{"id":14064323,"url":"https://github.com/dbroeglin/windows-lab","last_synced_at":"2025-07-27T02:32:11.986Z","repository":{"id":137806477,"uuid":"45309311","full_name":"dbroeglin/windows-lab","owner":"dbroeglin","description":"Windows Automated Lab with Vagrant","archived":false,"fork":false,"pushed_at":"2018-06-14T23:58:13.000Z","size":56,"stargazers_count":83,"open_issues_count":3,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-13T07:06:32.495Z","etag":null,"topics":["adfs","automated","configuration-management","delegation","experimental","iis","kerberos","lab","netscaler","powershell","vagrant","wia-authentication","windows"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dbroeglin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-31T16:31:56.000Z","updated_at":"2024-07-14T06:31:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"f748d980-ae17-4f32-9419-4ba652339426","html_url":"https://github.com/dbroeglin/windows-lab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbroeglin%2Fwindows-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbroeglin%2Fwindows-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbroeglin%2Fwindows-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbroeglin%2Fwindows-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dbroeglin","download_url":"https://codeload.github.com/dbroeglin/windows-lab/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227750185,"owners_count":17814129,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adfs","automated","configuration-management","delegation","experimental","iis","kerberos","lab","netscaler","powershell","vagrant","wia-authentication","windows"],"created_at":"2024-08-13T07:03:48.808Z","updated_at":"2024-12-02T15:16:29.422Z","avatar_url":"https://github.com/dbroeglin.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"# Lab \n\nThe lab is setup as described in the diagram:\n\n    172.16.124.0/24\n    +-----------------------------------------------------+\n        .50 |     .51 |        .52 |        .53 |\n            |         |            |            |\n            |         |            |            |\n        +------+  +-------+  +----------+  +--------+\n        |      |  |       |  |          |  |        |\n        | dc01 |  | web01 |  | client01 |  | adfs01 |\n        |      |  |       |  |          |  |        |\n        +------+  +-------+  +----------+  +--------+\n\n* `dc01`: setup a _domain controller_ for domain `lab.local`, all other\nservers are joined to the domain.\n* `web01`: setup an _IIS_ server for FQDN `www.lab.local` with windows \nintegrated authentication activated.\n* `client01`: another server that acts as a client. Chrome is installed and\nsetup to work do allow for WIA authentication with *.lab.local.\n* `adfs01`: [EXPERIMENTAL] setup an ADFS server for experimentation with \n_external_ domain `extlab.local`.\n\n# Run\n\nBefore you run `vagrant up` edit the `Vagrantfile` to adapt those variables:\n\n    $NET_PREFIX       = \"172.16.124\"\n    $BRIDGE_IF        = \"vmnet1\"\n    $DOWNLOADS_DIR    = \"/Volumes/EXT/Downloads\"\n\nThe network prefix should be adapted to whatever network you bridge too (make\nsure the IPs 50 to 53 are free or change them as well in the file). All VMs\nare bridge to the same interface. In my case the VMWare network that hosts my\nvirtual Netscaler instance. The download dir should contain `googlechromestandaloneenterprise.msi`\nwhich can be downloaded from here: https://www.google.com/work/chrome/chrome-browser/\n\n# Tests\n\nTo test that IIS and WIA authentication are properly setup go to the `client01` \nVM, open a PowerShell console and execute the following command:\n\n    C:\\Sysinternals\\psexec -accepteula -u LAB\\Alice -p Passw0rd \"C:\\Program Files\\Internet Explorer\\iexplore\" http://www.lab.local/\n\nIf everything went according to plan you should see `Hello World!` in the browser.\n\n# Annex 1: NetScaler Setup\n\n## Lab setup for NetScaler testing\n\nI also use the lab for NetScaler configuration testing. In which case I would launch NetScaler in VMWare Fusion (hence the bridge with `vmnet1`):\n\n\n                                +------+\n                                |      |\n                                | ns01 |\n                                |      |\n                                +--+---+\n                                    |\n                           NSIP .10 | .11 SNIP\n    172.16.124.0/24                 | .12 VIP\n    +-------+---------+------------++-----------+---------+\n        .50 |     .51 |        .52 |        .53 |\n            |         |            |            |\n            |         |            |            |\n        +---+--+  +---+---+  +-----+----+  +----+---+\n        |      |  |       |  |          |  |        |\n        | dc01 |  | web01 |  | client01 |  | adfs01 |\n        |      |  |       |  |          |  |        |\n        +------+  +-------+  +----------+  +--------+\n\nTo test NetScaler authentication: ensure the lab was created with variable environment `WITH_NETSCALER` set to `true` or execute provisioning files `03_populate_AD2.ps1` in `DC01` and `05_populate_adfs.ps1` in `ADFS01`.\n\n## NetScaler configuration\n\nAfter provisioning a NetScaler instance place a license file in the `licenses` directory (by default the script uses `ns01.lic`)\n\nTo connect to the NetScaler instance:\n\n    ./NSConfig.ps1 -Connect\n\nThis command will completely reset your NetScaler instance to prepare it for a new configuration:\n\n    ./NSConfig.ps1 -Reset\n    ./NSConfig.ps1 -Bootstrap\n\nFinally deploying the configuration is done with:\n\n    ./NSConfig.ps1 -Verbose\n\nIf you do not require a full instance reset (with certificate file and license cleanup), you can use:\n\n    Clear-NSConfig -Level Full -Force; ./NSConfig.ps1 -Verbose\n\nThose two commands allow for a faster feedback loop when working on the NetScaler configuration.\n\n## NetScaler configuration testing\n\nTo test the NetScaler configuration, just enter [https://www.extlab.local][https://www.extlab.local] into a browser in the `client01` host.\n\n# Annex 2: Certificate generation\n\nWe use auto-signed SSL certificates in the lab. They are stored in the `certs` directory and where generated with the code present in `Contrib\\New-TestCertificates.ps1`.\n\nThe _ADFS Token Signing_ certificate is generated during ADFS installation and stored in the `tmp` directory. The certificate is then reused by the NetScaler configuration script. This directory's content is not committed to source control because each ADFS installation will be different.\n\n# Annex 3: Generating the lab's Windows base box\n\nVagrant uses _base boxes_ to build virtual machines. To build the _base box_ for this lab you will need to install [Packer][https://www.packer.io/] and :\n\n    git clone https://github.com/dbroeglin/packer-templates.git\n    cd packer-templates\n    packer build -force -only virtualbox-iso vbox-2012r2-wmf5.json\n\nOnce the _base box_ is built, import it with the following command:\n\n    vagrant box add --name windows2012r2min-wmf5-virtualbox windows2012r2min-wmf5-virtualbox.box\n\nYou should be ready to go. \n\nBefore running packer, you might want to customize the build to your preferences. For instance, the keyboard layout can be changed here: https://github.com/dbroeglin/packer-templates/blob/master/scripts/postunattend.xml#L14","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbroeglin%2Fwindows-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdbroeglin%2Fwindows-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbroeglin%2Fwindows-lab/lists"}