Lab00 Routing and Windows - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Important Information and Resources:

Lab00 - Routing and Windows Lab Doc

SYS-265: Infrastructure Notes

Reminder: Every VM has capacity for only one (1) snapshot, which you create so utilize them wisely (convenience vs. risk)

image

Goal: build a realistic server environment consisting of a routed network (LAN and WAN) as well as introduce Server 2019 Desktop and Core and the systems required to manage them.

Configure Virtual Network Settings for fw01

  • add a new network adapter and set it to the LAN
  • WAN MAC address: 00:50:56:a1:14:2f
  • LAN MAC address: 00:50:56:a1:08:52

image

Configure fw01 OS

Link to Lab01-Enviornment Setup Setup from SYS-255

  • WAN(em0) MAC address: 00:50:56:a1:14:2f
  • LAN(em1) MAC address: 00:50:56:a1:08:52
  • We are not using VLANs
  • VMX0/em0 and VMX1/em1 are WAN and LAN respectively
  • Your WAN interface will be set to your assigned IP, while the LAN IP will be set to 10.0.5.2/24
  • Your WAN upstream gateway address is 10.0.17.2
  • We are not using IPv6 on WAN nor LAN
  • We are not using the firewall for DHCP on the LAN

Select Option 1 to assign interfaces

image

image

Select Option 2 to Assign interface IP addresses

WAN

image

LAN

image

Complete Assignments

image

We are going to finish configuration in the workstation

Configure Virtual Network Settings for wks01

Switch Network adapter to LAN

image

Configure wks01 OS

image

Go through the normal configuration steps:

  • During 1st boot, the setup asks to “Connect Now to Save Time Later” > Select No
  • Username: yourname (you may need to add a new local administrative user)
  • Adjust your privacy settings by turning everything off when prompted
  • Give wks01 a static IP address of 10.0.5.100, netmask of 255.255.255.0 and a gateway and DNS of 10.0.5.2 (your fw01 LAN interface).
  • Give your system a hostname of wks01-yourname.

Rename the PC

  • settings
  • View PC name
  • Rename your PC

image

image

image

image

Make a local admin user

Link to instructions

open lusrmgr.msc

image

create new local admin "hannelore-loc"

  • users
  • new user

image

Add your user to the local administrator's group

  • click on user
  • member of
  • add
  • WKS01-HANNELORE\ADMINISTATORS
  • Log out and back in w/ new local admin!

image

image

image

Configure wks01-hannelore static IP address

  • Ethernet
  • change adapter options
  • Ethernet 0
  • Properties
  • IPv4

image

Configure PfSense via wks01-hannelore browser

  • go to browser
  • type in https://10.0.5.2 to get the pfsense page
  • sign in as admin (pw: pfsense)

image

  • change the default password in users

image

  • go to system --> general setup

image

image

AD01 - Server Core

Link to instruction help

  • Set network adapter to LAN

image

Change the Password on the ad01

Configure the Network settings

  • sconfig
  • press 2 for computer name
  • press 8 for network settings
  • IP: 10.0.5.5
  • Netmask: 255.255.255.0
  • Gateway: 10.0.5.2
  • Preferred DNS: 10.0.5.2
  • Computer Name: ad01-yourname
  • Manual Windows Update

image

image

image

Installing AD on Server Core

In previous courses, you have relied on the GUI to install AD. This time, we will use powershell.

Go to powershell from cmd

image

Install-WindowsFeature AD-Domain-Services -InlcudeMangementTools

image

Install Forest

  • Install-ADDSForest -DomainName hannelore.local
  • PW: 4Hannelore

image

image

After the reboot

image

Notes for later:

  • I attempted to make a named Domain Controller on the ad01-hannelore but I think the account below is just a local account. The reason I needed a Admin domain controller was to be able to join the domain on the mgmt01-hanne box below. I will need to make a named Domain controller once I have users and computers installed tho. (or eastman will attack me).

image

Configure mgmt01

The job of mgmt01 will be to remotely manage any server core systems.

  • Set network adpater to LAN

image

Configure the Network settings

  • Using sconfig from command prompt, make updates manual
  • MGMT01 should have the IP address of 10.0.5.10
  • gateway of 10.0.5.2
  • DNS should be set to the IP of ad01(10.0.5.5)
  • Hostname should be mgmt01-hanne
  • Join it to hannelore.local

TROUBLESHOOTING: When I was trying to set the network adpater configurations, I would input the index number 1 but be met with the error in the image below.

image

To mitigate this, I configured the network adapter settings through the network adapter settings in the windows GUI itself.

image

Joining the domain

image

To join the domain, I used the named Domain Controller on the ad01-hannelore. Once I install features, I will make the domain controller named so its not just administrator.

Install Features on mgmt01-hanne

link to do that here

  • control panel
  • programs
  • Turn windows features on or off

image

  • server manager
  • manage
  • add roles and features

image

go through select features process

image

Using Server Manager on mgmt01, add ad01 to the list of managed servers

Link to do that here

  • add server

image

image

image

TROUBLESHOOTING: When I tried to add the server it kept saying "Kerberos authentication error". When I tried accessing the Active directory users and computers, I got an message saying that I wasn't a domain admin. I figured out that this was the reason I was getting the Kerberos error. Since I was not able to access the users and computers to see if I had any admin accounts, I went to the search bar and left clicked on Users and computers, and chose "sign in with different user" and used my Administrator account. Then I was able to make hannelore part of the administrators and it worked fine.

Domain Users

Create named users

Using Active Directory Users and Computers, create the following named users:

  • `han.san(normal user)
  • han.san-adm (named domain admin)
  • Add your -adm account to the Domain Admins group

local user - han.san

image

domain admin - han.san-adm`

pw:EastManFeet26!

image

add domain admin to admin group

image

DNS Records

Connect to ad01-hannelore not mgmt01-hanne

image

Create reverse lookup zone for 10.0.5.0 network ID

image

image

Create look up zones for fw01-hannelore

image

Create look up zones for wks01-hannelore

image

Forward Lookup zones

image

Reverse Lookup zones

image

Join wks01-hannelore to the domain

*adapter settings

**change preferred DNS server to 10.0.5.5

image

  • control panel
  • System and Security
  • System
  • change settings

image

image

Joined with the user han.san-adm and password: EastManFeet26!

I logged into the work station with `[email protected] and it worked!

Deliverable 1: Invoke powershell on mgmt01 and query the active

directory for your three Windows computers: Get-ADComputer -Filter *

image

Deliverable 2: Enumerate your two named Domain Users (adjust filter

for your name) Get-ADUser -filter 'Name -like "hannelore"' -Properties MemberOf

image

Deliverable 3: Print your DNS Server address and DNS A Records

  • Get-DnsClientServerAddress
  • `Get-DnsServerResourceRecord -ZoneName hannelore.local -ComputerName ad01-hannelore -RRType A

image

Deliverable 4: Check the first 3 hops of your route.

Your network route should go through fw01's LAN interface(10.0.5.2) to the WAN default gateway 10.0.17.2 and then out through the CYBER.LOCAL default gateway on the 192.168.4.0/24 Network. You can use the powershell or the traditional tracert method. Provide a screenshot.

image

Deliverable 5: Deliverable 3 asked for A records. Figure out how to

enumerate all the PTR records. Provide the command and output ptr records. Here's what the output should look like:

image