TP1
This commit is contained in:
0
.gitignore
vendored
Normal file
0
.gitignore
vendored
Normal file
28
AD.ps1
28
AD.ps1
@@ -1,28 +0,0 @@
|
||||
function Get-RandomPassword {
|
||||
Add-Type -AssemblyName System.Web
|
||||
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
||||
}
|
||||
|
||||
# OU Creation
|
||||
New-ADOrganizationalUnit -Name "COMPTABLE" -Path "DC=chromatic,DC=moe" -ProtectedFromAccidentalDeletion $true
|
||||
New-ADOrganizationalUnit -Name "STAGIAIRE" -Path "DC=chromatic,DC=moe" -ProtectedFromAccidentalDeletion $true
|
||||
New-ADOrganizationalUnit -Name "ADMINISTRATION" -Path "DC=chromatic,DC=moe" -ProtectedFromAccidentalDeletion $true
|
||||
New-ADOrganizationalUnit -Name "CHAUFFEUR" -Path "DC=chromatic,DC=moe" -ProtectedFromAccidentalDeletion $true
|
||||
|
||||
# Group Creation
|
||||
New-ADGroup -Name "G_COMPTABLE" -Path "OU=COMPTABLE,DC=chromatic,DC=moe" -GroupScope Global -GroupCategory Security
|
||||
New-ADGroup -Name "G_STAGIAIRE" -Path "OU=STAGIAIRE,DC=chromatic,DC=moe" -GroupScope Global -GroupCategory Security
|
||||
New-ADGroup -Name "G_ADMINISTRATION" -Path "OU=ADMINISTRATION,DC=chromatic,DC=moe" -GroupScope Global -GroupCategory Security
|
||||
New-ADGroup -Name "G_CHAUFFEUR" -Path "OU=CHAUFFEUR,DC=chromatic,DC=moe" -GroupScope Global -GroupCategory Security
|
||||
|
||||
# User Creation
|
||||
New-ADUser -Name "Emerald" -Description "Administrateur reseau" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "Stagiaire1" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "Comptable1" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "Chauffeur1" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
|
||||
# Adding Users to Groups
|
||||
Add-ADGroupMember -Identity "G_ADMINISTRATION" -Members "Emerald"
|
||||
Add-ADGroupMember -Identity "G_STAGIAIRE" -Members "Stagiaire1"
|
||||
Add-ADGroupMember -Identity "G_COMPTABLE" -Members "Comptable1"
|
||||
Add-ADGroupMember -Identity "G_CHAUFFEUR" -Members "Chauffeur1"
|
||||
32
README.md
Normal file
32
README.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# TP Active Directory & Audit — EntrepriseXYZ
|
||||
|
||||
Ce dépôt contient des scripts PowerShell pour répondre aux exercices suivants :
|
||||
1. audit_system — collecte d'informations système
|
||||
2. ad_admin — création d'OU, utilisateurs, groupes et partages avec permissions NTFS
|
||||
|
||||
## Prérequis
|
||||
- Exécuter les scripts en tant qu'administrateur (PowerShell élevé).
|
||||
- Pour `ad_admin.ps1` : exécuter sur un contrôleur de domaine ou sur une machine avec les outils RSAT/ActiveDirectory et connectée au domaine `entreprisexyz.local`.
|
||||
- Module ActiveDirectory installé (Import-Module ActiveDirectory).
|
||||
- Politique d'exécution adaptée (ex. `Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted`).
|
||||
|
||||
## Emplacement des scripts
|
||||
- scripts/audit_system.ps1
|
||||
- scripts/ad_admin.ps1
|
||||
|
||||
## Utilisation
|
||||
Ouvrir PowerShell en mode administrateur, se placer dans le dossier du projet puis lancer :
|
||||
|
||||
- Générer le rapport système :
|
||||
.\scripts\audit_system.ps1
|
||||
- Sortie : `scripts/exports/system_info.txt`
|
||||
|
||||
- Organiser Active Directory et créer partages :
|
||||
.\scripts\ad_admin.ps1
|
||||
- Actions réalisées :
|
||||
- Création des OU : Direction, RH, Informatique
|
||||
- Création des groupes : GRP_Direction, GRP_RH, GRP_Informatique
|
||||
- Création des utilisateurs (par défaut) et assignation aux groupes
|
||||
- Création de dossiers partagés sous `C:\Shares\<OU>` et application des permissions NTFS
|
||||
- Le script affiche en console les comptes créés et les mots de passe générés pour les nouveaux utilisateurs.
