From c831f0ae5f7cc56ffe59ae38cff4114371059b74 Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Fri, 22 Jan 2021 17:13:07 +0100
Subject: [PATCH 1/7] Base update :     - Win2k16 -> Win2k19     - Replace hard
 coded values (ip, domain) with Vagrant variables     - Dead code removed    
 - Change code to be more generic     - RDP GPO removed, user vagrant is now
 added in "Remote Desktop Users" local group     - Remove deprecated
 "fix-second-network" trick

---
 base/Vagrantfile                              |  60 +++++++------
 base/resources/GPO/rdp_users/manifest.xml     |   1 -
 .../Backup.xml                                |  20 -----
 .../microsoft/windows nt/SecEdit/GptTmpl.inf  | Bin 384 -> 0 bytes
 .../bkupInfo.xml                              |   1 -
 .../gpreport.xml                              | Bin 18348 -> 0 bytes
 base/resources/scripts/configure-ou.ps1       |  21 +++--
 base/resources/scripts/configure-rdp-smb.ps1  |   8 ++
 .../scripts/configure-rdp-user-gpo.ps1        |  29 ------
 base/resources/scripts/create-domain.ps1      |  84 ------------------
 base/resources/scripts/create-forest.ps1      |  34 +++++++
 base/resources/scripts/fix-second-network.ps1 |  53 -----------
 base/resources/scripts/join-domain.ps1        |  73 ++++++++-------
 base/resources/scripts/prepare-domain.ps1     |  20 +++++
 base/resources/scripts/provision.ps1          |  30 -------
 base/resources/scripts/update-dns.ps1         |   6 ++
 16 files changed, 154 insertions(+), 286 deletions(-)
 delete mode 100644 base/resources/GPO/rdp_users/manifest.xml
 delete mode 100644 base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
 delete mode 100644 base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
 delete mode 100644 base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
 delete mode 100644 base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml
 create mode 100644 base/resources/scripts/configure-rdp-smb.ps1
 delete mode 100644 base/resources/scripts/configure-rdp-user-gpo.ps1
 delete mode 100644 base/resources/scripts/create-domain.ps1
 create mode 100644 base/resources/scripts/create-forest.ps1
 delete mode 100755 base/resources/scripts/fix-second-network.ps1
 create mode 100644 base/resources/scripts/prepare-domain.ps1
 create mode 100644 base/resources/scripts/update-dns.ps1

diff --git a/base/Vagrantfile b/base/Vagrantfile
index 36ebd20..a260f94 100644
--- a/base/Vagrantfile
+++ b/base/Vagrantfile
@@ -1,7 +1,8 @@
 CONFIG = { 
-  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc",},
-  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv"},
-  :client =>   {:memory => 2048, :cpus => 1, :name => "client"}
+  :dns => "8.8.8.8",
+  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc", :domain => "windomain.local", :ip => "192.168.38.102", :gw => "192.168.38.1"},
+  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv", :domain => "windomain.local", :ip => "192.168.38.103", :gw => "192.168.38.1"},
+  :client =>   {:memory => 2048, :cpus => 1, :name => "win10", :domain => "windomain.local", :ip => "192.168.38.100", :gw => "192.168.38.1"},
 }
 
 Vagrant.configure("2") do |config|
@@ -11,7 +12,7 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.define "dc" do |cfg|
-    cfg.vm.box = "peru/windows-server-2016-standard-x64-eval"
+    cfg.vm.box = "peru/windows-server-2019-standard-x64-eval"
     cfg.vm.hostname = CONFIG[:dc][:name]
     cfg.vm.boot_timeout = 600
     cfg.winrm.transport = :plaintext
@@ -20,16 +21,19 @@ Vagrant.configure("2") do |config|
 
     cfg.winrm.timeout = 300
     cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.102", gateway: "192.168.38.1", dns: "8.8.8.8"
+    cfg.vm.network  :private_network, 
+                    ip: CONFIG[:dc][:ip], 
+                    gateway: CONFIG[:dc][:gw], 
+                    dns: CONFIG[:dns]
 
-    # Added DNS here because libvirt fails to properly configure the windows client otherwise... :(
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.102 -dns 8.8.8.8 -gateway 192.168.38.1" 
-
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/create-forest.ps1", 
+                              :args => "#{CONFIG[:dc][:ip]} #{CONFIG[:dc][:domain]} #{CONFIG[:dns]}",
+                              preserve_order: true, privileged: false
     cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/configure-ou.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/configure-rdp-user-gpo.ps1", privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/configure-ou.ps1", 
+                              :args => "#{CONFIG[:dc][:ip]} #{CONFIG[:dc][:name]} #{CONFIG[:dc][:domain]} ",
+                              preserve_order: true, privileged: false
 
     cfg.vm.provider "libvirt" do |libvirt, override|
       libvirt.cpus = CONFIG[:dc][:cpus] 
@@ -74,21 +78,23 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.define "srv" do |cfg|
-    cfg.vm.box = "peru/windows-server-2016-standard-x64-eval"
+    cfg.vm.box = "peru/windows-server-2019-standard-x64-eval"
     cfg.vm.hostname = CONFIG[:srv][:name]
     cfg.vm.boot_timeout = 600
     cfg.vm.communicator = "winrm"
     cfg.winrm.basic_auth_only = true
     cfg.winrm.timeout = 300
     cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "192.168.38.102"
-
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.103 -dns 8.8.8.8 -gateway 192.168.38.1" 
+    cfg.vm.network  :private_network, 
+                    ip: CONFIG[:srv][:ip], 
+                    gateway: CONFIG[:srv][:gw], 
+                    dns: CONFIG[:dns]
 
     cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", inline: "cscript c:\\windows\\system32\\slmgr.vbs -rearm",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/join-domain.ps1", 
+                              :args => "#{CONFIG[:srv][:domain]} #{CONFIG[:dc][:ip]}", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/configure-rdp-smb.ps1", privileged: false
     cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
 
     cfg.vm.provider "libvirt" do |libvirt, override|
       libvirt.cpus = CONFIG[:srv][:cpus] 
@@ -135,19 +141,17 @@ Vagrant.configure("2") do |config|
   config.vm.define "client" do |cfg|
     cfg.vm.box = "peru/windows-10-enterprise-x64-eval"
     cfg.vm.hostname = CONFIG[:client][:name]
-    cfg.vm.boot_timeout = 1200
-    cfg.vm.communicator = "winrm"
-    cfg.winrm.basic_auth_only = true
-    cfg.winrm.timeout = 1200
-    cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102"
-    
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.104 -dns 8.8.8.8 -gateway 192.168.38.1" 
+    cfg.vm.network  :private_network, 
+                    ip: CONFIG[:client][:ip], 
+                    gateway: CONFIG[:client][:gw], 
+                    dns: CONFIG[:dns]
+
     cfg.vm.provision "shell", path: "resources/scripts/MakeWindows10GreatAgain.ps1",  preserve_order: true, privileged: false
     cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", inline: "cscript c:\\windows\\system32\\slmgr.vbs -rearm",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/join-domain.ps1", 
+                             :args => "#{CONFIG[:client][:domain]} #{CONFIG[:dc][:ip]}", 
+                             preserve_order: true, privileged: false     
     cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
 
     cfg.vm.provider "libvirt" do |libvirt, override|
       libvirt.cpus = CONFIG[:client][:cpus] 
diff --git a/base/resources/GPO/rdp_users/manifest.xml b/base/resources/GPO/rdp_users/manifest.xml
deleted file mode 100644
index fd766e0..0000000
--- a/base/resources/GPO/rdp_users/manifest.xml
+++ /dev/null
@@ -1 +0,0 @@
-<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{46037b97-c619-4c8b-b901-d264bbccc4c0}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-04-26T03:18:07]]></BackupTime><ID><![CDATA[{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}]]></ID><Comment><![CDATA[Allows windomain\vagrant to RDP to hosts]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml b/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
deleted file mode 100644
index ab953e5..0000000
--- a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
-    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Remote Desktop Users]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2442050065-1280348291-2767644839-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Allow Domain Users RDP]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[0]]></UserVersionNumber><MachineVersionNumber><![CDATA[327685]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
-        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
-            
-            
-            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Adm\*.*"/>
-        </GroupPolicyExtension>
-        
-        
-        
-        
-        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
-            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
-        </GroupPolicyExtension>
-        
-        
-        
-        
-    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft" bkp:Location="DomainSysvol\GPO\Machine\Microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft\Windows NT" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Microsoft\Windows NT\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{4EC18B73-0966-463C-BD39-72D0903AFE65}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
-</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
deleted file mode 100644
index ef38d8a0c2fdacc3333de6534f69f3a457d3b6ff..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 384
zcma)$y9&ZU5JgWd_zxmhf{?^lEK-PtT8N-%BO<;{p%Gu;&#O1X3Th?8E_3(JxwFs5
zgb@c~mL#lLGbKyr=Plwc=WNb|vHFu#EaKqiQ?-?vbKxp?O+=moEjn~{H)+$C&RfPn
z{!PR?Bf@vtZLx_Gj^yZRYR|%L+iCvjwiOvt5>uk8Qzo#kDm7DmatRwHMV9_Qbv7o)
qHxbyzfQl->(>704vp@KH38l*NLiG(dTbG}nlnLcF?B6Np*`Ho+5;i{o

