Main Lab

Today's lab involves setting up a file server virtual machine continuing to build from the environment we created through our assessment. I started by creating a snapshot of my unconfigured VM, and then cabled the ethernet. After this I started the computer and set the password for my fileserver using the password KWPWG501!. I then needed to configure my VM. To accomplish this I used the command sconfig, which gave me a configuration menu.

I then updated my hostname to FS01-isaiah, domain, IP, default gateway, DNS as seen below.

After a restart, I pressed escape to sign in as another user, and logged into my isaiah.river-adm account, and went back to sconfig to screenshot a deliverable for the lab. After this I signed into my AD02 VM and went to add the File Server Resource Manager Tools feature. I did this by going to Server Manager and then the add roles and features wizard, and continuing until I skipped over server roles, and into the features tab. Here I went under Remote Server Administration Tools > Role Administration Tools > File Services Tools > File Server Resource Manager Tools. After installing this, I navigated back to Sever Manager, and right clicked All Servers to add a new server. Here I searched for fs and found my FS01-isaiah VM and added it.

I then navigated to Active Directory Users and Computers, and under my isaiah.local domain created the organizational unit SYS-255 in which under I created three more OUs, Computers, Users, and Groups.

I then added a new global security group to Groups named Sales-Users.

Then under my newly created Users OU I made the two users Bob and Alice.

After this I added Alice to the Sales-Users group.

After this I went back into Server Manager, and right clicked my FS01-isaiah computer and clicked Add Roles and Features, I then navigated through the wizard to Server Roles, and found and enabled File Server and File Server Resource Manager under File and Storage Services > File and iSCSI Services. After installing this I went to my FS01-isaiah VM and ran the Net Shell command netsh advfirewall firewall set rule group=”Remote File Server Resource Manager Management” new enable=yes.

I then navigated to the File and Storage Services, and under FS01 clicked File Server Resource Manager, and took a screenshot for a deliverable.

I then went to Shares under Server Manager, and created a new share with the SMB Quick Share option. I then customized the Share path to FS01, set the share name to Sales, and customized the permissions to allow full control for the Sales-Users group, and removed access for everyone else.

After this I logged into my Alice account, and confirmed I could navigate to \\FS01-isaiah\Sales. After this I ran the command echo "Hi From Alice" > \\FS01-isaiah\sales\hifromalice.txt to create hifromalice.txt, and then used the command more \\FS01-isaiah\sales\hifromalice.txt The first command shows that I can write to the directory, while the second one shows I can read from the directory.

I then swapped users to the Bob account. and used the command dir \\FS01-isaiah\sales to try to access the directory which failed.

I then did some research into how to map a drive letter to a directory using group policies. In order to do this I had to go into Group Policy Manager, where I created a GPO named Users - Mapped Drives under my Group Policy Objects OU. I then right clicked it and edited the GPO. I then navigated to User Configuration > Preferences > Windows Settings > Drive Maps and right clicked Drive Maps and clicked New. I then filled in the location of the directory, and selected the drive letter S.

I then went the common tab and checked Run in logged-on user's security context (user policy option), and Item-level targeting. I then clicked targeting and clicked New Item and added an Organizational Unit, and set the target to the SYS-255 OU. After this I went back to Group Policy Manager, and went to the delegations tab, and added the Sales-Users group. I then rebooted wks01 and logged into Alice, opened command prompt and ran the command gpresults /r to view the actively applied GPOs, and confirmed that I have access to the drive in file manager.

After screenshotting the results showing the active GPO, I then continued to do some further research on some of the topics we covered in this lab.

---

Further Research

What is Netsh?

Network Shell is a command line utility. It allows one to view and configure various network communication server roles and components. In our lab we use the command netsh advfirewall firewall set rule group=”Remote File Server Resource Manager Management” new enable=yes. In this case, the command is used to change a firewall configuration that opens the firewall to allow for management of the file server.

What does mapping a drive letter actually do?

When mapping our \\FS01-isaiah\Sales directory to the S:\ drive, we simply are creating a shortcut to a remote directory. This does not actually create a new drive on our computer the way installing another hard drive/solid state drive would. Instead it mimics one of these drives for easy access.

What are the differences between NTFS and Share permissions?

While both of these permissions serve as a way of limiting access, they each have differences. New Technology File System permissions, or NTFS permissions, are the permissions that are set and used to determine access for data within the NTFS file systems. These permissions affect both local and network users alike. Share permissions on the other hand are used to manage access to files that are shared over a network. These types of permissions do not apply to individuals who log in locally. Share permissions also apply to the whole share, meaning that one cannot "granularly" control access to a shared folder. Share permissions also allow for one to limit how many active connections to a share can be established. When both types of these permissions are in use, least privilege, or the one that is more restrictive, always wins.

What's with Alice & Bob?

There's been one question that's been looming over my head throughout most of my learning within Champlain's cybersecurity program: who is Alice & Bob, and why do they keep coming up? As it turns out, its not some sort of inside joke among Champlain faculty, but rather they are standard cybersecurity placeholder characters used when creating fake cybersecurity situations. As time went on and these characters evolved, more characters were added, some with a kind of role attached to them, such as "Mallory" whos a malicious attacker, or "Eve" who serves as some sort of eavesdropper or passive attacker.