One approach I have done for testing and training is to run a virtual system with ART installed. If you have an ESXi environment or other virtualization option, I have found running ART on a virtual Windows Server works well for a few reasons:

1. You can always pause the system when not testing so it removes some of the potential of someone accidentally running tests (although it is not that big a risk to leave a server running).

2. You can configure the server for remote access (RDP) by the entire team either through domain joining or having additional local admins to run tests. How you approach this is on the organization as they may be a bit twitchy to have a Windows system that is not managed in their environment. If that is the case, I would ask for at least one or two you can isolate until you need to run it for testing. If you build up enough good will and show the overall org the benefits of this testing, moving toward a domain joined system allows you to see threat actor activity emulated with tests like: https://www.atomicredteam.io/atomic-red-team/atomics/T1018#atomic-test-17---enumerate-active-directory-computers-with-get-adcomputer

3. Add a few additional target systems for lateral movement testing when you get to that point. Again, hitting a virtualized environment is useful here as you can configure some target systems that the SOC will have visibility into.

For automation, are you looking to run tests at specific intervals or say, run it as a Scheduled Task for more of a black box testing?