diff --git a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml b/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
deleted file mode 100644
index 88e7503..0000000
--- a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
+++ /dev/null
@@ -1 +0,0 @@
-<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{4EC18B73-0966-463C-BD39-72D0903AFE65}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{46037b97-c619-4c8b-b901-d264bbccc4c0}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-04-26T03:18:07]]></BackupTime><ID><![CDATA[{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}]]></ID><Comment><![CDATA[Allows windomain\vagrant to RDP to hosts]]></Comment><GPODisplayName><![CDATA[Allow Domain Users RDP]]></GPODisplayName></BackupInst>
diff --git a/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml b/base/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml
deleted file mode 100644
index 58ca288641ebf1235457423758e6bdc8122f3e3e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 18348
zcmeHPZEqS!5T4JK`X5j~wNf1ee#g`i0XMZ28_U>DTjdKjcH+hu7jRxw^{=;mo|$g%
z_Sl1i5O9(c;yB;!?!3?J&d&OuzpL_C-bq((q#$qPQu;EGYw5|Y{2<>*NghcNzXiOx
zl?y!Y;O(uv)VKFClq*?5t4*|dEPL{`d?i(RD#y}99~<`;BUW%fKwpme3cZGMhi9w!
zyw%SmT-N}r2ly}Xv<#?4jJqno$e}!w7GS>u4qa(0Hp!8%=Q8q&(l!8gZKd`y0V^H*
zE_z-7_a3P1fhR-ILT+_I!Bc&H4~mcR<VIV*$MY8GAt#KV1Hdx=6~MWw9DrNoIp1I5
zOUXp<)7!+kK3{xK<vnP)1ck)(Pg$3JsY6EF@<g^Ey%k7o2b!>nyLDXG@OB078o1lR
z-4>+U&^ARpsmYJ%zbPB?7pPs$L~lbm+E$J&iq5wRtrLU%2r}$Jx^4Ut^Eg(KgeKEe
zl_QMN1xNS5jT;^HEo2`buOMgOw^?ODPVnwnVMaY^aZVd(p*M1`np0PdIXZP{02o7P
z&^`V(%*MBkMy;dQCGZ^L+L2Rm!!V|WmQ=1qNP7jc-Nai;wu0-HUP}rqZG;HMA#kN%
zF+I-;r3CmDeAg99`WO+M6Qv~k_}fawHf(tlP<BAoHs~wMZwhgAv<MPy`vTnVgQ_9y
zrh&f)c*4K$@PvLY(iM|m3#}UPb&Jq!^FDD5Y12*6+kz}h_-?37c~=JQ>$n#2j9!^G
z%Qj_jgYsU-ZyDUNwp)15FZ+;NwEU9xE5Z|2K;ap_73gsdHvcVP)?^o+;y|w_xKhvB
z;MEm=w{cy;_e#z&7Dp=KDIuL>eBRUR6w$tj9`ru!v7>NzF;)%Gz5^7(Ae1^_*TLgD
z=zI=)I>z-F&rb2IiDwNwtK(S%-=_B2{iqyqxH<Y~!LI@8<}uF4ko*Q@w3EP&+$ZPB
zadMlI*+nd9WNH_e=!bBvCBJ&`4piQ=X-FM?zk{AsAPLjyGf+hA4nS2)wU2s6y&|nw
z(9a_Dd<|NB0oz#tkEr9tgobb8iN#gwco8kk;%H$P;OwrBNZB``=MG{s0o8|h4!E<!
zI|mN5vMpF#Tm3*0Hh76A&NfLyTYUq)gxMyolaw%0?4WgdM$G98X64kpF=rHY9y{sD
zo0!esg3kUDeYuN8j4dv{P#YH!T^LI~hBt9>#CT6?e9jx4Zf>+FN}t2tj(|%OD;3)R
zk-Wf4s*QC_A6L%4h_A!S$Cz&-ZAre1Rt}4xB|Ini9QBA%X-%clQeWxw{o!a)+Dc%&
zK1EvN(^W+TqEF&lb%2kp@&|az89rAT)Yau_T6}$y1=DQQEsvg2%Q*mtnZ>YG!2l~@
zW(>NJKwD)%{_i2ea%D+*P|n%<jKVs_i1!$U>$b}j$@?6%IKkY5-#6T9*)e5jto=r`
zIKR6HJz(5B0{04t184aC3BLUV5<JCR^95$Oe7CQ2Up{T&o~!*RZWJ(QY-+0${652n
zty@Z|qa!R0YDyNVQMQ)FAwTE?D$o#n!fa8<?pzO2m(;U}&*OT=^Bcr;eA^HVqtEaR
zW5JAB+`71m9B)h3A`GpDRr(#QkXgMpX6e^@PfmrQn>C!mnz{17feril7XM8MW;BA!
z70@4ZB}}i-1P;Gr<O|$0m*e{gj-I90^l+I)B7DoaSsrSXvJmWW&q)|us~;qlp)m*G
z!!5W=DTFwXy>|!?>e#e$uR`9IEvBUUs&k>SO}dsBkK!{mum+i4K(dU;`=IU~@n8>D
z&zxIFEkAp&5M)x74acg7%OT(o<TY?9Di(1(qjyP&W~Z}6o@CSs`3P!$5~8!4ILvS>
zYiTpSMMZ=7Du|hKlSX*uLi`Lz=j#`RWqQnFmZYUo>oAW($^jP*!#b8nA<J`*i(MfL
zHoZ@aW8qj5UoTA8a}oyG<H+Y7h4vAFxPS3I{8C5fHQceh)W5r!8Q7l9d%WdpCBB<L
zKbOa?XpNobEwaqn%{G=7x5~(t%ySp$VaC7@$>Leu=E^x=h2^U-?(;4p{)J-CX!H%o
z&O8D(V|6*{>##fmCbPw(k?iwdxy>sA+HUx#6aScx;C!!-To`lKoaHgM+0i`&*7cDV
zw^|+544b*+F)@#ci;9W)nlPG+X3P4Sjb>k~<q<KDh*s<KFymNyF0+Q*`cU^@8P#lO
z$EsT6RknFVBM0&<XTI0=rR=r2JwN6#qrJHTcB!M&8nlV*F*3BeHgB0_uQ1<-OP&py
z<#dhnV0Kz1z7IFg)m&LuKxtKE(Ok@}kruV17s_V()nxf9&Pm5+z<JEe>r1|z`jUJV
zH+~hzXq}}3g|V9F?YK*NjcnOV^m-W8wEphEcr2sLoy}7Gy<As`6+XLGMHMTn<1A0u
zK-CcEI5n++=W|xi-5_u1SB+)u<7QG-R7SE=_D<Ju%t%H!oB#e<^OSDKwE>(c2Ue2t
ztQ{-HHZ)dGZs%Zz#%*Dw0chjQFg&8)!XJzIRL2iiC&sf?$#=<~@07#Lxmw+}<FwBQ
z!+9UIos>t^IzI2H$RF6zo$uLTRz1egGKbC*5Qou<Q{uu?hrZ4w$4jd{ttu@Qt(Rl1
zGj)_Q=Z;P^mrtu3Gj16MQEN9>8|5t9yALb>mUW(nXHa=UlOMC#@fBr8r=u&b3-i?i
zf6n~`HP8pBVLru`XJS~>$f^-ahjq`~t9*^Wda&y0GB8HZ>VLAIMsiMH4iy)kg-d!8
zCtvrwOgYbMrIO{`l%v;pyJ%ertyi+1q4F_zS}|F|v>da2YUXs_gMCN6?5M|xpYc!n
zIF8}??Dq_hKI-w=E<G+*VSj^whF4{B478fx$?g0o<+t}EVQ56Zg+Ep@9%hM^<i{w@
zRrnyz&0d2WtP@P~x`nFp!<Zx}r~d!{3x#7QTlkpTTb|)zc6kqHKMAb^Nc?XlypR9K
z2#buN@uLy^@n_+Lv*I3Td!zI)GO~uxpLHAo%h47NK50+m-LzbN4oH2K0q2LDE%Ri7
V?I6#Wzmp+-I-I5iEbq7{{{ky=;~)S4

diff --git a/base/resources/scripts/configure-ou.ps1 b/base/resources/scripts/configure-ou.ps1
index 10d6905..8630787 100644
--- a/base/resources/scripts/configure-ou.ps1
+++ b/base/resources/scripts/configure-ou.ps1
@@ -1,35 +1,42 @@
 # Purpose: Sets up the Server and Workstations OUs
 
+$ip=$args[0]
+$dc_name=$args[1]
+$domain=$args[2]
+
+$dc1,$dc2=$domain.split('.')
+
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking AD services status..."
 $svcs = "adws","dns","kdc","netlogon"
 Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status
 
 # Hardcoding DC hostname in hosts file
-Add-Content "c:\windows\system32\drivers\etc\hosts" "        192.168.38.102    dc.windomain.local"
+Add-Content "c:\windows\system32\drivers\etc\hosts" "        $ip    $dc"
 
 # Force DNS resolution of the domain
-ping /n 1 dc.windomain.local
-ping /n 1 windomain.local
+ping /n 1 $dc_name.$domain
+ping /n 1 $domain
+
 
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Server and Workstation OUs..."
 # Create the Servers OU if it doesn't exist
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Server OU"
 try {
-  Get-ADOrganizationalUnit -Identity 'OU=Servers,DC=windomain,DC=local' | Out-Null
+  Get-ADOrganizationalUnit -Identity "OU=Servers,DC=$dc1,DC=$dc2" | Out-Null
   Write-Host "Servers OU already exists. Moving On."
 }
 catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local"
+  New-ADOrganizationalUnit -Name "Servers" -Server "$dc_name.$domain"
 }
 
 # Create the Workstations OU if it doesn't exist
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Workstations OU"
 try {
-  Get-ADOrganizationalUnit -Identity 'OU=Workstations,DC=windomain,DC=local' | Out-Null
+  Get-ADOrganizationalUnit -Identity "OU=Workstations,DC=$dc1,DC=$dc2" | Out-Null
   Write-Host "Workstations OU already exists. Moving On."
 }
 catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Workstations" -Server "dc.windomain.local"
+  New-ADOrganizationalUnit -Name "Workstations" -Server "$dc_name.$domain"
 }
 
