Assessment preparation: 2 19 24 - ConnorEast/Tech-Journal GitHub Wiki

Pre device checks:

• on ad01, Confirm that the network adapter is set to SYS-255-01-LAN.
• on DHCP01, Confirm that the network adapter is set to SYS-255-01-LAN.
• On FW01, confirm network adapter 1 is set to SYS-255-01-WAN.Create a second network adapter on this device that is set up for SYS-255-01-LAN.
• On wks01, Confirm that the network adapter is set to SYS-255-01-LAN.

Setting up the firewall:

Startup FW01 in a remote box and assign the LAN to em1 and the Wan to EM2. To do this follow the steps below.

1. Type 1 and hit enter to go to the assign interfaces page.
2. type n for VLANS set up. When it says enter Wan Interface name type em0 and hit enter.
3. When it says Enter the LAN interface name type em1 and hit enter.
4. When it asks to confirm type y and hit enter.
   Next we are going to be setting up the interfaces IP address. To do this start by typing 2 and hitting enter (this should bring you to "Set interface(s) IP address).
5. To set up the Wan IP address type 1: then go through the setup process ignoring dhcp as well as ipv6. The only major thing to update would be the IPV4 address which in my case will be 10.0.17.106/24 2.To set up the LAN address select 2: then go through the setup process. Once you reach the IPV4 section select the number 10.0.5.2/24

Setting up the client.

Reopen your vSphere client, select wk01 and Boot it up. Given it is going to be reset you will have to use the Champuser account and its respective password.

Next go to your system properties settings and change your Devices name. I will choose wks01-connor to keep it consistent with previous labs.

Next create a admin account by going to lusrmgr.msc and follow the next steps.

1. Add a local users by right clicking on Users, select new local user and create an account called connor.adm-loc. Choose a password you can remember. and select password never expires. and select ok.
2. Right click on connor.adm-local and go to properties. From their go to "Members Of" and add the account to WKS01-CONNOR\Administrators. Hit ok.
3. Log out of your device and log back in under connor.adm-local

Once you have logged into your admin account you should go to https://10.0.5.2. This page should be the pfsense login page. login to the page using the username being Admin, and the password being pfsense.

• On the general information page append the following information

Hostname : fw1-connor

Domain : connor.local

primary DNS server : 8.8.8.8

• Continue through the next pages until you set your account password and then your firewall should generally be configured.

Before moving onto the next step confirm internet accessibility by using the Ping command on your terminal.

Setting up ADDS:

Step one is to go to the ethernet adapter settings and edit the IPV4 information to the following:

Ip Address: 10.0.5.5
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.5.2
Preferred DNS server: 10.0.5.2

Once that has been complete hit "ok" Next your going to want to change the name of the device. Do this by following the steps before:

1. Go to System, System Properties, Click the "Change" button and that should bring up a box. Insert the name ad01-connor into the section asking for your computer name. Select Workgroup and confirm the box has the word WORKGROUP in it. then press ok.
2. Reboot your device.

Once the device has been rebooted you should try pinging google.com to confirm your connection. If this has worked, then next you should open the Windows server manager.

Setting up ADDS through Server Manager:

In the top right-hand corner of the Windows Server manager, you should see "manage". Click manage and locate the "add roles and features" button. Once it has been located you should press it. This should lead you to the "Add Roles and Features Wizard". Inside the wizard you should click through until you locate Active Directory domain services under the Roles section. Click the radio box next to it and install it. Click next until you have gotten to the conformation page. Once on the confirmation page you should check the radio next to “Restart the destination server automatically if required” then press yes and install.

Creating a Domain Forest

In Windows server manager click on the flag located in the top right of the window. You should see an error asking to promote your server to a domain controller. Click said error/button. Now a new tab should have appeared called "deployment configuration" on this page click the radio box next to “add a new forest” and give it the root domain name of connor.local.
Now you should likely be asked to add a new password. Choose a password and continue to the installation page.

DNS Management and PTR Records.

Follow the following steps to set up a PTR record:

Open up your DNS manager. Right click on AD01-Connor and access properties. Now you can check your forwarders. Return to your DNS manager and right click on "connor.local". In the drop-down tab select "New Host (A, or AAA)".

Where it asks for information type in the devices name and IP address section type in the device you wish to add. Before clicking new host check the radio box next to "Create associated pointer (PTR) record". Do this for both your windows firewall and windows device.