|
||||
|
||||
BIN
export/ad_admin.png
Normal file
BIN
export/ad_admin.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 222 KiB |
BIN
export/audit_system.png
Normal file
BIN
export/audit_system.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 170 KiB |
8
export/system_info.txt
Normal file
8
export/system_info.txt
Normal file
@@ -0,0 +1,8 @@
|
||||
===== RAPPORT SYSTEME =====
|
||||
Machine : SRV-DC1
|
||||
Utilisateur : Administrator
|
||||
OS : Microsoft Windows Server 2025 Datacenter
|
||||
Processeur : AMD Ryzen 7 PRO 7840U w/ Radeon 780M Graphics , AMD Ryzen 7 PRO 7840U w/ Radeon 780M Graphics , AMD Ryzen 7 PRO 7840U w/ Radeon 780M Graphics , AMD Ryzen 7 PRO 7840U w/ Radeon 780M Graphics
|
||||
RAM (Go) : 5.98
|
||||
Date : 23/10/2025 02:41
|
||||
===========================
|
||||
56
scripts/ad_admin.ps1
Normal file
56
scripts/ad_admin.ps1
Normal file
@@ -0,0 +1,56 @@
|
||||
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
||||
Write-Error "Exécutez ce script en tant qu'administrateur."
|
||||
exit 1
|
||||
}
|
||||
|
||||
function Get-RandomPassword {
|
||||
Add-Type -AssemblyName System.Web
|
||||
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
||||
}
|
||||
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
|
||||
# OU Creation
|
||||
$ou = @("Direction", "RH", "Informatique")
|
||||
foreach ($unit in $ou) {
|
||||
if (-not (Get-ADOrganizationalUnit -Filter "Name -eq '$unit'" -ErrorAction SilentlyContinue)) {
|
||||
New-ADOrganizationalUnit -Name $unit -Path "DC=entreprisexyz,DC=local" -ProtectedFromAccidentalDeletion $true
|
||||
}
|
||||
}
|
||||
|
||||
# Group Creation
|
||||
$groups = @("GRP_Direction", "GRP_RH", "GRP_Informatique")
|
||||
foreach ($group in $groups) {
|
||||
if (-not (Get-ADGroup -Filter "Name -eq '$group'" -ErrorAction SilentlyContinue)) {
|
||||
New-ADGroup -Name $group -Path "OU=$($group.Split('_')[1]),DC=entreprisexyz,DC=local" -GroupScope Global -GroupCategory Security
|
||||
}
|
||||
}
|
||||
|
||||
# User Creation
|
||||
New-ADUser -Name "Patrick Laddict" -Description "Dicrection" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "Karen Ceplein" -Description "Directrice RH" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "John Informatique" -Description "Administrateur reseau" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
|
||||
# Adding Users to Groups
|
||||
Add-ADGroupMember -Identity "GRP_Direction" -Members "Patrick Laddict"
|
||||
Add-ADGroupMember -Identity "GRP_RH" -Members "Karen Ceplein"
|
||||
Add-ADGroupMember -Identity "GRP_Informatique" -Members "John Informatique"
|
||||
|
||||
# Shares and Permissions
|
||||
$shares = @(
|
||||
@{ Name = "Direction"; Group = "GRP_Direction" },
|
||||
@{ Name = "RH"; Group = "GRP_RH" },
|
||||
@{ Name = "Informatique"; Group = "GRP_Informatique" }
|
||||
)
|
||||
$shareRoot = 'C:\Shares'
|
||||
|
||||
foreach ($share in $shares) {
|
||||
$sharePath = Join-Path -Path $shareRoot -ChildPath $share.Name
|
||||
New-Item -Path $sharePath -ItemType Directory -Force | Out-Null
|
||||
New-SmbShare -Name $share.Name -Path $sharePath -FullAccess "$($share.Group)" -ChangeAccess "Administrators" -ErrorAction Stop
|
||||
|
||||
$acl = Get-Acl -Path $sharePath
|
||||
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$($share.Group)", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
|
||||
$acl.SetAccessRule($accessRule)
|
||||
Set-Acl -Path $sharePath -AclObject $acl
|
||||
}
|
||||
55
scripts/ad_config.ps1
Normal file
55
scripts/ad_config.ps1
Normal file
@@ -0,0 +1,55 @@
|
||||
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
||||
Write-Error "Exécutez ce script en tant qu'administrateur."