 # Sysprep breaks auto-login. Let's restore it here:
diff --git a/base/resources/scripts/configure-rdp-smb.ps1 b/base/resources/scripts/configure-rdp-smb.ps1
new file mode 100644
index 0000000..0adf53d
--- /dev/null
+++ b/base/resources/scripts/configure-rdp-smb.ps1
@@ -0,0 +1,8 @@
+
+$domain=(gwmi win32_computersystem).Domain
+# Allow vagrant user from our domain to connect via RDP
+Add-LocalGroupMember -Group "Remote Desktop Users" -Member "$domain\vagrant"
+
+# Allow SMB (disabled by default on 2019 server)
+Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True -Profile Domain
+
diff --git a/base/resources/scripts/configure-rdp-user-gpo.ps1 b/base/resources/scripts/configure-rdp-user-gpo.ps1
deleted file mode 100644
index bb28168..0000000
--- a/base/resources/scripts/configure-rdp-user-gpo.ps1
+++ /dev/null
@@ -1,29 +0,0 @@
-# Purpose: Install the GPO that allows windomain\vagrant to RDP
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to allow windomain/vagrant to RDP..."
-Import-GPO -BackupGpoName 'Allow Domain Users RDP' -Path "c:\vagrant\resources\GPO\rdp_users" -TargetName 'Allow Domain Users RDP' -CreateIfNeeded
-
-$OU = "ou=Workstations,dc=windomain,dc=local"
-$gPLinks = $null
-$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
-$GPO = Get-GPO -Name 'Allow Domain Users RDP'
-If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
-{
-  New-GPLink -Name 'Allow Domain Users RDP' -Target $OU -Enforced yes
-}
-else
-{
-  Write-Host "Allow Domain Users RDP GPO was already linked at $OU. Moving On."
-}
-$OU = "ou=Servers,dc=windomain,dc=local"
-$gPLinks = $null
-$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
-$GPO = Get-GPO -Name 'Allow Domain Users RDP'
-If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
-{
-    New-GPLink -Name 'Allow Domain Users RDP' -Target $OU -Enforced yes
-}
-else
-{
-  Write-Host "Allow Domain Users RDP GPO was already linked at $OU. Moving On."
-}
-gpupdate /force
diff --git a/base/resources/scripts/create-domain.ps1 b/base/resources/scripts/create-domain.ps1
deleted file mode 100644
index 0cef2c3..0000000
--- a/base/resources/scripts/create-domain.ps1
+++ /dev/null
@@ -1,84 +0,0 @@
-# Purpose: Creates the "windomain.local" domain
-# Source: https://github.com/StefanScherer/adfs2
-param ([String] $ip)
-
-$subnet = $ip -replace "\.\d+$", ""
-
-$domain= "windomain.local"
-
-if ((gwmi win32_computersystem).partofdomain -eq $false) {
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools"
-  Import-Module ServerManager
-  Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..."
-  # Disable password complexity policy
-  secedit /export /cfg C:\secpol.cfg
-  (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
-  secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
-  rm -force C:\secpol.cfg -confirm:$false
-
-  # Set administrator password
-  $computerName = $env:COMPUTERNAME
-  $adminPassword = "vagrant"
-  $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
-  $adminUser.SetPassword($adminPassword)
-
-  $PlainPassword = "vagrant" # "P@ssw0rd"
-  $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
-
-  # Windows Server 2016 R2
-  Install-WindowsFeature AD-domain-services
-  Import-Module ADDSDeployment
-  Install-ADDSForest `
-    -SafeModeAdministratorPassword $SecurePassword `
-    -CreateDnsDelegation:$false `
-    -DatabasePath "C:\Windows\NTDS" `
-    -DomainMode "7" `
-    -DomainName $domain `
-    -DomainNetbiosName "WINDOMAIN" `
-    -ForestMode "7" `
-    -InstallDns:$true `
-    -LogPath "C:\Windows\NTDS" `
-    -NoRebootOnCompletion:$true `
-    -SysvolPath "C:\Windows\SYSVOL" `
-    -Force:$true
-
-  $newDNSServers = "127.0.0.1", "8.8.8.8", "4.4.4.4"
-  $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
-  if ($adapters) {
-    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS"
-    $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
-  }
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC"
-  c:\windows\system32\tzutil.exe /s "UTC"
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Excluding NAT interface from DNS"
-  $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "172.25.*" }
-  $dnslistenip=$nics.IPAddress
-  $dnslistenip
-  dnscmd /ResetListenAddresses  $dnslistenip
-
-  $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "10.*" }
-  foreach($nic in $nics)
-  {
-    $nic.DomainDNSRegistrationEnabled = $false
-    $nic.SetDynamicDNSRegistration($false) |Out-Null
-    }
-
-
- #Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@" |Select-Object HostName,RecordType -ExpandProperty RecordData |Where-Object {$_.IPv4Address -ilike "10.*"}|Remove-DnsServerResourceRecord
- $RRs= Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@"
-
- foreach($RR in $RRs)
- {
-  if ( (Select-Object  -InputObject $RR HostName,RecordType -ExpandProperty RecordData).IPv4Address -ilike "10.*")
-  {
-   Remove-DnsServerResourceRecord -ZoneName $domain -RRType A -Name "@" -RecordData $RR.RecordData.IPv4Address -Confirm
-  }
-
- }
-  Restart-Service DNS
-
-}
diff --git a/base/resources/scripts/create-forest.ps1 b/base/resources/scripts/create-forest.ps1
new file mode 100644
index 0000000..cb56cad
--- /dev/null
+++ b/base/resources/scripts/create-forest.ps1
@@ -0,0 +1,34 @@
+# Purpose: Creates the  domain
+# Source: https://github.com/StefanScherer/adfs2
+
+$ip=$args[0]
+$domain=$args[1]
+$dns=$args[2]
+
+$subnet=$ip -replace "\.\d+$", ""
+
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Forest $domain ..."
+
+if ((gwmi win32_computersystem).partofdomain -eq $false) {
+
+ . c:\vagrant\resources\scripts\prepare-domain.ps1 
+
+  # Windows Server 2016 R2
+  Install-WindowsFeature AD-domain-services
+  Import-Module ADDSDeployment
+  Install-ADDSForest `
+    -SafeModeAdministratorPassword $SecurePassword `
+    -CreateDnsDelegation:$false `
+    -DatabasePath "C:\Windows\NTDS" `
+    -DomainMode "7" `
+    -DomainName $domain `
+    -ForestMode "7" `
+    -InstallDns:$true `
+    -LogPath "C:\Windows\NTDS" `
+    -NoRebootOnCompletion:$true `
+    -SysvolPath "C:\Windows\SYSVOL" `
+    -Force:$true
+  
+ . c:\vagrant\resources\scripts\update-dns.ps1 
+
+}
diff --git a/base/resources/scripts/fix-second-network.ps1 b/base/resources/scripts/fix-second-network.ps1
deleted file mode 100755
index d38f7fe..0000000
--- a/base/resources/scripts/fix-second-network.ps1
+++ /dev/null
@@ -1,53 +0,0 @@
-# Source: https://github.com/StefanScherer/adfs2
-param ([String] $ip, [String] $dns, [String] $gateway)
-
-if ( (Get-NetAdapter | Select-Object -First 1 | Select-Object -ExpandProperty InterfaceDescription).Contains('Red Hat VirtIO')) {
-  Write-Host "Setting Network Configuration for LibVirt interface"
-  $subnet = $ip -replace "\.\d+$", ""
-  $name = (Get-NetIPAddress -AddressFamily IPv4 `
-     | Where-Object -FilterScript { ($_.IPAddress).StartsWith("$subnet") } `
-     ).InterfaceAlias
-  if ($name) {
-    Write-Host "Set IP address to $ip of interface $name"
-    & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$gateway"
-    if ($dns) {
-      Write-Host "Set DNS server address to $dns of interface $name"
-      & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1
-    }
-  } else {
-    Write-Error "Could not find a interface with subnet $subnet.xx"
-  }
-  
-  exit 0
-}
-
-if (! (Test-Path 'C:\Program Files\VMware\VMware Tools') ) {
-  Write-Host "Nothing to do for other providers than VMware."
-  exit 0
-}
-
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date))"
-Write-Host "Setting IP address and DNS information for the Ethernet1 interface"
-Write-Host "If this step times out, it's because vagrant is connecting to the VM on the wrong interface"
-Write-Host "See https://github.com/clong/DetectionLab/issues/114 for more information"
-
-$subnet = $ip -replace "\.\d+$", ""
-$name = (Get-NetIPAddress -AddressFamily IPv4 `
-   | Where-Object -FilterScript { ($_.IPAddress).StartsWith($subnet) } `
-   ).InterfaceAlias
-if (!$name) {
-  $name = (Get-NetIPAddress -AddressFamily IPv4 `
-     | Where-Object -FilterScript { ($_.IPAddress).StartsWith("169.254.") } `
-     ).InterfaceAlias
-}
-if ($name) {
-  Write-Host "Set IP address to $ip of interface $name"
-  & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$subnet.1"
-  if ($dns) {
-    Write-Host "Set DNS server address to $dns of interface $name"
-    & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1
-  }
-} else {
-  Write-Error "Could not find a interface with subnet $subnet.xx"
-}
diff --git a/base/resources/scripts/join-domain.ps1 b/base/resources/scripts/join-domain.ps1
index b7dab96..63516cc 100755
--- a/base/resources/scripts/join-domain.ps1
+++ b/base/resources/scripts/join-domain.ps1
@@ -1,36 +1,43 @@
 # Purpose: Joins a Windows host to the windomain.local domain which was created with "create-domain.ps1".
 # Source: https://github.com/StefanScherer/adfs2
+$domain=$args[0]
+$dns=$args[1]
 
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
-$newDNSServers = "192.168.38.102"
-$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.38."}
-$adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..."
-$hostname = $(hostname)
-$user = "windomain.local\vagrant"
-$pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force
-$DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
-
-# Place the computer in the correct OU based on hostname
-If ($hostname -eq "srv") {
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru
-} ElseIf ($hostname -eq "win10") {
-  Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Workstations,dc=windomain,dc=local"
-} Else {
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru
-}
-
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
-
-# Stop Windows Update
-Write-Host "Disabling Windows Updates and Windows Module Services"
-Set-Service wuauserv -StartupType Disabled
-Stop-Service wuauserv
-Set-Service TrustedInstaller -StartupType Disabled
-Stop-Service TrustedInstaller
+if ((gwmi win32_computersystem).partofdomain -eq $false) {
+  $subnet = $dns -replace "\.\d+$", ""
+
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
+
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
+
+  $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match $subnet}
+  $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($dns)}
+
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..."
+  $hostname = $(hostname)
+  $user = "$domain\vagrant"
+  $pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force
+  $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
+
+  $dc1, $dc2=$domain.split('.')
+  # Place the computer in the correct OU based on hostname
+  If ($hostname -eq "srv") {
+    Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Servers,dc=$dc1,dc=$dc2" -PassThru
+  } ElseIf ($hostname -eq "win10") {
+    Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
+    Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Workstations,dc=$dc1,dc=$dc2"
+  } Else {
+    Add-Computer -DomainName $domain -credential $DomainCred -PassThru
+  }
+
+  Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
+  Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
+  Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
+
+  # Stop Windows Update
+  Write-Host "Disabling Windows Updates and Windows Module Services"
+  Set-Service wuauserv -StartupType Disabled
+  Stop-Service wuauserv
+  Set-Service TrustedInstaller -StartupType Disabled
+  Stop-Service TrustedInstaller
+}
\ No newline at end of file
diff --git a/base/resources/scripts/prepare-domain.ps1 b/base/resources/scripts/prepare-domain.ps1
new file mode 100644
index 0000000..9d3f1aa
--- /dev/null
+++ b/base/resources/scripts/prepare-domain.ps1
@@ -0,0 +1,20 @@
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools"
+Import-Module ServerManager
+Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
+
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..."
+# Disable password complexity policy
+secedit /export /cfg C:\secpol.cfg
+(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+rm -force C:\secpol.cfg -confirm:$false
+
+# Set administrator password
+$computerName = $env:COMPUTERNAME
+$adminPassword = "vagrant"
+$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
+$adminUser.SetPassword($adminPassword)
+
+$PlainPassword = "vagrant" # "P@ssw0rd"
+$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
+
diff --git a/base/resources/scripts/provision.ps1 b/base/resources/scripts/provision.ps1
index d6ba17e..49fb02d 100644
--- a/base/resources/scripts/provision.ps1
+++ b/base/resources/scripts/provision.ps1
@@ -1,41 +1,11 @@
 # Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
 # Source: https://github.com/StefanScherer/adfs2
 
