Lab Windows Admin Center - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki
This page journals content related to SEC-440 lab for Windows Admin Center.
Table of contents:
Specification Rundown
Rundown of what I set up with some specifications:
AD01 - IP: 10.0.5.5/24
-
AD
-
DNS
-
DHCP
FS01 - 10.0.5.7/24
- Windows Admin Center
WKS1 - IP: DHCP
AD01 setup
First on AD01 I changed my password:
Then I used sconfig in a Windows admin powershell session to set the following:
Used option 9 to set the timezone:
Used option 8 to set the hostname (restarted the box):
Then I right clicked my network adapter > "Open Network & Internet settings":
Then I went to "Change adapter options" > "Ethernet0" > "Properties":
Then in "Internet Protocol Version 4" properties I set the following:
Then I pressed "OK" out of the IPv4 properties and "OK" out of the Ethernet0 properties and my adapter worked!:
Then I ran the following in an admin powershell to install AD:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "oliver.local"
Once it restarted I then installed and setup DNS with records:
# Setup DNS and make records
Install-WindowsFeature DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -NetworkID 10.0.5.0/24 -ReplicationScope "Domain"
Add-DnsServerResourceRecordA -CreatePtr -Name "fs01-oliver" -ZoneName "oliver.local" -AllowUpdateAny -IPv4Address "10.0.5.7"
# Needed for routing to ad01 - did delete once while setting up fs01 and redid but I dont believe that did anything!
Add-DnsServerResourceRecordPtr -Name "5" -ZoneName "5.0.10.in-addr.arpa" -AllowUpdateAny -AgeRecord -PtrDomainName "ad01-oliver.oliver.local"
Then I setup my named domain admin and regular domain user:
# Users
$password = Read-Host -AsSecureString
New-ADUser -Name oliver.mustoe-adm -AccountPassword $password -Passwordneverexpires $true -Enabled $true
$password = Read-Host -AsSecureString
New-ADUser -Name oliver.mustoe -AccountPassword $password -Passwordneverexpires $true -Enabled $true
# Setup roles
Add-ADGroupMember -Identity "Domain Admins" -Members oliver.mustoe-adm
Add-ADGroupMember -Identity "Enterprise Admins" -Members oliver.mustoe-adm
I would then login as as "oliver.mustoe-adm"
Then I would setup DHCP IN A ADMIN POWERSHELL SESSION:
# DHCP
Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
Add-DHCPServerv4Scope -Name "wac-scope" -StartRange 10.0.5.50 -EndRange 10.0.5.75 -SubnetMask 255.255.255.0 -State Active -LeaseDuration 1.00:00:00
Set-DHCPServerv4OptionValue -ScopeID 10.0.5.0 -DnsDomain oliver.local -DnsServer 10.0.5.5 -Router 10.0.5.1
Add-DhcpServerInDC -DnsName "ad01-oliver.oliver.local" -IpAddress 10.0.5.5
I would power on the wks1 box and check that I received a DHCP address (required running ipconfig /renew):
FS01 Setup
I booted FS01 and went set the Ip address by right clicking my network adapter > "Open Network & Internet settings" > "Change adapter options" > "Ethernet0" > "Properties" > "Internet Protocol Version 4" properties where I set the following:
Then I went into sconfig and did the following in an Admin powershell:
Made sure the datetime was correct with option 9.
Set Domain with option 1:
Did select to change the computer name:
And when prompted did restart and would login as my domain admin!
Fs01 added to the domain:
Then on FS01 I opened server manager and clicked on the popups "Get more info" link:
Then on the link popped up I scrolled down and clicked the link right under "Download now":
Then I pressed "Download now":
And then "Run":
In the installer that popped up I accepted the terms of service and chose the default settings (seen below for reference):
Installer finished:
WKS1 Setup
I went wks1 and used the following command to join the domain and set the computer name to wks01-oliver:
Add-Computer -DomainName oliver.local -NewName wks01-oliver -Credential oliver.mustoe-adm -Restart
(NOTE: For earlier testing did run a ipconfig /renew to get a DHCP address!)
Windows Admin Center Setup and Usage
After the setup and a restart of WKS1 I could go to "https://fs01-oliver" and see my admin center:
Inside the default screen I would select "+ Add":
Then "Servers":
Then I would search active directory and find my ad01 > select it and press "Add":
I would repeat the process but chose to select a Windows PCs instead of a server ("Add" > under Windows PCs "Add" > "Search Active Directory":
All of my VMs added:
Then I selected my ad01 > "Connect" > chose to login as another account for the connection, with the account being my Windows Domain admin user:
Then I went to the upper left gear wheel, selected it:
Then I went to extensions on the sidebar:
Then I used the searchbar to search for "Active Directory" > selected it and pressed "Install":
I would do the same process in the extensions menu as I did for the Active Directory extension (search > select > install) for the "DNS":
I then reconnected to my ad01 and I could use the extensions:
Then using the sidebar in my ad01 connection I could go down to "PowerShell" > prompts for a password for my user:
After filling in the password I pressed "Submit" > then pressed Enter (the key) and I was in:
GPO for WinRM
Back on ad01 I used the "Active Directory Users and Computers" menu to setup a "workstations" OU and moved "WKS01-OLIVER" from "Computers" to "workstation" via dragging it:
Made workstations by clicking on "oliver.local" > "New" > "Organizational Unit":
In the GPO Management console, I made a GPO inside the workstations OU (right clicked OU > "Create GPO in this domain, and link it here..."):
(In the popup, called the GPO "Enable WAC Remoting":
Then I pressed right click on the created GPO ("Enable WAC Remoting") > Edit:
Popup that appeared:
Then I using the side bar navigated to the following path (used the dropdowns): "Computer Configuration" > "Policies" > "Administrative Templates" > "Windows Components" > "Windows Remote Management" > "WinRM Service" where I selected "Allow remote server management through WinRM":
Edited (double clicked it) "Allow remote server management through WinRM" as follows:
Hit Apply then OK
Then I went to "Computer Configuration" > "Policies" > "Windows Settings" > "Security Settings" > "System Services" and selected "Windows Remote Management":
Set "Windows Remote Management" to as follows:
Hit Apply then OK
Finally I went to "Computer Configuration" > "Policies" > "Windows Settings" > "Security Settings" > Windows Defender Firewall with Advanced Security" > "Windows Defender Firewall with Advanced Security" and right clicked "Inbound Rules" > "New Rule...":
Set the following in the inbound rule wizard:
Selected "Predefined" > used the dropdown to select "Windows Remote Management":
Unselected the "Public" profile rule:
Left the connection default:
Then on wks01 I ran in powershell:
gpupdate
And restarted wks1.
(NOTE: I did a restart at this point as I had to test out many different GPO options to get the right one and I felt that a restart minimized the effect that they had.)
As well on fs01 I used start iexplore in powershell to open explorer, downloaded and installed chrome:
From chrome on fs01 I accessed "https://fs01-oliver":
And then I could click on my wks1 > "Connect":
(NOTE: If I was prompted for a username to get into wks1, I would have had to do it in the "DOMAIN\USERNAME" format (so in this case "OLIVER\oliver.mustoe-adm")
As a bonus I could also enable Remote Desktop connection in settings and get a remote desktop connection:
Finally I installed chrome remote desktop by googling for it > pressing to access my computer > logging in with my mymail.champlain.edu account > scrolling down to the "This device" section > chose to setup chrome remote desktop (blue button) > then hit "Accept & install" > after a failure popped up Download > selected to use the installer:
Ran and went through the installer > set the name > set a pin and disabled diagnostics > then after logging out could access Chrome Remote Desktop.