Milestone 2.1 AD - InaFricke/SEC-480 GitHub Wiki
Milestone 2.1 - AD
Note: Milestone 1 should be completed, we are going to augment our architecture further by deploying Windows Domain Controller, sysprepping & imaging, and then configuring AD services from powershell.
Windows Server
- check that win server's ISO is on datastore2
Create a new virtual machine >
Name: 480-AD, ESXI8.0 > Windows > MS 2019 (64 bit) >
Datastore2 >
2cpu > 4gb RAM, > 90gb HDD, Network adapter on VMNet for now > SELECT THIN PROVISION
Don’t enable Windows based virtualization security
- Select the CDROM to boot
- Start install
-
Select custom install
-
Run through defaults, Don’t set the admin password yet On the screen where you are prompted to set an admin password, use CTRL+SHIFT+F3 to enter audit mode
-
Do NOT touch the small open dialogue (‘system preparation tool) for now
- Open Powershell, enter ‘sconfig’
Select 5: Change to manual windows updates
Select 9: Change timezone to Eastern
Select 6: Search and Install updates - ALL (you will need an internet connection, or it will say ‘no applicable updates’)
- Restart
Install VM Tools
- 480-AD, Actions, GuesOS, VM
-
File explorer, DVD drive, Setup 64> Typical Setup type > Restart
-
On Internet Explorer, go to Sysprep script link: https://tinyurl.com/480sysprep
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
Set-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds" -Name ConsolePrompting -Value $true
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Write-Host "Create a deployer user: Enter Password"
$pw = Read-Host -AsSecureString (RoxiRules32)
New-LocalUser -Name deployer -Password $pw -AccountNeverExpires -PasswordNeverExpires:$true
Add-LocalGroupMember -Group Administrators -Member deployer
Write-Host "Pull down unattend.xml and then sysprep the box"
wget https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/windows/unattend.xml -Outfile C:\Unattend.xml
restart
C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\unattend.xml
Write-Host "Set Power to High Performance"
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
-
shut down and remove the CD/ISO from the VM in VM settings in ESXI
-
Remove the network adapter and add it again to get a 0000 MAC
- Powered off, take a baseline snapshot
AD Setup
Administrator: RoxiRules32
- Log on to set IP and hostname
- SSH from Xubuntu to dc1
- Check that you correctly changed the segment to 480-WAN set an ip of 10.0.17.4/24 and a hostname of dc1, and set DNS and Gateway pointing to vyos:10.0.17.2 initially
configurations:
-
Install
Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools -
add (yourname.local) and dns
Install-ADDSForest -DomainName "ina.local" -InstallDns
- Set the SafeAdmin Password and say yes
- Check DNS Installed
Get-WindowsFeature -Name DNS
- Add a reverse lookup zone for the PTR records
Add-DnsServerPrimaryZone -NetworkID "10.0.17.0/24" -ReplicationScope "Forest"
- A records
# vcenter at 10.0.17.3
Add-DnsServerResourceRecordA -Name "vcenter" -ZoneName "yourname.local" -IPv4Address "10.0.17.3"
# 480-fw at 10.0.17.2
Add-DnsServerResourceRecordA -Name "480-fw" -ZoneName "yourname.local" -IPv4Address "10.0.17.2"
# xubuntu-wan at 10.0.17.100
Add-DnsServerResourceRecordA -Name "xubuntu-wan" -ZoneName "yourname.local" -IPv4Address "10.0.17.100"
- Create PTR entries
# vcenter PTR
Add-DnsServerResourceRecordPtr -Name "3" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "vcenter.yourname.local"
# 480-fw PTR
Add-DnsServerResourceRecordPtr -Name "2" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "480-fw.yourname.local"
# xubuntu-wan PTR
Add-DnsServerResourceRecordPtr -Name "100" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "xubuntu-wan.yourname.local"
# dc1 PTR (A record already exists from AD installation)
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName "17.0.10.in-addr.arpa" -PtrDomainName "dc1.yourname.local"
Check it worked
# Verify all A records
Get-DnsServerResourceRecord -ZoneName "yourname.local" -RRType A
# Verify all PTR records
Get-DnsServerResourceRecord -ZoneName "17.0.10.in-addr.arpa" -RRType PTR
- enable remote desktop via powershell
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
- install dhcp services
this is a good reference
Install-WindowsFeature -name DHCP -IncludeManagementTools
- Authorize
Add-DhcpServerInDC -DnsName dc1.yourname.local -IPAddress 10.0.17.4
- create a dhcp scope from 10.0.17.101-150
Add-DhcpServerv4Scope -Name "480-WAN-Scope" -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active
- Router should be 10.0.17.2
Set-DhcpServerv4OptionValue -ScopeId 10.0.17.0 -Router 10.0.17.2
- dns server should be 10.0.17.4
Set-DhcpServerv4OptionValue -ScopeId 10.0.17.0 -DnsServer 10.0.17.4
- create a named domain admin (yourname-adm.yourlastname.local)
# Create the user account
New-ADUser -Name "ina-adm" -SamAccountName "ina-adm" -UserPrincipalName "[email protected]" -AccountPassword (ConvertTo-SecureString "RoxiRules32" -AsPlainText -Force) -Enabled $true
# Add the user to Domain Admins group
Add-ADGroupMember -Identity "Domain Admins" -Members "ina-adm"
Deliverables
1. Network Configuration - Shows IP 10.0.17.4/24, gateway 10.0.17.2, hostname dc1
Get-NetIPConfiguration
2. Active Directory Domain - Confirms ina.local domain is installed
Get-ADDomain
3. DNS Records - Displays all DNS records in ina.local zone
Get-DnsServerResourceRecord -ZoneName "ina.local"
4. DHCP Scope - Shows active scope 10.0.17.101-150 with options
Get-DhcpServerv4Scope
5. All AD Users - Shows all domain users including ina-adm
Get-ADUser -Filter *
For some reason, it didn't show in the video but it does exist.
6. Domain Admin Group - Verifies ina-adm is in Domain Admins
Get-ADPrincipalGroupMembership ina-adm