If you removed "Default Web Site" prior to setup SharePoint farm, then "SharePoint Web Services" will have an ID = 1.
When you try to provision first Web App, "SharePoint Web Services" site stopped and you're end up with AccessDenied exception because of STS is not available.
Please remove condition of trying to get Default Web Site by ID = 1:
change line
* $defaultWebsite = Get-Website | Where-Object {$_.Name -eq "Default Web Site" -or $_.ID -eq 1 -or $_.physicalPath -eq "%SystemDrive%\inetpub\wwwroot"}
to
* $defaultWebsite = Get-Website | Where-Object {$_.Name -eq "Default Web Site" -or $_.physicalPath -eq "%SystemDrive%\inetpub\wwwroot"}
When you try to provision first Web App, "SharePoint Web Services" site stopped and you're end up with AccessDenied exception because of STS is not available.
Please remove condition of trying to get Default Web Site by ID = 1:
change line
* $defaultWebsite = Get-Website | Where-Object {$_.Name -eq "Default Web Site" -or $_.ID -eq 1 -or $_.physicalPath -eq "%SystemDrive%\inetpub\wwwroot"}
to
* $defaultWebsite = Get-Website | Where-Object {$_.Name -eq "Default Web Site" -or $_.physicalPath -eq "%SystemDrive%\inetpub\wwwroot"}