-$box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName"
-$box = $box.ComputerName.ToString().ToLower()
-
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..."
 c:\windows\system32\tzutil.exe /s "UTC"
 
-# Ping DetectionLab server for usage statistics
-# curl -userAgent "DetectionLab-$box" "https://detectionlab.network/$box" -UseBasicParsing | out-null
-
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disable IPv6 on all network adaptpers..."
 Get-NetAdapterBinding -ComponentID ms_tcpip6 | ForEach-Object {Disable-NetAdapterBinding -Name $_.Name -ComponentID ms_tcpip6}
 Get-NetAdapterBinding -ComponentID ms_tcpip6 
 # https://support.microsoft.com/en-gb/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f
-
-if ($env:COMPUTERNAME -imatch 'vagrant') {
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Hostname is still the original one, skip provisioning for reboot..."
-
-  Write-Host -fore red 'Hint: vagrant reload' $box '--provision'
-
-} elseif ((gwmi win32_computersystem).partofdomain -eq $false) {
-
-  Write-Host -fore red "$('[{0:HH:mm}]' -f (Get-Date)) Current domain is set to 'workgroup'. Time to join the domain!"
-
-  if ($env:COMPUTERNAME -imatch 'dc') {
-    . c:\vagrant\resources\scripts\create-domain.ps1 192.168.38.102
-  } else {
-    . c:\vagrant\resources\scripts\join-domain.ps1
-  }
-  Write-Host -fore red 'Hint: vagrant reload' $box '--provision'
-
-} else {
-
-  Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!"
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Provisioning after joining domain..."
-}
diff --git a/base/resources/scripts/update-dns.ps1 b/base/resources/scripts/update-dns.ps1
new file mode 100644
index 0000000..e52bf7a
--- /dev/null
+++ b/base/resources/scripts/update-dns.ps1
@@ -0,0 +1,6 @@
+$newDNSServers = "127.0.0.1", $dns
+$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
+if ($adapters) {
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS to $dns"
+    $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
+}

From 0095e686e273888eca77c5f7f1d387918c323759 Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Fri, 22 Jan 2021 17:29:10 +0100
Subject: [PATCH 2/7] Documentation update

---
 base/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base/README.md b/base/README.md
index b4b3121..dff6d1a 100644
--- a/base/README.md
+++ b/base/README.md
@@ -2,8 +2,8 @@ Base lab
 =
 
 This lab contains:
-* DC: Windows 2016 server, DC of a domain "windomain.local"
-* SRV: Windows 2016 server, joined to the domain
+* DC: Windows 2019 server, DC of a domain "windomain.local"
+* SRV: Windows 2019 server, joined to the domain
 * Client: Windows 10 client, joined to the domain
 
 This lab does not need an Internet connection (once the box have been retrieved).

From 3f7f9196dfc5d32319c9ac36f7148dadf3f1baec Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Mon, 25 Jan 2021 12:51:11 +0100
Subject: [PATCH 3/7] Simplify function calls, to avoid hard coded path

---
 base/Vagrantfile                              | 59 +++++++++++--------
 base/resources/scripts/prepare-domain.ps1     | 20 -------
 .../scripts/MakeWindows10GreatAgain.ps1       |  0
 .../scripts/MakeWindows10GreatAgain.reg       |  0
 base/{resources => }/scripts/configure-ou.ps1 | 16 ++---
 .../scripts/configure-rdp-smb.ps1             |  0
 .../{resources => }/scripts/create-forest.ps1 | 19 +++---
 .../provision.ps1 => scripts/fix-network.ps1} | 10 ++++
 base/scripts/install-rsat.ps1                 | 21 +++++++
 base/{resources => }/scripts/join-domain.ps1  | 21 ++++---
 base/{resources => }/scripts/update-dns.ps1   |  6 ++
 11 files changed, 100 insertions(+), 72 deletions(-)
 delete mode 100644 base/resources/scripts/prepare-domain.ps1
 rename base/{resources => }/scripts/MakeWindows10GreatAgain.ps1 (100%)
 rename base/{resources => }/scripts/MakeWindows10GreatAgain.reg (100%)
 rename base/{resources => }/scripts/configure-ou.ps1 (85%)
 rename base/{resources => }/scripts/configure-rdp-smb.ps1 (100%)
 rename base/{resources => }/scripts/create-forest.ps1 (65%)
 rename base/{resources/scripts/provision.ps1 => scripts/fix-network.ps1} (71%)
 create mode 100644 base/scripts/install-rsat.ps1
 rename base/{resources => }/scripts/join-domain.ps1 (81%)
 rename base/{resources => }/scripts/update-dns.ps1 (83%)

diff --git a/base/Vagrantfile b/base/Vagrantfile
index a260f94..a7cb9f5 100644
--- a/base/Vagrantfile
+++ b/base/Vagrantfile
@@ -1,10 +1,19 @@
+
+# When base lab is included, variables should be overwritten 
+##################################################################
 CONFIG = { 
   :dns => "8.8.8.8",
-  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc", :domain => "windomain.local", :ip => "192.168.38.102", :gw => "192.168.38.1"},
-  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv", :domain => "windomain.local", :ip => "192.168.38.103", :gw => "192.168.38.1"},
-  :client =>   {:memory => 2048, :cpus => 1, :name => "win10", :domain => "windomain.local", :ip => "192.168.38.100", :gw => "192.168.38.1"},
+  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc", :domain => "windomain.local", :ip => "192.168.38.102" },
+  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv", :domain => "windomain.local", :ip => "192.168.38.103"},
+  :client =>   {:memory => 2048, :cpus => 1, :name => "win10", :domain => "windomain.local", :ip => "192.168.38.100"},
 }
 
+# Directory were base script are located
+BASE_SCRIPTS = "scripts"
+# Sync Directory directory (mainly for GPO)
+SYNC_FOLDER = "scripts"
+##################################################################
+
 Vagrant.configure("2") do |config|
 
   unless Vagrant.has_plugin?("vagrant-reload")
@@ -23,16 +32,17 @@ Vagrant.configure("2") do |config|
     cfg.winrm.retry_limit = 20
     cfg.vm.network  :private_network, 
                     ip: CONFIG[:dc][:ip], 
-                    gateway: CONFIG[:dc][:gw], 
                     dns: CONFIG[:dns]
 
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/create-forest.ps1", 
-                              :args => "#{CONFIG[:dc][:ip]} #{CONFIG[:dc][:domain]} #{CONFIG[:dns]}",
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/fix-network.ps1", :args => "-Ip #{CONFIG[:dc][:ip]}", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/install-rsat.ps1", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/create-forest.ps1", 
+                              :args => "-Ip #{CONFIG[:dc][:ip]} -Name #{CONFIG[:dc][:domain]}",
                               preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/update-dns.ps1", :args => "-Ip #{CONFIG[:dc][:ip]}", preserve_order: true, privileged: false
     cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/configure-ou.ps1", 
-                              :args => "#{CONFIG[:dc][:ip]} #{CONFIG[:dc][:name]} #{CONFIG[:dc][:domain]} ",
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/configure-ou.ps1", 
+                              :args => "-Ip #{CONFIG[:dc][:ip]} -DcName #{CONFIG[:dc][:name]} -Domain #{CONFIG[:dc][:domain]} ",
                               preserve_order: true, privileged: false
 
     cfg.vm.provider "libvirt" do |libvirt, override|
@@ -49,7 +59,7 @@ Vagrant.configure("2") do |config|
 
       # We'll need vagrant-winrm-syncedfolders plugin
 
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
+      override.vm.synced_folder "#{SYNC_FOLDER}/", '/vagrant', type: 'winrm' 
     end
 
     cfg.vm.provider "vmware_desktop" do |v, override|
@@ -72,7 +82,7 @@ Vagrant.configure("2") do |config|
       vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
       vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
 
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
+      override.vm.synced_folder "#{SYNC_FOLDER}", '/vagrant', type: 'virtualbox'
     end
 
   end
@@ -87,13 +97,13 @@ Vagrant.configure("2") do |config|
     cfg.winrm.retry_limit = 20
     cfg.vm.network  :private_network, 
                     ip: CONFIG[:srv][:ip], 
-                    gateway: CONFIG[:srv][:gw], 
                     dns: CONFIG[:dns]
 
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/join-domain.ps1", 
-                              :args => "#{CONFIG[:srv][:domain]} #{CONFIG[:dc][:ip]}", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/configure-rdp-smb.ps1", privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/fix-network.ps1", :args => "-Ip #{CONFIG[:srv][:ip]}",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/join-domain.ps1", 
+                              :args => "-Domain #{CONFIG[:srv][:domain]} -Dns #{CONFIG[:dc][:ip]}", 
+                              preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/configure-rdp-smb.ps1", privileged: false
     cfg.vm.provision "reload"
 
     cfg.vm.provider "libvirt" do |libvirt, override|
@@ -110,7 +120,7 @@ Vagrant.configure("2") do |config|
 
       # We'll need vagrant-winrm-syncedfolders plugin
 
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
+      override.vm.synced_folder "#{SYNC_FOLDER}/", '/vagrant', type: 'winrm' 
     end
 
     cfg.vm.provider "vmware_desktop" do |v, override|
@@ -133,7 +143,7 @@ Vagrant.configure("2") do |config|
       vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
       vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
 
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
+      override.vm.synced_folder "#{SYNC_FOLDER}/", '/vagrant', type: 'virtualbox'
     end
 
   end
@@ -143,13 +153,12 @@ Vagrant.configure("2") do |config|
     cfg.vm.hostname = CONFIG[:client][:name]
     cfg.vm.network  :private_network, 
                     ip: CONFIG[:client][:ip], 
-                    gateway: CONFIG[:client][:gw], 
                     dns: CONFIG[:dns]
 
-    cfg.vm.provision "shell", path: "resources/scripts/MakeWindows10GreatAgain.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/join-domain.ps1", 
-                             :args => "#{CONFIG[:client][:domain]} #{CONFIG[:dc][:ip]}", 
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/MakeWindows10GreatAgain.ps1",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/fix-network.ps1", :args => "-Ip #{CONFIG[:client][:ip]}",  preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "#{BASE_SCRIPTS}/join-domain.ps1", 
+                             :args => "-Domain #{CONFIG[:client][:domain]} -Dns #{CONFIG[:dc][:ip]}", 
                              preserve_order: true, privileged: false     
     cfg.vm.provision "reload"
 
