PowerShell 搭建AD域渗透环境

同一台虚拟机需要重置SID

%WINDIR%\system32\sysprep\sysprep.exe /generalize /restart /oobe

森林

#更改主机名
#Rename-Computer -NewName "dc"

#设置静态地址
New-NetIPAddress –IPAddress  10.10.10.10 -DefaultGateway 10.10.10.1 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex
#设置DNS
Set-DNSClientServerAddress -InterfaceIndex(Get-NetAdapter).InterfaceIndex -ServerAddresses 10.10.10.10

#密码永不过期
Set-LocalUser -Name "administrator" -PasswordNeverExpires 1

#关闭密码复杂度
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false

#设置密码最长时间
net accounts /MAXPWAGE:999

#
Install-WindowsFeature RSAT-AD-PowerShell
Get-WindowsFeature -Name RSAT-AD-PowerShell


#获取域安装信息
Get-WindowsFeature "*ad*"
#安装域控
Install-WindowsFeature ad-domain-services -IncludeAllSubFeature -IncludeManagementTools

Get-WindowsFeature "*ad*"

$SecurePwd = ConvertTo-SecureString "abcABC123" -AsPlainText -Force
#建立域
Install-ADDSForest -DomainName "sectest.com" -InstallDNS -SafeModeAdministratorPassword $SecurePwd -NoRebootOnCompletion -Force



#关闭休眠
powercfg.exe -x -monitor-timeout-ac 0
powercfg.exe -x -monitor-timeout-dc 0
powercfg.exe -x -disk-timeout-ac 0
powercfg.exe -x -disk-timeout-dc 0
powercfg.exe -x -standby-timeout-ac 0
powercfg.exe -x -standby-timeout-dc 0
powercfg.exe -x -hibernate-timeout-ac 0
powercfg.exe -x -hibernate-timeout-dc 0

#关闭防火墙
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Get-NetFirewallProfile

#关闭Windows AV
Set-MpPreference -DisableRealtimeMonitoring $true
Set-MpPreference -DisableArchiveScanning $True
Set-MpPreference -DisableRemovableDriveScanning $True
Set-MpPreference -SubmitSamplesConsent 2
Set-MpPreference -MAPSReporting Disable
#Uninstall-WindowsFeature -Name Windows-Defender

#设置域用户密码永不过期
#Import-Module ActiveDirectory
#Get-ADUser -Filter * | Set-ADUser -PasswordNeverExpires:$True

#重启电脑
Restart-Computer

子域

PC

上一页域环境下一页红日靶场

最后更新于

这有帮助吗?