Tech Journal 05 ‐ ADDS - Liam-DiFalco/Sys255-FA24 GitHub Wiki

Preparing for Assessment

For this tech journal I will be documenting how I will prepare the assessment

Network Diagram

image

Summarizing:

Virtual Firewall and Windows 10 Setup

  • Configure pfSense firewall with WAN and LAN interfaces.
  • Assign WAN IP (provided) and LAN IP (10.0.5.2).
  • Disable DHCP on both interfaces.
  • Configure wks01 (Windows 10) network adapter to LAN.
  • Test network connectivity with ping and tracert to external sites​

AD DS and DNS Configuration

  • Start Windows Server 2019 and configure it as Domain Controller (DC).
  • Set IP address: 10.0.5.5, Gateway: 10.0.5.2, DNS: 10.0.5.2.
  • Install Active Directory Domain Services (AD DS) and DNS.
  • Promote server to domain controller (liam.local).
  • Configure DNS records for forward and reverse lookups.
  • Join wks01 to the domain.
  • Test DNS by pinging hostnames and IP addresses​

Linux Configuration

  • Configure dhcp01 with IP: 10.0.5.3.
  • Add privileged user to wheel group.
  • Test network connectivity with ping to ad01, fw01, and external sites.
  • Add A and PTR records for dhcp01 in AD DS.
  • Test DNS resolution by pinging dhcp01 from wks01.
  • Enable SSH and test remote access from wks01​

DHCP Setup

  • SSH into dhcp01 from AD01 using SSH.
  • Install DHCP service using yum install dhcp.
  • Open DHCP configuration file (/etc/dhcp/dhcpd.conf) using vim like a legend.
  • Configure domain-name to liam.local and set network parameters.
  • Save and exit the editor.
  • Start DHCP service using systemctl start dhcpd.
  • Enable DHCP to start on boot with systemctl enable dhcpd.
  • Configure the firewall to allow DHCP requests using firewall-cmd --add-service=dhcp --permanent.
  • Reload the firewall with firewall-cmd --reload.
  • Set wks01 to use DHCP.
  • Verify IP assignment on wks01 with ipconfig /all.
  • Check DHCP logs on dhcp01 for wks01's DHCP request.

Group Policy Management

  • Create Organizational Units (OUs) in Active Directory (SYS255).
  • Add users and computers to the correct OUs.
  • Create Group Policies for user desktops (e.g., remove Recycle Bin icon).
  • Create a Computer Policy to disable last login display.
  • Apply policies to the SYS255 OUs.
  • Verify policies by logging into wks01 and running gpupdate and gpresult​