@@ -167,7 +176,7 @@ Vagrant.configure("2") do |config|
 
       # We'll need vagrant-winrm-syncedfolders plugin
 
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
+      override.vm.synced_folder "#{SYNC_FOLDER}/", '/vagrant', type: 'winrm' 
     end
 
     cfg.vm.provider "vmware_desktop" do |v, override|
@@ -192,7 +201,7 @@ Vagrant.configure("2") do |config|
       vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
       vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
 
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
+      override.vm.synced_folder "#{SYNC_FOLDER}/", '/vagrant', type: 'virtualbox'
     end
   end
 end
diff --git a/base/resources/scripts/prepare-domain.ps1 b/base/resources/scripts/prepare-domain.ps1
deleted file mode 100644
index 9d3f1aa..0000000
--- a/base/resources/scripts/prepare-domain.ps1
+++ /dev/null
@@ -1,20 +0,0 @@
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools"
-Import-Module ServerManager
-Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..."
-# Disable password complexity policy
-secedit /export /cfg C:\secpol.cfg
-(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
-secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
-rm -force C:\secpol.cfg -confirm:$false
-
-# Set administrator password
-$computerName = $env:COMPUTERNAME
-$adminPassword = "vagrant"
-$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
-$adminUser.SetPassword($adminPassword)
-
-$PlainPassword = "vagrant" # "P@ssw0rd"
-$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
-
diff --git a/base/resources/scripts/MakeWindows10GreatAgain.ps1 b/base/scripts/MakeWindows10GreatAgain.ps1
similarity index 100%
rename from base/resources/scripts/MakeWindows10GreatAgain.ps1
rename to base/scripts/MakeWindows10GreatAgain.ps1
diff --git a/base/resources/scripts/MakeWindows10GreatAgain.reg b/base/scripts/MakeWindows10GreatAgain.reg
similarity index 100%
rename from base/resources/scripts/MakeWindows10GreatAgain.reg
rename to base/scripts/MakeWindows10GreatAgain.reg
diff --git a/base/resources/scripts/configure-ou.ps1 b/base/scripts/configure-ou.ps1
similarity index 85%
rename from base/resources/scripts/configure-ou.ps1
rename to base/scripts/configure-ou.ps1
index 8630787..9a2f116 100644
--- a/base/resources/scripts/configure-ou.ps1
+++ b/base/scripts/configure-ou.ps1
@@ -1,10 +1,12 @@
 # Purpose: Sets up the Server and Workstations OUs
 
-$ip=$args[0]
-$dc_name=$args[1]
-$domain=$args[2]
+Param (
+  [string]$Ip,
+  [string]$Domain,
+  [string]$DcName
+)
 
-$dc1,$dc2=$domain.split('.')
+$dc1,$dc2=$Domain.split('.')
 
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking AD services status..."
 $svcs = "adws","dns","kdc","netlogon"
@@ -14,7 +16,7 @@ Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status
 Add-Content "c:\windows\system32\drivers\etc\hosts" "        $ip    $dc"
 
 # Force DNS resolution of the domain
-ping /n 1 $dc_name.$domain
+ping /n 1 $DcName.$domain
 ping /n 1 $domain
 
 
@@ -26,7 +28,7 @@ try {
   Write-Host "Servers OU already exists. Moving On."
 }
 catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Servers" -Server "$dc_name.$domain"
+  New-ADOrganizationalUnit -Name "Servers" -Server "$DcName.$domain"
 }
 
 # Create the Workstations OU if it doesn't exist
@@ -36,7 +38,7 @@ try {
   Write-Host "Workstations OU already exists. Moving On."
 }
 catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Workstations" -Server "$dc_name.$domain"
+  New-ADOrganizationalUnit -Name "Workstations" -Server "$DcName.$domain"
 }
 
 # Sysprep breaks auto-login. Let's restore it here:
diff --git a/base/resources/scripts/configure-rdp-smb.ps1 b/base/scripts/configure-rdp-smb.ps1
similarity index 100%
rename from base/resources/scripts/configure-rdp-smb.ps1
rename to base/scripts/configure-rdp-smb.ps1
diff --git a/base/resources/scripts/create-forest.ps1 b/base/scripts/create-forest.ps1
similarity index 65%
rename from base/resources/scripts/create-forest.ps1
rename to base/scripts/create-forest.ps1
index cb56cad..d23c4e7 100644
--- a/base/resources/scripts/create-forest.ps1
+++ b/base/scripts/create-forest.ps1
@@ -1,17 +1,17 @@
 # Purpose: Creates the  domain
 # Source: https://github.com/StefanScherer/adfs2
 
-$ip=$args[0]
-$domain=$args[1]
-$dns=$args[2]
+Param (
+  [string]$Ip,
+  [string]$Name
+)
 
-$subnet=$ip -replace "\.\d+$", ""
+$subnet=$Ip -replace "\.\d+$", ""
 
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Forest $domain ..."
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Forest $Name ..."
 
 if ((gwmi win32_computersystem).partofdomain -eq $false) {
-
- . c:\vagrant\resources\scripts\prepare-domain.ps1 
+  $SecurePassword = "vagrant" | ConvertTo-SecureString -AsPlainText -Force
 
   # Windows Server 2016 R2
   Install-WindowsFeature AD-domain-services
@@ -21,14 +21,11 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) {
     -CreateDnsDelegation:$false `
     -DatabasePath "C:\Windows\NTDS" `
     -DomainMode "7" `
-    -DomainName $domain `
+    -DomainName $Name `
     -ForestMode "7" `
     -InstallDns:$true `
     -LogPath "C:\Windows\NTDS" `
     -NoRebootOnCompletion:$true `
     -SysvolPath "C:\Windows\SYSVOL" `
     -Force:$true
-  
- . c:\vagrant\resources\scripts\update-dns.ps1 
-
 }
diff --git a/base/resources/scripts/provision.ps1 b/base/scripts/fix-network.ps1
similarity index 71%
rename from base/resources/scripts/provision.ps1
rename to base/scripts/fix-network.ps1
index 49fb02d..e38e83c 100644
--- a/base/resources/scripts/provision.ps1
+++ b/base/scripts/fix-network.ps1
@@ -1,6 +1,16 @@
 # Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
 # Source: https://github.com/StefanScherer/adfs2
 
+Param (
+    [string]$Ip
+)
+
+$subnet = $Ip -replace "\.\d+$", ""
+
+# Change metric, default is private network 
+$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match $subnet}
+$adapters | ForEach-Object {$_.IPConnectionMetric = 1 }
+
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..."
 c:\windows\system32\tzutil.exe /s "UTC"
 
diff --git a/base/scripts/install-rsat.ps1 b/base/scripts/install-rsat.ps1
new file mode 100644
index 0000000..42a35da
--- /dev/null
+++ b/base/scripts/install-rsat.ps1
@@ -0,0 +1,21 @@
+if ((gwmi win32_computersystem).partofdomain -eq $false) {
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools"
+    Import-Module ServerManager
+    Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
+
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..."
+    # Disable password complexity policy
+    secedit /export /cfg C:\secpol.cfg
+    (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+    secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+    rm -force C:\secpol.cfg -confirm:$false
+
+    # Set administrator password
+    $computerName = $env:COMPUTERNAME
+    $adminPassword = "vagrant"
+    $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
+    $adminUser.SetPassword($adminPassword)
+
+    $PlainPassword = "vagrant" # "P@ssw0rd"
+    $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
+}
\ No newline at end of file
diff --git a/base/resources/scripts/join-domain.ps1 b/base/scripts/join-domain.ps1
similarity index 81%
rename from base/resources/scripts/join-domain.ps1
rename to base/scripts/join-domain.ps1
index 63516cc..91d07ea 100755
--- a/base/resources/scripts/join-domain.ps1
+++ b/base/scripts/join-domain.ps1
@@ -1,33 +1,36 @@
 # Purpose: Joins a Windows host to the windomain.local domain which was created with "create-domain.ps1".
 # Source: https://github.com/StefanScherer/adfs2
-$domain=$args[0]
-$dns=$args[1]
+
+
+Param (
+  [string]$Domain,
+  [string]$Dns
+)
 
 if ((gwmi win32_computersystem).partofdomain -eq $false) {
   $subnet = $dns -replace "\.\d+$", ""
 
   Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
-
   Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
 
   $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match $subnet}
-  $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($dns)}
+  $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($Dns)}
 
   Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..."
   $hostname = $(hostname)
-  $user = "$domain\vagrant"
+  $user = "$Domain\vagrant"
   $pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force
   $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
 
-  $dc1, $dc2=$domain.split('.')
+  $dc1, $dc2=$Domain.split('.')
   # Place the computer in the correct OU based on hostname
   If ($hostname -eq "srv") {
-    Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Servers,dc=$dc1,dc=$dc2" -PassThru
+    Add-Computer -DomainName $Domain -credential $DomainCred -OUPath "ou=Servers,dc=$dc1,dc=$dc2" -PassThru
   } ElseIf ($hostname -eq "win10") {
     Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
-    Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Workstations,dc=$dc1,dc=$dc2"
+    Add-Computer -DomainName $Domain -credential $DomainCred -OUPath "ou=Workstations,dc=$dc1,dc=$dc2"
   } Else {
-    Add-Computer -DomainName $domain -credential $DomainCred -PassThru
+    Add-Computer -DomainName $Domain -credential $DomainCred -PassThru
   }
 
   Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
diff --git a/base/resources/scripts/update-dns.ps1 b/base/scripts/update-dns.ps1
similarity index 83%
rename from base/resources/scripts/update-dns.ps1
rename to base/scripts/update-dns.ps1
index e52bf7a..cb6befc 100644
--- a/base/resources/scripts/update-dns.ps1
+++ b/base/scripts/update-dns.ps1
@@ -1,3 +1,9 @@
+Param (
+    [string]$Ip
+)
+
+$subnet = $Ip -replace "\.\d+$", ""
+
 $newDNSServers = "127.0.0.1", $dns
 $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
 if ($adapters) {

From de9b1902952579a7cd2f4d74daf9408fdc56487f Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Mon, 25 Jan 2021 14:44:27 +0100
Subject: [PATCH 4/7] Fix variable name

---
 base/scripts/configure-ou.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/base/scripts/configure-ou.ps1 b/base/scripts/configure-ou.ps1
index 9a2f116..8906958 100644
--- a/base/scripts/configure-ou.ps1
+++ b/base/scripts/configure-ou.ps1
@@ -13,7 +13,7 @@ $svcs = "adws","dns","kdc","netlogon"
 Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status
 
 # Hardcoding DC hostname in hosts file
-Add-Content "c:\windows\system32\drivers\etc\hosts" "        $ip    $dc"
+Add-Content "c:\windows\system32\drivers\etc\hosts" "        $Ip   $DcName"
 