Follow the following steps to setup a reverse address record:

Go to the "Reverse lookup zones" and right click. Select "New Zones..." This should led you to the "new zone wizard" tab. On the new tab click next until you get to the reverse lookup zone name screen. On this page set the network ID to "10.0.5" and hit next.

Next go to the reverse lookup zones section of the DNS manager and choose 5.0.10. in the 5.0.10 folder create a new pointer for your AD and firewall.

User creation :

Go back to the server manager tab. Click on "AD DS", right click on "AD01-connor" and select "Active directory users and computers from the subsequent drop down menu. On the subsequent page that pops up locate the "Users" section and right click on "users", in the drop down menu you should be able to locate and click on "new user". In the new tab you can insert the information for an account. In this case the account I will be creating is

Firstname : Connor
LastName : East
FullName : Connor East
User-Logon-Name : connor.east-adm
Once all of the corresponding information has been inputted, select ok. Next go to the accounts section and right click on the user you created. under the properties of your users where you will add your account to the administrators group.

Joining Windows to AD.

Change your domain by going to system properties\computername then click the button labeled "To rename this computer or change its domain or workgroup, click Change.”. On the new tab where it says member of, type in your domain. For reference mine will be Connor. Now return to active directory "users and computers" under connor.local\Computers you should see your device "WKS01-Connor".

Testing AD.

Don't continue until you have attempted to ping connor.local, If it doesn't work recheck the steps prior to confirm you have completed all of the necessary steps. See the linked document for images of the setup

Setting up DHCP

boot up the Cent0s Linux 7 Server labeled as dhcp01. You should be able to log in using the root user account. To do the basic setup follow the steps below.

Use the "nmtui" command. This command should bring up the user friendly network manager.
Go to "Edit a Connection" and hit enter
On the edit connnections page you are going to want to input the information neccessary for your server. You can navigate using the tab button.

Once the proper information has been uploaded return to the start page and click "Set Hostname".
In the field that apears type in dhcp01-(YOUR_FIRST_NAME). I will be using dhcp01-connor. Hit ok and then hit exit.

Once you have returned to the terminal you are going to want to use the command "systemctl restart network", from there use the "exit" command and relog in. Once you have logged back in, confirm your IP has been set by using the "ifconfig" command. The IP can be located next to the word "inet". Just to make things simpler for myself I'm going to create a administrative user by using the following commands

"useradd connor"
"passwd connor"
"usermod -aG wheel connor"

Now you should use the exit command and relog in as your user, in this case being connor. On the new account you should ping your domain and firewall. In my case that would be "connor.local" and my firewall at "fw01-connor.connor.local".

Now that that has been completed you should add a pointer to 10.0.5.3/24 and then attempt to ping your dhcp server from your AD.

DHCP Server Configuration

On your dhcp server do "sudo - i" to become the root user. Then do "sudo yum install dhcp". Use the "clear" command and then use the "vi /etc/dhcp/dhcp.conf" command. In this window, type out the following information.

subnet 10.0.5.0 netmask 255.255.255.0 {
option routers 10.0.5.2;
option subnet-mask 255.255.255.0; option domain-name "connor.local"; option domain-name-servers 10.0.5.5; range 10.0.5.100 10.0.5.150; default-lease-time 3600;
max-lease-time 14400;}

Once you have completed the text above, save the document and run the following command "systemctl restart dhcpd". Once dhcpd had restarted you should check its status by using the "systemctl status dhcpd" command. If it says "active" in green text then you are all set. Next we will use the "systemctl enable dhcpd" This will turn on dhcp automatically when our system is up.
Next we need to use the command "firewall-cmd -add-service=dhcp --permanent". Once that firewall rule has been run we will need to reload our firewall which we can do with the following command "firewall-cmd --reload".

DHCP windows configuration

On your windows server we are going to remove the static address placed on it. Do this by going to your Ethernet properties, and editing the IPv4 settings. Next choose the radio button next to "optain an IP address automatically", and "optain DNS server address automatically".
Next open your terminal and use the command "ipconfig /all" This will confirm if our DHCP connection is working. now return to your dhcp server and use the command "sudo cat /var/log/messages | grep wks01-connor". If you get information sent back to you then you have successfully attached your DHCP server to your system.