diff --git a/Azure/Ansible/roles/dc/tasks/main.yml b/Azure/Ansible/roles/dc/tasks/main.yml
index c4f8baaec..4feb68bf0 100644
--- a/Azure/Ansible/roles/dc/tasks/main.yml
+++ b/Azure/Ansible/roles/dc/tasks/main.yml
@@ -156,6 +156,21 @@
- debug: msg="{{ rdp_gpo.stdout_lines }}"
when: rdp_gpo.stdout_lines is defined
+- name: Configure Taskbar Layout GPO
+ win_shell: .\\configure-taskbar-layout-gpo.ps1
+ args:
+ chdir: 'c:\vagrant\scripts'
+ register: taskbar_gpo
+ vars:
+ ansible_become: yes
+ ansible_become_method: runas
+ ansible_become_user: windomain.local\vagrant
+ ansible_become_password: vagrant
+ ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+ failed_when: "'Exception' in taskbar_gpo.stderr"
+
+- debug: msg="{{ taskbar_gpo.stdout_lines }}"
+
- name: Configure DC with raw Commands
win_shell: "{{ item }}"
with_items:
diff --git a/ESXi/ansible/roles/dc/tasks/main.yml b/ESXi/ansible/roles/dc/tasks/main.yml
index 379d3414f..1578cc565 100644
--- a/ESXi/ansible/roles/dc/tasks/main.yml
+++ b/ESXi/ansible/roles/dc/tasks/main.yml
@@ -139,6 +139,21 @@
- debug: msg="{{ rdp_gpo.stdout_lines }}"
+- name: Configure Taskbar Layout GPO
+ win_shell: .\\configure-taskbar-layout-gpo.ps1
+ args:
+ chdir: 'c:\vagrant\scripts'
+ register: taskbar_gpo
+ vars:
+ ansible_become: yes
+ ansible_become_method: runas
+ ansible_become_user: windomain.local\vagrant
+ ansible_become_password: vagrant
+ ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
+ failed_when: "'Exception' in taskbar_gpo.stderr"
+
+- debug: msg="{{ taskbar_gpo.stdout_lines }}"
+
- name: Configure DC with raw Commands
win_shell: "{{ item }}"
with_items:
diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile
index 2bfe97330..d7d646b07 100644
--- a/Vagrant/Vagrantfile
+++ b/Vagrant/Vagrantfile
@@ -75,6 +75,7 @@ Vagrant.configure("2") do |config|
cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false
+ cfg.vm.provision "shell", path: "scripts/configure-taskbar-layout-gpo.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/Backup.xml b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/Backup.xml
similarity index 56%
rename from Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/Backup.xml
rename to Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/Backup.xml
index b376e3d03..c3e5a477a 100644
--- a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/Backup.xml
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/Backup.xml
@@ -1,9 +1,9 @@
- 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 8b 9d fe a6 56 fa 03 32 ec ac 2c 5e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00
+ 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00
-
+
-
+
@@ -14,5 +14,5 @@
-
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
new file mode 100644
index 000000000..a7d18321d
--- /dev/null
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
@@ -0,0 +1,3 @@
+
+
+
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/comment.cmtx b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/comment.cmtx
similarity index 100%
rename from Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/comment.cmtx
rename to Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/comment.cmtx
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/registry.pol b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/registry.pol
similarity index 100%
rename from Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/registry.pol
rename to Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/DomainSysvol/GPO/Machine/registry.pol
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/bkupInfo.xml b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/bkupInfo.xml
new file mode 100644
index 000000000..bf2eefa03
--- /dev/null
+++ b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/bkupInfo.xml
@@ -0,0 +1 @@
+
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/gpreport.xml b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/gpreport.xml
similarity index 93%
rename from Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/gpreport.xml
rename to Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/gpreport.xml
index 86dd38461..c8cebf5ab 100644
Binary files a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/gpreport.xml and b/Vagrant/resources/GPO/disable_windows_defender/{01E4A146-C220-48E2-A0F5-9AAF790529F6}/gpreport.xml differ
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml b/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
deleted file mode 100644
index 2f2034cd8..000000000
--- a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-
-
-
diff --git a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/bkupInfo.xml b/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/bkupInfo.xml
deleted file mode 100644
index 6d0643d04..000000000
--- a/Vagrant/resources/GPO/disable_windows_defender/{F2150233-4B8F-4347-8D70-23D3984D9B78}/bkupInfo.xml
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/Vagrant/resources/GPO/taskbar_layout/DetectionLabLayout.xml b/Vagrant/resources/GPO/taskbar_layout/DetectionLabLayout.xml
new file mode 100644
index 000000000..4a5f65ec8
--- /dev/null
+++ b/Vagrant/resources/GPO/taskbar_layout/DetectionLabLayout.xml
@@ -0,0 +1,26 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/Backup.xml b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/Backup.xml
new file mode 100644
index 000000000..3a2e1c546
--- /dev/null
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/Backup.xml
@@ -0,0 +1,18 @@
+
+ 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ec 23 e8 88 9d 18 46 77 a2 27 49 24 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/comment.cmtx b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 000000000..2109e4f95
--- /dev/null
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/registry.pol b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 000000000..bff686dff
Binary files /dev/null and b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/comment.cmtx b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/comment.cmtx
new file mode 100644
index 000000000..2109e4f95
--- /dev/null
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/registry.pol b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/registry.pol
new file mode 100644
index 000000000..75e2a096d
Binary files /dev/null and b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/DomainSysvol/GPO/User/registry.pol differ
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/bkupInfo.xml b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/bkupInfo.xml
new file mode 100644
index 000000000..975e6e4a8
--- /dev/null
+++ b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/bkupInfo.xml
@@ -0,0 +1 @@
+
diff --git a/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/gpreport.xml b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/gpreport.xml
new file mode 100644
index 000000000..bde576be9
Binary files /dev/null and b/Vagrant/resources/GPO/taskbar_layout/{A21B957F-20E2-491B-A8E7-3BF3AC38E3BE}/gpreport.xml differ
diff --git a/Vagrant/scripts/configure-taskbar-layout-gpo.ps1 b/Vagrant/scripts/configure-taskbar-layout-gpo.ps1
new file mode 100644
index 000000000..88436b0c0
--- /dev/null
+++ b/Vagrant/scripts/configure-taskbar-layout-gpo.ps1
@@ -0,0 +1,37 @@
+# Purpose: Install the GPO that disables Windows Defender and AMSI
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to set the Taskbar layout..."
