • cert_gen_config.psd1 - template configuration file for certificate generation; this will get auto-generated by the scripts now, but can be modified after the first run if needed.
  • gen_all_cert_requests.ps1 - wrapper script to generate certifcate signing requests for each domain controller listed in the config file
  • gen_client_csr.ps1 - individual script to generate a CSR for a single server (copied to individual servers and run by the wrapper script)
  • import_all_certs.ps1 - wrapper script to import all of the signed client certificates for each domain controller listed in the config file
  • import_client_cert.ps1 - individual script to import a signed certificate file (as well as the root-ca and intermediate-ca certs) for a single server (copied to individual servers and run by the wrapper script)
  • cert_functions.psm1 - module with certificate functions
  • remove_atdp_certs.ps1 - remove the atdp certificates from the computer it's run from (used in deprovisioning)

Event Forwarding GPO Configuration

  • event_forwarding_module_functions.psm1 - function definitions for event forwarding module
  • configure_windows_event_forwarding.ps1 - wrapper script to configure windows event forwarding GPO for domain controllers
  • test_wec_connectivty.ps1 - script to test WEC connectivity (with certificate authentication) after certificates are configured.
  • test_all_client_configurations.ps1 - test WEC configuration and connectivity (with certificate auth) on all hosts configured in the cert_get_config.psd1 file; also requires an atdp_subscription_data.psd1 configuration file to define the wec hostname and issuer CA thumbprint. Should be run with the -Verbose argument to ensure the best detail.

NOTE: running either configure_windows_event_forwarding.ps1 or test_wec_connectivity.ps1 will force the user to configure the WEC and Issuer CA if no confiruation file is present.

Setting Domain SACLs and Proper Audit Policy for Detectors

Note: these scripts should be applied to the domain, they set up audit policy and SACLs that generate the type of audit messages required for several of our detectors to run. They should be run from a machine in the domain that have the Remote Server Administration Tools and Group Policy Management features installed, and have access to the domain controllers. The order of running these scripts is not important.

  • apply_domain_audit_gpo.ps1 - configure the domain audit GPO
  • set_domain_sacls.ps1 - sets the domain SACLs on all objects required for proper audit record events to be generated that the detectors look for

About

ATDP Domain Controller Configuration And Testing Scripts

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

7 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages