Lab00 - TrippCC/Sys-265 GitHub Wiki

In this lab, the goal was to set up the FW, AD, and MGMT servers as well as setting up a workstation.

This first step was to set up the Firewall:

  1. Make sure the Network Adapter 1: Wan Network Adapter 2: mason.tripp-Lan
  2. Configure the FW:
    1. using option 2
    2. select the interface you wish to change
    3. Assign the interface a valid Ip address
    4. following these guidelines (be sure to do this for both interfaces):
      1. We are not using VLANs VMX0/em0 and VMX1/em1 are WAN and LAN respectively Your WAN interface will be set to your assigned IP, while the LAN IP will be set to 10.0.5.2/24 Your WAN upstream gateway address is 10.0.17.2 We are not using IPv6 on WAN nor LAN We are not using the firewall for DHCP on the LAN Do not revert to HTTP (once done you should be able to ping google.com)
    5. To finish the configuration of the FW you must go to the workstation
    6. for the first time opening the workstation the default password is Ch@mpl@1n!20
    7. Be sure to set up a local account and add that account to the admin group 1.Username: your name (you may need to add a new local administrative user) Adjust your privacy settings by turning everything off when prompted
    8. Configure the wks according to these guidelines 1.Give wks01 a static IP address of 10.0.5.100, netmask of 255.255.255.0 and a gateway and DNS of 10.0.5.2 (your fw01 LAN interface). Give your system a hostname of wks01-your name.
    9. Type the Ip address of the FW's Lan into the top search bar
    10. login using admin/pfsense
    11. Follow the FW wizard and make the following changes: hostname:fw01-yourfirstname domain:yourfirstname.local Primary DNS Server 8.8.8.8 Uncheck block RFC1918 Private Networks (Step 4) If you change the password, take steps to remember it (once this is done the wks should be able to ping the fw and champlain.edu

Setting up AD:

  1. Make sure to set the network adapter to Lan
  2. use sconfig to configure the following: 1.IP: 10.0.5.5 Netmask: 255.255.255.0 Gateway: 10.0.5.2 Preferred DNS: 10.0.5.2 Computer Name: ad01-yourname (be sure to restart the server to apply changes)
  3. Use the command "Install-WindowsFeature AD-Domain-Services -IncludeManagementTools" to install Active Directory
  4. then use the command " Install-ADDSForest -DomainName mason.local" to create a new Forest
  5. it will then prompt you for a password, make sure it is something that you will remember (once done it should so you as an admin of the mason.local domain)

Joining the wks to the domain:

1.go to the control panel > System and security > System > Change Settings > click domain and put "mason" 2.this will prompt you for a username: [email protected] and password: whatever the password on AD01 was set as for the admin account

Configure MGMT:

  1. set up mgmt according to these settings 1.MGMT01 should have the IP address of 10.0.5.10 gateway of 10.0.5.2 DNS should be set to the IP of ad01(10.0.5.5) Hostname should be mgmt01-firstname Join it to yourname.local, then reboot (using the same method as wks)
  2. go into server manager and click Manage > Add roles and features
    1. click next until prompted to select a server make sure you pick the AdD server
    2. click next till you hit the "Features" tab
    3. scroll down till you see "Remote Server Administration Tools, enable it and expand
    4. then click the "Remote Server Administration Tools" tab below it and expand that
    5. enable the AD DS and SD LDS tools tab, DHCP Server Tools, DNS Server Tools, and file server tools
  3. Add AD01 to the list on managed servers
    1. on Server Manager click Manage > Add servers > enter the name of the server
    2. select it from the list below
  4. Add domain users
    1. on Server Manager click tools > Active Directory Users and Computers
    2. click on mason.local > Users > right click in the folder > new > user enter in the information and give an account admin privileges
  5. create lookup zones
    1. In Server Manager click All servers > DNS server > AD01
    2. Create a Reverse Lookup Zone for the 10.0.5 network, Create an A record and PTR record for fw01-yourname Manually add the PTR records for ad01 and mgmt01.