 # Force DNS resolution of the domain
 ping /n 1 $DcName.$domain

From e181370fa8622702e4b73956b2d57e1ad1c8f53d Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Tue, 26 Jan 2021 14:15:32 +0100
Subject: [PATCH 5/7] Fix DNS

---
 base/scripts/update-dns.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base/scripts/update-dns.ps1 b/base/scripts/update-dns.ps1
index cb6befc..f2d407b 100644
--- a/base/scripts/update-dns.ps1
+++ b/base/scripts/update-dns.ps1
@@ -4,9 +4,9 @@ Param (
 
 $subnet = $Ip -replace "\.\d+$", ""
 
-$newDNSServers = "127.0.0.1", $dns
+$newDNSServers = "127.0.0.1", $Ip
 $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
 if ($adapters) {
-    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS to $dns"
+    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS to $newDNSServers"
     $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
 }

From 13c04ffe2b0e8723bb4961e32d12fd485ee8a570 Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Mon, 25 Jan 2021 14:47:18 +0100
Subject: [PATCH 6/7] Refactorization, based on "Base lab"

---
 admin-t1-restricted/README.md                 |   3 +-
 admin-t1-restricted/Vagrantfile               | 202 ++----------------
 admin-t1-restricted/enable-authpolicy.ps1     |   1 -
 .../scripts/MakeWindows10GreatAgain.ps1       |  30 ---
 .../scripts/MakeWindows10GreatAgain.reg       |  49 -----
 .../resources/scripts/add_user.ps1            |   6 +-
 ...configure-disable-windows-defender-gpo.ps1 |   9 +-
 .../resources/scripts/configure-ou.ps1        |  33 ---
 .../resources/scripts/create-domain.ps1       |  84 --------
 .../resources/scripts/fix-second-network.ps1  |  53 -----
 .../resources/scripts/join-domain.ps1         |  36 ----
 .../resources/scripts/provision.ps1           |  41 ----
 base/Vagrantfile                              |   2 +-
 base/scripts/join-domain.ps1                  |   4 +-
 14 files changed, 37 insertions(+), 516 deletions(-)
 delete mode 100644 admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.ps1
 delete mode 100644 admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.reg
 delete mode 100644 admin-t1-restricted/resources/scripts/configure-ou.ps1
 delete mode 100644 admin-t1-restricted/resources/scripts/create-domain.ps1
 delete mode 100755 admin-t1-restricted/resources/scripts/fix-second-network.ps1
 delete mode 100755 admin-t1-restricted/resources/scripts/join-domain.ps1
 delete mode 100644 admin-t1-restricted/resources/scripts/provision.ps1

diff --git a/admin-t1-restricted/README.md b/admin-t1-restricted/README.md
index 06e4a60..dd47753 100644
--- a/admin-t1-restricted/README.md
+++ b/admin-t1-restricted/README.md
@@ -118,7 +118,8 @@ SID               : S-1-5-21-1901789854-418502547-2738234678-1105
 
 Now, let's sign-out and enable the AuthenticationPolicy:
 ```
-$ vagrant powershell -c "c:\\vagrant\\enable-authpolicy.ps1" dc
+$ vagrant upload enable-authpolicy.ps1 c:\\ dc
+$ vagrant powershell -c "c:\\enable-authpolicy.ps1" dc
 ```
 
 This script adds a new AuthenticationPolicy, for the account `pikachu`, allowing him to only authenticate from `Client`.
diff --git a/admin-t1-restricted/Vagrantfile b/admin-t1-restricted/Vagrantfile
index 834ea50..fa185fb 100644
--- a/admin-t1-restricted/Vagrantfile
+++ b/admin-t1-restricted/Vagrantfile
@@ -1,201 +1,37 @@
+##################################################################
+# Load base lab
+
+load File.expand_path('../../base/Vagrantfile', __FILE__)
+
+# Overwrite base variables  
+
 CONFIG = { 
-  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc",},
-  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv"},
-  :client =>   {:memory => 2048, :cpus => 1, :name => "client"}
+  :dns => "8.8.8.8",
+  :dc =>       {:memory => 3072, :cpus => 2, :name => "dc", :domain => "windomain.local", :ip => "192.168.38.102" },
+  :srv =>      {:memory => 2048, :cpus => 2, :name => "srv", :domain => "windomain.local", :ip => "192.168.38.103"},
+  :client =>   {:memory => 2048, :cpus => 1, :name => "client", :domain => "windomain.local", :ip => "192.168.38.100"},
 }
+##################################################################
 
-Vagrant.configure("2") do |config|
 
-  unless Vagrant.has_plugin?("vagrant-reload")
-    raise 'vagrant-reload plugin is not installed!'
-  end
+BASE_SCRIPTS = "../base/scripts"
+SYNC_FOLDER="./resources/"
 
-  config.vm.define "dc" do |cfg|
-    cfg.vm.box = "peru/windows-server-2016-standard-x64-eval"
-    cfg.vm.hostname = CONFIG[:dc][:name]
-    cfg.vm.boot_timeout = 600
-    cfg.winrm.transport = :plaintext
-    cfg.vm.communicator = "winrm"
-    cfg.winrm.basic_auth_only = true
-
-    cfg.winrm.timeout = 300
-    cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.102", gateway: "192.168.38.1", dns: "8.8.8.8"
-    
-    # Added DNS here because libvirt fails to properly configure the windows client otherwise... :(
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.102 -dns 8.8.8.8 -gateway 192.168.38.1" 
+Vagrant.configure("2") do |config|
 
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/configure-ou.ps1", preserve_order: true, privileged: false
+  config.vm.define "dc" do |cfg|
     cfg.vm.provision "shell", path: "resources/scripts/configure-claims-gpo.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/configure-disable-windows-defender-gpo.ps1", preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/add_user.ps1", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/configure-disable-windows-defender-gpo.ps1", 
+              :args => "-Domain #{CONFIG[:dc][:domain]}", preserve_order: true, privileged: false
+    cfg.vm.provision "shell", path: "resources/scripts/add_user.ps1", :args => "-Domain #{CONFIG[:dc][:domain]}", preserve_order: true, privileged: false
     cfg.vm.provision "reload"
 
-    cfg.vm.provider "libvirt" do |libvirt, override|
-      libvirt.cpus = CONFIG[:dc][:cpus] 
-      libvirt.memory = CONFIG[:dc][:memory]
-      # Relax constraints on timers
-      libvirt.hyperv_feature :name => 'relaxed', :state => 'on'
-      # Enable virtual APIC
-      libvirt.hyperv_feature :name => 'vapic', :state => 'on'
-
-      # sync_folder is not by default on all providers
-      # Furthermore, it could not be the default provider :
-      # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11
-
-      # We'll need vagrant-winrm-syncedfolders plugin
-
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
-    end
-
-  
-    cfg.vm.provider "vmware_desktop" do |v, override|
-      override.vm.box = "detectionlab/win2016"
-      v.vmx["displayname"] = CONFIG[:dc][:name] 
-      v.memory = CONFIG[:dc][:memory] 
-      v.cpus = CONFIG[:dc][:cpus] 
-      v.gui = true
-      v.enable_vmrun_ip_lookup = false
-    end
-
-    cfg.vm.provider "virtualbox" do |vb, override|
-      vb.gui = true
-      vb.name = CONFIG[:dc][:name] 
-      vb.default_nic_type = "82545EM"
-      vb.customize ["modifyvm", :id, "--memory", CONFIG[:dc][:memory] ]
-      vb.customize ["modifyvm", :id, "--cpus", CONFIG[:dc][:cpus] ]
-      vb.customize ["modifyvm", :id, "--vram", "32"]
-      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
-      vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
-      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
-
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
-    end
-
   end
 
   config.vm.define "srv" do |cfg|
-    cfg.vm.box = "peru/windows-server-2016-standard-x64-eval"
-    cfg.vm.hostname = CONFIG[:srv][:name]
-    cfg.vm.boot_timeout = 600
-    cfg.vm.communicator = "winrm"
-    cfg.winrm.basic_auth_only = true
-    cfg.winrm.timeout = 300
-    cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "192.168.38.102"
-
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.103 -dns 8.8.8.8 -gateway 192.168.38.1" 
-
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", inline: "cscript c:\\windows\\system32\\slmgr.vbs -rearm",  preserve_order: true, privileged: false
-    cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
     cfg.vm.provision "shell", path: "resources/scripts/get-mimikatz.ps1",  preserve_order: true, privileged: false
     cfg.vm.provision "shell", path: "resources/scripts/local_groups.ps1",  preserve_order: true, privileged: false
     cfg.vm.provision "shell", path: "resources/scripts/enable-restricted-admin.ps1",  preserve_order: true, privileged: false
-
-    cfg.vm.provider "libvirt" do |libvirt, override|
-      libvirt.cpus = CONFIG[:srv][:cpus] 
-      libvirt.memory = CONFIG[:srv][:memory]
-      # Relax constraints on timers
-      libvirt.hyperv_feature :name => 'relaxed', :state => 'on'
-      # Enable virtual APIC
-      libvirt.hyperv_feature :name => 'vapic', :state => 'on'
-
-      # sync_folder is not by default on all providers
-      # Furthermore, WinRM could not be the default provider :
-      # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11
-
-      # We'll need vagrant-winrm-syncedfolders plugin
-
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
-    end
-
-    cfg.vm.provider "vmware_desktop" do |v, override|
-      override.vm.box = "detectionlab/win2016"
-      v.vmx["displayname"] = CONFIG[:srv][:name]
-      v.memory = CONFIG[:srv][:memory]
-      v.cpus = CONFIG[:srv][:cpus]
-      v.gui = true
-      v.enable_vmrun_ip_lookup = false
-    end
-
-    cfg.vm.provider "virtualbox" do |vb, override|
-      vb.gui = true
-      vb.name = CONFIG[:srv][:name]
-      vb.default_nic_type = "82545EM"
-      vb.customize ["modifyvm", :id, "--memory", CONFIG[:srv][:memory]]
-      vb.customize ["modifyvm", :id, "--cpus", CONFIG[:srv][:cpus]]
-      vb.customize ["modifyvm", :id, "--vram", "32"]
-      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
-      vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
-      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
-
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
-    end
-
   end
 