+Import-GPO -BackupGpoName 'Taskbar Layout' -Path "c:\vagrant\resources\GPO\taskbar_layout" -TargetName 'Taskbar Layout' -CreateIfNeeded
+
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying layout file to SYSVOL..."
+Copy-Item "c:\vagrant\resources\GPO\taskbar_layout\DetectionLabLayout.xml" "c:\Windows\SYSVOL\domain\scripts\DetectionLabLayout.xml"
+
+$OU = "ou=Domain Controllers,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+ New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+
+$OU = "ou=Workstations,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+ New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+
+$OU = "ou=Servers,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name, distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Taskbar Layout'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) {
+ New-GPLink -Name 'Taskbar Layout' -Target $OU -Enforced yes
+} Else {
+ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Taskbar Layout GPO was already linked at $OU. Moving On."
+}
+gpupdate /force
diff --git a/Vagrant/scripts/install-sysinternals.ps1 b/Vagrant/scripts/install-sysinternals.ps1
index a3f0e8786..3caa0358a 100755
--- a/Vagrant/scripts/install-sysinternals.ps1
+++ b/Vagrant/scripts/install-sysinternals.ps1
@@ -25,7 +25,9 @@ $procexpPath = "C:\Tools\Sysinternals\procexp64.exe"
$sysmonPath = "C:\Tools\Sysinternals\Sysmon64.exe"
$tcpviewPath = "C:\Tools\Sysinternals\Tcpview.exe"
$sysmonConfigPath = "$sysmonDir\sysmonConfig.xml"
+$shortcutLocation = "$ENV:ALLUSERSPROFILE\Microsoft\Windows\Start Menu\Programs\"
+$WScriptShell = New-Object -ComObject WScript.Shell
# Microsoft likes TLSv1.2 as well
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -36,6 +38,9 @@ Try {
Write-Host "HTTPS connection failed. Switching to HTTP :("
(New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Autoruns64.exe', $autorunsPath)
}
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Autoruns.lnk")
+$Shortcut.TargetPath = $autorunsPath
+$Shortcut.Save()
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Procmon.exe..."
Try {
@@ -44,6 +49,9 @@ Try {
Write-Host "HTTPS connection failed. Switching to HTTP :("
(New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Procmon.exe', $procmonPath)
}
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Process Monitor.lnk")
+$Shortcut.TargetPath = $procmonPath
+$Shortcut.Save()
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading PsExec64.exe..."
Try {
@@ -60,6 +68,9 @@ Try {
Write-Host "HTTPS connection failed. Switching to HTTP :("
(New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/procexp64.exe', $procexpPath)
}
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Process Explorer.lnk")
+$Shortcut.TargetPath = $procexpPath
+$Shortcut.Save()
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Sysmon64.exe..."
Try {
@@ -68,6 +79,7 @@ Try {
Write-Host "HTTPS connection failed. Switching to HTTP :("
(New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Sysmon64.exe', $sysmonPath)
}
+Copy-Item $sysmonPath $sysmonDir
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Tcpview.exe..."
Try {
@@ -76,7 +88,12 @@ Try {
Write-Host "HTTPS connection failed. Switching to HTTP :("
(New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Tcpview.exe', $tcpviewPath)
}
-Copy-Item $sysmonPath $sysmonDir
+$Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Tcpview.lnk")
+$Shortcut.TargetPath = $tcpviewPath
+$Shortcut.Save()
+
+# Restart Explorer so the taskbar shortcuts show up
+Stop-Process -ProcessName explorer -Force
# Download Olaf Hartongs Sysmon config
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Olaf Hartong's Sysmon config..."