Lab00 setup notes - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki

This section details how I created a simple network with a Firewall, an Active Directory on Windows Server Core, a Windows 10 workstation, and installing management tools on a Windows 2019 Server as a foundation for future SYS-265 labs.

Notes

FW01

First I edited the VM hardware settings for fw01 and set the following settings:

  • Network Adapter 1 set to SYS-265-01-WAN
  • Network Adapter 2 set to SYS-265-01-LAN-oliver.mustoe
    (NOTE: If there is not a Network adapter 2, click on the upper right ADD NEW DEVICES > click Network Adapter > then press OK > then edit the settings again like above for the second adapter)

After this I booted up fw01 and edited the interfaces, option 1, to match the following:

  • WAN interface assigned to em0
  • LAN interface assigned to em1
    (NOTE: Do not configure VLANs, and if prompted for optional interface select "ENTER")

Then I selected option 2 and set the following settings:
WAN interface - em0

  • Press 'N' for no DHCP
  • Set the interface's IPV4 address to 10.0.7.113
  • Set the interface's IPV4 subnet bit count to a 24 bit count
  • IPv4 upstream gateway address of 10.0.17.2
  • Press 'N' for no DHCP6
  • When prompted for a new WAN IPv6 address press 'ENTER' on the keyboard to skip
  • Press 'N' for no HTTP as the webConfigurator protocol

LAN interface - em1

  • Press 'N' for no DHCP
  • Set the interface's IPV4 address to 10.0.5.2
  • Set the interface's IPV4 subnet bit count to a 24 bit count
  • Press 'ENTER' on the upstream gateway prompt
  • Press 'ENTER' Leave IPv6 config blank
  • Press 'N' to not enable LAN DHCP server
  • Press 'N' for no HTTP as the webConfigurator protocol

To test that this configuration was working, I selected option 8 for Powershell and saw if I could ping google.com with the command "ping google.com".

WKS01: Part 1

First I edited the VM hardware settings for WKS01 and set the following setting:

  • Network adapter 1 set to SYS-265-01-LAN-oliver.mustoe

I then saved these settings and booted up the machine, if it asks for “Connect Now to Save Time Later” > Select No and if you can adjust privacy settings turn everything off, and logged in with the default Windows 10 credentials, found here.

First I created a local administer account by: Searching for and selecting "lusrmgr.msc" > Right clicked "Users" and clicked to add a new user > Gave the account the username oliver.mustoe-loc > Created a password and filled it in > Set password to never expire > Click create. Then I added the account to the local administrator's group by right clicking the account and selecting properties > Entering "Administrators" into the textbox > Click ok > Click apply and ok. I then relogged back into the computer with my new local administrator.

Then I set a static IP address for WKS01 by doing the following: Click the network icon in the lower left > Click "Network & Internet settings" > Scroll and click "Change adapter options" > Right click "Ethernet0" and select "Properties" > Click on "Internet Protocol Version 4 (TCP/IPv4)" and selected "Properties" > and then set the following information:

  • IP address: 10.0.5.100
  • Subnet mask: 255.255.255.0
  • Default gateway: 10.0.5.2
  • Preferred DNS server: 10.0.5.2

I then gave the computer a name with by doing the following: Search for "This PC" and right click and select "Properties" > Click "Change settings" in the lower right close to Computer name > Then click "Change..." > Then I changed the following setting:

  • Computer name to wks01-oliver

This will prompt a restart which I did, after signing back into WKS01 I used a web browser and entered in the address "https://10.0.5.2", bypassed the certificate warning, logged in with the credentials found here, clicked on the "System" dropdown manager in the upper left and selected "General setup" where I set the following settings:

  • Hostname: fw01-oliver
  • Domain: oliver.local
  • DNS Servers: 8.8.8.8
  • Press "Save"

Then I clicked the "Interfaces" tab, selected "WAN" and did the following:

  • Unchecked Block private networks from entering via WAN
  • Press "Save"

To check that my configuration was working I successfully pinged the default gateway, 10.0.5.2, and google.com.