-  config.vm.define "client" do |cfg|
-    cfg.vm.box = "peru/windows-10-enterprise-x64-eval"
-    cfg.vm.hostname = CONFIG[:client][:name]
-    cfg.vm.boot_timeout = 1200
-    cfg.vm.communicator = "winrm"
-    cfg.winrm.basic_auth_only = true
-    cfg.winrm.timeout = 1200
-    cfg.winrm.retry_limit = 20
-    cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102"
-    
-    cfg.vm.provision "shell", path: "resources/scripts/fix-second-network.ps1", preserve_order: true, privileged: true, args: "-ip 192.168.38.104 -dns 8.8.8.8 -gateway 192.168.38.1" 
-    cfg.vm.provision "shell", path: "resources/scripts/MakeWindows10GreatAgain.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-    cfg.vm.provision "shell", inline: "cscript c:\\windows\\system32\\slmgr.vbs -rearm",  preserve_order: true, privileged: false
-    cfg.vm.provision "reload"
-    cfg.vm.provision "shell", path: "resources/scripts/provision.ps1",  preserve_order: true, privileged: false
-
-    cfg.vm.provider "libvirt" do |libvirt, override|
-      libvirt.cpus = CONFIG[:client][:cpus] 
-      libvirt.memory = CONFIG[:client][:memory]
-      # Relax constraints on timers
-      libvirt.hyperv_feature :name => 'relaxed', :state => 'on'
-      # Enable virtual APIC
-      libvirt.hyperv_feature :name => 'vapic', :state => 'on'
-
-      # sync_folder is not by default on all providers
-      # Furthermore, it could not be the default provider :
-      # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11
-
-      # We'll need vagrant-winrm-syncedfolders plugin
-
-      override.vm.synced_folder 'resources/', '/vagrant', type: 'winrm' 
-    end
-    
-    cfg.vm.provider "vmware_desktop" do |v, override|
-      override.vm.box = "detectionlab/win10"
-      v.vmx["displayname"] = CONFIG[:client][:name]
-      v.vmx["gui.fullscreenatpoweron"] = "FALSE"
-      v.vmx["gui.viewModeAtPowerOn"] = "windowed"
-      v.memory = CONFIG[:client][:memory]
-      v.cpus = CONFIG[:client][:cpus]
-      v.gui = true
-      v.enable_vmrun_ip_lookup = false
-    end
-
-    cfg.vm.provider "virtualbox" do |vb, override|
-      vb.gui = true
-      vb.name = CONFIG[:client][:name]
-      vb.default_nic_type = "82545EM"
-      vb.customize ["modifyvm", :id, "--memory", CONFIG[:client][:memory]]
-      vb.customize ["modifyvm", :id, "--cpus", CONFIG[:client][:cpus]]
-      vb.customize ["modifyvm", :id, "--vram", "32"]
-      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
-      vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
-      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
-
-      override.vm.synced_folder './', '/vagrant', type: 'virtualbox'
-    end
-  end
 end
diff --git a/admin-t1-restricted/enable-authpolicy.ps1 b/admin-t1-restricted/enable-authpolicy.ps1
index 3570b8e..5228d3a 100644
--- a/admin-t1-restricted/enable-authpolicy.ps1
+++ b/admin-t1-restricted/enable-authpolicy.ps1
@@ -1,5 +1,4 @@
 $password = ConvertTo-SecureString "vagrant" -AsPlainText -Force
-
 $Cred = New-Object System.Management.Automation.PSCredential ("Administrator", $password)
 
 $computer = Get-ADComputer -Identity client
diff --git a/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.ps1 b/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.ps1
deleted file mode 100644
index 06c9ea3..0000000
--- a/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.ps1
+++ /dev/null
@@ -1,30 +0,0 @@
-# Import the registry keys
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Making Windows 10 Great again"
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing registry keys..."
-regedit /s a:\MakeWindows10GreatAgain.reg
-
-# Remove OneDrive from the System
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing OneDrive..."
-$onedrive = Get-Process onedrive -ErrorAction SilentlyContinue
-if ($onedrive) {
-  taskkill /f /im OneDrive.exe
-}
-c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
-
-# Fix in 1903
-#Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..."
-#$appname = "Microsoft Edge"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-#$appname = "Microsoft Store"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-#$appname = "Mail"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..."
-powercfg -change -monitor-timeout-ac 0
-powercfg -change -standby-timeout-ac 0
-powercfg -change -hibernate-timeout-ac 0
-
-# Remove the Edge shortcut from the Desktop
-$lnkPath = "c:\Users\vagrant\Desktop\Microsoft Edge.lnk"
-if (Test-Path $lnkPath) { Remove-Item $lnkPath }
diff --git a/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.reg b/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.reg
deleted file mode 100644
index e8ed2d4..0000000
--- a/admin-t1-restricted/resources/scripts/MakeWindows10GreatAgain.reg
+++ /dev/null
@@ -1,49 +0,0 @@
-Windows Registry Editor Version 5.00
-
-# Disable Cortana (Windows search still remains)
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
-"AllowCortana"=dword:00000000
-
-# Disable Notification Center
-[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer]
-"DisableNotificationCenter"=dword:00000001
-
-# Don't reboot when users are logged in for Windows updates
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
-"NoAutoRebootWithLoggedOnUsers"=dword:00000001
-
-# Disable Microsoft.com accounts
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
-"NoConnectedUser"=dword:00000003
-
-# Show all file extensions
-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
-"HideFileExt"=dword:00000000
-
-# Set explorer to open to "This PC" for new windows
-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
-"LaunchTo"=dword:00000001
-
-# Show hidden files (not including OS files)
-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
-"Hidden"=dword:00000001
-
-# Show "This PC" on Desktop
-# Created by: Shawn Brink
-# http://www.tenforums.com
-[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
-"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
-
-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
-"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
-
-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
-"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
-
-# Enable Developer Mode (prerequisite for Linux subsystem)
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock]
-"AllowDevelopmentWithoutDevLicense"=dword:00000001
-
-# Disable Microsoft People icon from taskbar
-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People]
-"PeopleBand"=dword:00000000
diff --git a/admin-t1-restricted/resources/scripts/add_user.ps1 b/admin-t1-restricted/resources/scripts/add_user.ps1
index e17b102..839ee41 100644
--- a/admin-t1-restricted/resources/scripts/add_user.ps1
+++ b/admin-t1-restricted/resources/scripts/add_user.ps1
@@ -1,8 +1,12 @@
+Param (
+    [string]$Domain
+)
+
 Import-Module ActiveDirectory
 
 New-ADGroup -Name "Servers Administrators" -SamAccountName ServersAdministrators -GroupCategory Security -GroupScope Global -DisplayName "Servers Administrators" -Path "CN=Users,DC=windomain,DC=local" -Description "Members of this group are administrators of servers"
 
-New-ADUser -Name "pikachu" -GivenName "Pik" -Surname "Achu" -SamAccountName "pikachu" -UserPrincipalName "pikachu@windomain.local" -AccountPassword (ConvertTo-SecureString -AsPlainText "Bonjour1!" -Force) -Enabled $true
+New-ADUser -Name "pikachu" -GivenName "Pik" -Surname "Achu" -SamAccountName "pikachu" -UserPrincipalName "pikachu@$Domain" -AccountPassword (ConvertTo-SecureString -AsPlainText "Bonjour1!" -Force) -Enabled $true
 
 Get-ADGroup -Identity "ServersAdministrators" | Add-ADGroupMember -Members "pikachu"
 Get-ADGroup -Identity "Remote Desktop Users" | Add-ADGroupMember -Members "ServersAdministrators"
diff --git a/admin-t1-restricted/resources/scripts/configure-disable-windows-defender-gpo.ps1 b/admin-t1-restricted/resources/scripts/configure-disable-windows-defender-gpo.ps1
index 0a4e062..d5b3912 100644
--- a/admin-t1-restricted/resources/scripts/configure-disable-windows-defender-gpo.ps1
+++ b/admin-t1-restricted/resources/scripts/configure-disable-windows-defender-gpo.ps1
@@ -1,8 +1,15 @@
 # Purpose: Install the GPO that disables Windows Defender
+
+Param (
+    [string]$Domain
+)
+
+$dc1,$dc2=$Domain.split('.')
+
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to disable Windows Defender..."
 Import-GPO -BackupGpoName 'Disable Windows Defender' -Path "c:\vagrant\resources\GPO\disable_windows_defender" -TargetName 'Disable Windows Defender' -CreateIfNeeded
 