|
||||
exit 1
|
||||
}
|
||||
|
||||
function Get-RandomPassword {
|
||||
Add-Type -AssemblyName System.Web
|
||||
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
||||
}
|
||||
|
||||
$DomainName = 'entreprisexyz.local'
|
||||
$InstallDns = $true
|
||||
$Force = $false
|
||||
$DRSMPassword = $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force)
|
||||
$NtdsService = Get-Service -Name ntds -ErrorAction SilentlyContinue
|
||||
|
||||
if ($NtdsService) {
|
||||
Write-Host "Ce serveur semble déjà être un contrôleur de domaine (service NTDS présent). Rien à faire." -ForegroundColor Yellow
|
||||
exit 0
|
||||
}
|
||||
|
||||
$features = @('AD-Domain-Services')
|
||||
if ($InstallDns) { $features += 'DNS' }
|
||||
|
||||
Write-Host "Installation des rôles : $($features -join ', ')"
|
||||
Install-WindowsFeature -Name $features -IncludeManagementTools -ErrorAction Stop | Out-Null
|
||||
Write-Host "Rôles installés." -ForegroundColor Green
|
||||
|
||||
Import-Module ADDSDeployment -ErrorAction Stop
|
||||
|
||||
$installParams = @{
|
||||
CreateDnsDelegation = $false
|
||||
DatabasePath = "C:\Windows\NTDS"
|
||||
DomainMode = "Win2025"
|
||||
ForestMode = "Win2025"
|
||||
LogPath = "C:\Windows\NTDS"
|
||||
NoRebootOnCompletion = $true
|
||||
SysvolPath = "C:\Windows\SYSVOL"
|
||||
Force = $Force.IsPresent
|
||||
SafeModeAdministratorPassword = $DRSMPassword
|
||||
DomainName = $DomainName
|
||||
InstallDns = $InstallDns.IsPresent
|
||||
}
|
||||
|
||||
try {
|
||||
Write-Host "Promotion en contrôleur de domaine pour le domaine '$DomainName'..."
|
||||
Install-ADDSForest @installParams -ErrorAction Stop
|
||||
|
||||
Write-Host "Promotion terminée. Le serveur va redémarrer pour finaliser l'installation." -ForegroundColor Green
|
||||
Restart-Computer -Force
|
||||
}
|
||||
catch {
|
||||
Write-Warning "Échec de l'opération : $_"
|
||||
exit 1
|
||||
}
|
||||
33
scripts/audit_system.ps1
Normal file
33
scripts/audit_system.ps1
Normal file
@@ -0,0 +1,33 @@
|
||||
# audit_system.ps1
|
||||
|
||||
$Date = Get-Date -Format 'dd/MM/yyyy HH:mm'
|
||||
$ComputerName = $env:COMPUTERNAME
|
||||
$User = $env:USERNAME
|
||||
$OS = (Get-CimInstance -ClassName Win32_OperatingSystem).Caption
|
||||
$CPU = (Get-CimInstance -ClassName Win32_Processor | Select-Object -ExpandProperty Name) -join ', '
|
||||
$RAM = (Get-CimInstance -ClassName Win32_ComputerSystem).TotalPhysicalMemory / 1GB
|
||||
|
||||
# Determine script directory (works when run from console or as a script)
|
||||
$ScriptDir = if ($PSScriptRoot) { $PSScriptRoot } else { (Get-Location).ProviderPath }
|
||||
$ExportDir = Join-Path $ScriptDir 'exports'
|
||||
New-Item -Path $ExportDir -ItemType Directory -Force | Out-Null
|
||||
$FilePath = Join-Path $ExportDir 'system_info.txt'
|
||||
|
||||
$Rapport = @"
|
||||
===== RAPPORT SYSTEME =====
|
||||
Machine : $ComputerName
|
||||
Utilisateur : $User
|
||||
OS : $OS
|
||||
Processeur : $CPU
|
||||
RAM (Go) : $([math]::Round($RAM,2))
|
||||
Date : $Date
|
||||
===========================
|
||||
"@
|
||||
|
||||
Try {
|
||||
$Rapport | Out-File -FilePath $FilePath -Encoding UTF8 -Force
|
||||
Write-Host "Rapport généré dans $FilePath" -ForegroundColor Green
|
||||
} Catch {
|
||||
Write-Host "Erreur lors de la génération du rapport: $($_.Exception.Message)" -ForegroundColor Red
|
||||
exit 1
|
||||
}
|
||||
Reference in New Issue
Block a user