AD01

First I edited the VM hardware settings for AD01 and set the following setting:

  • Network adapter 1 set to SYS-265-01-LAN-oliver.mustoe

Then I set a new administrator password, SAVE THIS, then logged in, then used the command "sconfig" where I set the following:
In option 8 > selecting the network adapter, option 1

  • S for static
  • IP address: 10.0.5.5
  • Subnet mask: 255.255.255.0
  • Default gateway:10.0.5.2

In option 8 > selecting the network adapter, option 2

  • Prefered DNS Server: 10.0.5.2

In option 5

  • Make sure that updates are set to "Manual"

In option 2

  • Set the computer name to AD01-oliver (Will cause a reboot!!!)

Then I exited sconfig, option 15, and invoked powershell with the command "powershell", and entered the following command to install Active Directory: "Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools".

Then I installed a forest with the name "oliver.local" with the command "Install-ADDSForest -DomainName “oliver.local”", where it requires that you enter the password that I set earlier. This will cause a reboot.

To check that it worked, I ran the command "whoami" which should show "oliver\administrator" which shows that the administrator account is now a domain admin.

WKS01: Part 2

I then went back to my WKS01 and in the same place that I set the IP address I set the DNS to 10.0.5.5.

Then I went back to the same place that I changed the name of the name of the machine and changed the "Member of" select to Domain and entered "oliver.local". I then when prompted signed in with the administrator account created on AD01. Then I relogged into WKS01 with the administrator account from AD01 (must add "@oliver.local" to the end of the username when logging in),and successfully pinged around the network and google.com

MGMT01

First I edited the VM hardware settings for WKS01 and set the following setting:

  • Network adapter 1 set to SYS-265-01-LAN-oliver.mustoe

Then I booted up the machine and logged in with the default server credentials found here. From here I used the same methods that I used on WKS01 to change the following settings:

  • IP address: 10.0.5.10
  • Subnet mask: 255.255.255.0
  • Default gateway: 10.0.5.2
  • DNS: 10.0.5.5
  • Joined the domain "oliver.local"
  • Hostname: mgmt01-oliver (REQUIRES RESTART!!!)
    (NOTE: I could have also used sconfig to set these settings)

Then I relogged into the computer with the credentials created on AD01 (add "@oliver.local" to the end of the username when logging in).

After relogging I opened up server manager > Clicked "Manage" > Clicked "Add Roles and Features" > Clicked next > Made sure role-based was selected and clicked next > Selected "mgmt01-oliver.local.local" from the pool and clicked next > Clicked next > In the features tab scrolled down to "Remote Server Administration Tools" and clicked to expand > Clicked to expand "Role Administration Tools" > Then checked the following:

  • AD DS and AD LDS Tools
  • DHCP Server Tools
  • DNS Server Tools
  • File Services Tools (don't expand)

Then continued on with the setup and installed the selected features.

After those installed I clicked "Manage" > Clicked "Add Servers" > Clicked "Find Now" and selected "ad01-oliver" from the list.

I then went to the "AD DS" section > Right clicked AD01 > Clicked "Active Directory Users and Computers" > Clicked "oliver.local" > Right clicked "Users" on the left > hovered over "New" and selected user > Created a user with the User logon name "oliver.mustoe", along with a password that does not expire.

I then created a second user with the User logon name "oliver.mustoe-adm" with a password that doesn't expire. I also added this user to the domain admin group by double clicking the user folder > right clicking the user > Clicked "Add to a group..." > Then entering "Domain Admins" into the text box and clicking ok.

I then relogged into the system with the newly created Domain Admin account "oliver.mustoe-adm" (add "@oliver.local" to the end of the username when logging in). (NOTE: If AD01 doesn't show up in the servers list in server manager, add it the same way as above.)

I then went into the "DNS" section in server manager > Right clicked AD01 and selected "DNS Manager" > Right clicked "Reverse Lookup zone" and selected the first option to create a new zone > Went along the setup wizard and filled in "10.0.5" in the network ID section. I then went into the forward lookup zone > Went into oliver.local > and added A records for the all of the machines in this notes making sure that the option for a pointer record is checked/edited each already made record to have a pointer record.