-$OU = "ou=Servers,dc=windomain,dc=local"
+$OU = "ou=Servers,dc=$dc1,dc=$dc2"
 $gPLinks = $null
 $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
 $GPO = Get-GPO -Name 'Disable Windows Defender'
diff --git a/admin-t1-restricted/resources/scripts/configure-ou.ps1 b/admin-t1-restricted/resources/scripts/configure-ou.ps1
deleted file mode 100644
index effbd38..0000000
--- a/admin-t1-restricted/resources/scripts/configure-ou.ps1
+++ /dev/null
@@ -1,33 +0,0 @@
-# Purpose: Sets up the Server and Workstations OUs
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking AD services status..."
-$svcs = "adws","dns","kdc","netlogon"
-Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status
-
-# Hardcoding DC hostname in hosts file
-Add-Content "c:\windows\system32\drivers\etc\hosts" "        192.168.38.102    dc.windomain.local"
-
-# Force DNS resolution of the domain
-ping /n 1 dc.windomain.local
-ping /n 1 windomain.local
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Server and Workstation OUs..."
-# Create the Servers OU if it doesn't exist
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Server OU"
-try {
-  Get-ADOrganizationalUnit -Identity 'OU=Servers,DC=windomain,DC=local' | Out-Null
-  Write-Host "Servers OU already exists. Moving On."
-}
-catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local"
-}
-
-# Create the Workstations OU if it doesn't exist
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Workstations OU"
-try {
-  Get-ADOrganizationalUnit -Identity 'OU=Workstations,DC=windomain,DC=local' | Out-Null
-  Write-Host "Workstations OU already exists. Moving On."
-}
-catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-  New-ADOrganizationalUnit -Name "Workstations" -Server "dc.windomain.local"
-}
diff --git a/admin-t1-restricted/resources/scripts/create-domain.ps1 b/admin-t1-restricted/resources/scripts/create-domain.ps1
deleted file mode 100644
index 0cef2c3..0000000
--- a/admin-t1-restricted/resources/scripts/create-domain.ps1
+++ /dev/null
@@ -1,84 +0,0 @@
-# Purpose: Creates the "windomain.local" domain
-# Source: https://github.com/StefanScherer/adfs2
-param ([String] $ip)
-
-$subnet = $ip -replace "\.\d+$", ""
-
-$domain= "windomain.local"
-
-if ((gwmi win32_computersystem).partofdomain -eq $false) {
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools"
-  Import-Module ServerManager
-  Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..."
-  # Disable password complexity policy
-  secedit /export /cfg C:\secpol.cfg
-  (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
-  secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
-  rm -force C:\secpol.cfg -confirm:$false
-
-  # Set administrator password
-  $computerName = $env:COMPUTERNAME
-  $adminPassword = "vagrant"
-  $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
-  $adminUser.SetPassword($adminPassword)
-
-  $PlainPassword = "vagrant" # "P@ssw0rd"
-  $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
-
-  # Windows Server 2016 R2
-  Install-WindowsFeature AD-domain-services
-  Import-Module ADDSDeployment
-  Install-ADDSForest `
-    -SafeModeAdministratorPassword $SecurePassword `
-    -CreateDnsDelegation:$false `
-    -DatabasePath "C:\Windows\NTDS" `
-    -DomainMode "7" `
-    -DomainName $domain `
-    -DomainNetbiosName "WINDOMAIN" `
-    -ForestMode "7" `
-    -InstallDns:$true `
-    -LogPath "C:\Windows\NTDS" `
-    -NoRebootOnCompletion:$true `
-    -SysvolPath "C:\Windows\SYSVOL" `
-    -Force:$true
-
-  $newDNSServers = "127.0.0.1", "8.8.8.8", "4.4.4.4"
-  $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) }
-  if ($adapters) {
-    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS"
-    $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
-  }
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC"
-  c:\windows\system32\tzutil.exe /s "UTC"
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Excluding NAT interface from DNS"
-  $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "172.25.*" }
-  $dnslistenip=$nics.IPAddress
-  $dnslistenip
-  dnscmd /ResetListenAddresses  $dnslistenip
-
-  $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "10.*" }
-  foreach($nic in $nics)
-  {
-    $nic.DomainDNSRegistrationEnabled = $false
-    $nic.SetDynamicDNSRegistration($false) |Out-Null
-    }
-
-
- #Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@" |Select-Object HostName,RecordType -ExpandProperty RecordData |Where-Object {$_.IPv4Address -ilike "10.*"}|Remove-DnsServerResourceRecord
- $RRs= Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@"
-
- foreach($RR in $RRs)
- {
-  if ( (Select-Object  -InputObject $RR HostName,RecordType -ExpandProperty RecordData).IPv4Address -ilike "10.*")
-  {
-   Remove-DnsServerResourceRecord -ZoneName $domain -RRType A -Name "@" -RecordData $RR.RecordData.IPv4Address -Confirm
-  }
-
- }
-  Restart-Service DNS
-
-}
diff --git a/admin-t1-restricted/resources/scripts/fix-second-network.ps1 b/admin-t1-restricted/resources/scripts/fix-second-network.ps1
deleted file mode 100755
index d38f7fe..0000000
--- a/admin-t1-restricted/resources/scripts/fix-second-network.ps1
+++ /dev/null
@@ -1,53 +0,0 @@
-# Source: https://github.com/StefanScherer/adfs2
-param ([String] $ip, [String] $dns, [String] $gateway)
-
-if ( (Get-NetAdapter | Select-Object -First 1 | Select-Object -ExpandProperty InterfaceDescription).Contains('Red Hat VirtIO')) {
-  Write-Host "Setting Network Configuration for LibVirt interface"
-  $subnet = $ip -replace "\.\d+$", ""
-  $name = (Get-NetIPAddress -AddressFamily IPv4 `
-     | Where-Object -FilterScript { ($_.IPAddress).StartsWith("$subnet") } `
-     ).InterfaceAlias
-  if ($name) {
-    Write-Host "Set IP address to $ip of interface $name"
-    & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$gateway"
-    if ($dns) {
-      Write-Host "Set DNS server address to $dns of interface $name"
-      & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1
-    }
-  } else {
-    Write-Error "Could not find a interface with subnet $subnet.xx"
-  }
-  
-  exit 0
-}
-
-if (! (Test-Path 'C:\Program Files\VMware\VMware Tools') ) {
-  Write-Host "Nothing to do for other providers than VMware."
-  exit 0
-}
-
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date))"
-Write-Host "Setting IP address and DNS information for the Ethernet1 interface"
-Write-Host "If this step times out, it's because vagrant is connecting to the VM on the wrong interface"
-Write-Host "See https://github.com/clong/DetectionLab/issues/114 for more information"
-
-$subnet = $ip -replace "\.\d+$", ""
-$name = (Get-NetIPAddress -AddressFamily IPv4 `
-   | Where-Object -FilterScript { ($_.IPAddress).StartsWith($subnet) } `
-   ).InterfaceAlias
-if (!$name) {
-  $name = (Get-NetIPAddress -AddressFamily IPv4 `
-     | Where-Object -FilterScript { ($_.IPAddress).StartsWith("169.254.") } `
-     ).InterfaceAlias
-}
-if ($name) {
-  Write-Host "Set IP address to $ip of interface $name"
-  & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$subnet.1"
-  if ($dns) {
-    Write-Host "Set DNS server address to $dns of interface $name"
-    & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1
-  }
-} else {
-  Write-Error "Could not find a interface with subnet $subnet.xx"
-}
diff --git a/admin-t1-restricted/resources/scripts/join-domain.ps1 b/admin-t1-restricted/resources/scripts/join-domain.ps1
deleted file mode 100755
index b7dab96..0000000
--- a/admin-t1-restricted/resources/scripts/join-domain.ps1
+++ /dev/null
@@ -1,36 +0,0 @@
-# Purpose: Joins a Windows host to the windomain.local domain which was created with "create-domain.ps1".
-# Source: https://github.com/StefanScherer/adfs2
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
-$newDNSServers = "192.168.38.102"
-$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.38."}
-$adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..."
-$hostname = $(hostname)
-$user = "windomain.local\vagrant"
-$pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force
-$DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass
-
-# Place the computer in the correct OU based on hostname
-If ($hostname -eq "srv") {
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru
-} ElseIf ($hostname -eq "win10") {
-  Write-Host "Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Workstations,dc=windomain,dc=local"
-} Else {
-  Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru
-}
-
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
-Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
-
-# Stop Windows Update
-Write-Host "Disabling Windows Updates and Windows Module Services"
-Set-Service wuauserv -StartupType Disabled
-Stop-Service wuauserv
-Set-Service TrustedInstaller -StartupType Disabled
-Stop-Service TrustedInstaller
diff --git a/admin-t1-restricted/resources/scripts/provision.ps1 b/admin-t1-restricted/resources/scripts/provision.ps1
deleted file mode 100644
index d6ba17e..0000000
--- a/admin-t1-restricted/resources/scripts/provision.ps1
+++ /dev/null
@@ -1,41 +0,0 @@
-# Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
-# Source: https://github.com/StefanScherer/adfs2
-
-$box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName"
-$box = $box.ComputerName.ToString().ToLower()
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..."
-c:\windows\system32\tzutil.exe /s "UTC"
-
-# Ping DetectionLab server for usage statistics
-# curl -userAgent "DetectionLab-$box" "https://detectionlab.network/$box" -UseBasicParsing | out-null
-
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disable IPv6 on all network adaptpers..."
-Get-NetAdapterBinding -ComponentID ms_tcpip6 | ForEach-Object {Disable-NetAdapterBinding -Name $_.Name -ComponentID ms_tcpip6}
-Get-NetAdapterBinding -ComponentID ms_tcpip6 
-# https://support.microsoft.com/en-gb/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users
-reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f
-
-if ($env:COMPUTERNAME -imatch 'vagrant') {
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Hostname is still the original one, skip provisioning for reboot..."
-
-  Write-Host -fore red 'Hint: vagrant reload' $box '--provision'
-
-} elseif ((gwmi win32_computersystem).partofdomain -eq $false) {
-
-  Write-Host -fore red "$('[{0:HH:mm}]' -f (Get-Date)) Current domain is set to 'workgroup'. Time to join the domain!"
-
-  if ($env:COMPUTERNAME -imatch 'dc') {
-    . c:\vagrant\resources\scripts\create-domain.ps1 192.168.38.102
-  } else {
-    . c:\vagrant\resources\scripts\join-domain.ps1
-  }
-  Write-Host -fore red 'Hint: vagrant reload' $box '--provision'
-
-} else {
-
-  Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!"
-
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Provisioning after joining domain..."
-}
diff --git a/base/Vagrantfile b/base/Vagrantfile
index a7cb9f5..3463c8b 100644
--- a/base/Vagrantfile
+++ b/base/Vagrantfile
@@ -5,7 +5,7 @@ CONFIG = {
   :dns => "8.8.8.8",
   :dc =>       {:memory => 3072, :cpus => 2, :name => "dc", :domain => "windomain.local", :ip => "192.168.38.102" },
   :srv =>      {:memory => 2048, :cpus => 2, :name => "srv", :domain => "windomain.local", :ip => "192.168.38.103"},
-  :client =>   {:memory => 2048, :cpus => 1, :name => "win10", :domain => "windomain.local", :ip => "192.168.38.100"},
+  :client =>   {:memory => 2048, :cpus => 1, :name => "client", :domain => "windomain.local", :ip => "192.168.38.100"},
 }
 
 # Directory were base script are located
diff --git a/base/scripts/join-domain.ps1 b/base/scripts/join-domain.ps1
index 91d07ea..961ac09 100755
--- a/base/scripts/join-domain.ps1
+++ b/base/scripts/join-domain.ps1
@@ -10,8 +10,8 @@ Param (
 if ((gwmi win32_computersystem).partofdomain -eq $false) {
   $subnet = $dns -replace "\.\d+$", ""
 
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..."
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..."
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain $Domain ..."
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain ($Dns)..."
 
   $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match $subnet}
   $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($Dns)}

From 6adb4f56911f74b88302fdd859f90927e55edd42 Mon Sep 17 00:00:00 2001
From: Olivier Dembour <33929198+alex-sector@users.noreply.github.com>
Date: Tue, 26 Jan 2021 14:56:11 +0100
Subject: [PATCH 7/7] W2k16 -> W2k19

---
 admin-t1-restricted/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin-t1-restricted/README.md b/admin-t1-restricted/README.md
index dd47753..98b2dd2 100644
--- a/admin-t1-restricted/README.md
+++ b/admin-t1-restricted/README.md
@@ -35,11 +35,11 @@ Lab
 -
 
 This lab contains:
-* A Win2016 domain "windomain.local" with:
+* A Win2019 domain "windomain.local" with:
     * User `Pik Achu <pikachu@windomain.local>`, Tier 1 Administrator, password `Bonjour1!`
     * Domain Administrator, password `vagrant`
-* A Win2016 DC
-* A Win2016 server `SRV`, considered in the Tier-1, with *RestrictedAdmin* enabled
+* A Win2019 DC
+* A Win2019 server `SRV`, considered in the Tier-1, with *RestrictedAdmin* enabled
 * A Win10 client `Client`, considered as the administration station for Tier-1
 
 Setup