Lab 1 - michael-D-S/SYS-265 GitHub Wiki
Michael Sargent SYS-265-01, 1/14/2025
Overview:
Our goal is to build a realistic server environment consisting of a routed network (LAN and WAN) as well as introduce Server 2019 Desktop and Core and the systems required to manage them.
Admin Login: @dm1n
pfsense admin: refer to Canvas
Some issues I encounter within this lab were:
-
My AD01 machine was misconnected to the MGMT01 machine, and did had itself as the domain controller and would not load as the MGMT01 machine lacked the proper authentication. This was a simple fix as i just reverted the machine and began again following much closer attention to the connection phase and made sure to not make it the domain controller.
-
There was also the issues of me trying to jump ahead and making PTR records before I was supposed to and confusing the DNS with multiple records for the same machine and messing up the call backs for said records. This was fixed by restarting the records creation section and not jumping the gun. "note to self: do not make records before connection the machine that has the DNS installed to the domain"
-
The final struggle I had with this lab the was more of a hiccup for about 20 minutes was in creating Deliverable 5. which asked to the PTR records on the DNS, I forgot to change the zone from michael.local to the 5.0.10.in-addr.arpa zone and thus was not able to get the appropriate records to show.
-
Look into how to pull up the PTR records: "Changing the Zone to be 5.0.10.addr-arpa will yield the appropriate records in the following command, GET-DnsServerResourceRecord -ZoneName *** -ComputerName ad01-michael -RRType PTR
-
How to change the domain without using the terminal: "This can be done either through the command sconfig or through control panel and selecting system and the change computer name section.
-
How to better filter with the GET command:
"Depending on the "Get" command, you can use various parameters to filter data, such as: "Name": To filter by name (e.g., "Get-Service -Name 'Windows Update'") "ID": To filter by a specific ID (e.g., "Get-EventLog -InstanceId 1023") "Property": To filter based on a property value (e.g., "Get-ChildItem -Filter *.txt" to get only text files) Pipeline Functionality: The "Get" command often outputs data that can be further filtered using other commands in the pipeline, allowing for complex filtering logic by combining multiple "Get" commands with other PowerShell functions like "Where-Object". "
Firewall is a pfSense router + firewall + gateway that you will need to configure in order to route traffic between your private network and your public network. As in SYS-255, FW has two network interfaces.
You will have your unique public IP address assigned via on the Canvas home page.
Virtual Networking
The following screenshot shows the appropriate virtual network configuration for fw01.
OS Configuration
Configure pfSense similarly as you did during SYS255. If you run into trouble, here's the link to the SYS255 Lab that covers pfSense. A couple pointers:
It will take a minute or so for a timeout to occur when configuring interfaces. It is waiting for a dhcp server that just does not exist.
We are not using VLANs
VMX0/em0 and VMX1/em1 are WAN and LAN respectively
Your WAN interface will be set to your assigned IP, while the LAN IP will be set to 10.0.5.2/24
Your WAN upstream gateway address is 10.0.17.2
We are not using IPv6 on WAN nor LAN
We are not using the firewall for DHCP on the LAN
When done, your console should look similar to this:
Using sconfig from command prompt, make updates manual
MGMT01 should have the IP address of 10.0.5.10
gateway of 10.0.5.2
DNS should be set to the IP of the new DNS server
Hostname should be mgmt01-firstname
Join it to your domain
After rebooting mgmt01, make sure you login to the domain, and not the local host.
On MGMT01, figure out how to Install the following features on mgmt01:
Using Server Manager on mgmt01, add ad01 to the list of managed servers.
Using Active Directory Users and Computers, create the following domain named users:
first.lastname (domain named user)
first.lastname-adm (domain named admin)
Add your -adm account to the Domain Admins group
Create a Reverse Lookup Zone for the 10.0.5 network
Create an A record and PTR record for fw01-yourname
Manually add the PTR records for ad01 and mgmt01. Your PTR records should look similar to this:
On MGMT01, logout and then re-login as your -adm@yourdomain account.
Go ahead and join wks01 to the domain as your Named Domain user. Q:What needs to be changed to facilitate these changes?
FW01
Firewall is a pfSense router + firewall + gateway that you will need to configure in order to route traffic between your private network and your public network. As in SYS-255, FW has two network interfaces.
You will have your unique public IP address assigned via on the Canvas home page.
Virtual Networking The following screenshot shows the appropriate virtual network configuration for fw01.
OS Configuration Configure pfSense similarly as you did during SYS255. If you run into trouble, here's the link to the SYS255 Lab that covers pfSense. A couple pointers: It will take a minute or so for a timeout to occur when configuring interfaces. It is waiting for a dhcp server that just does not exist. We are not using VLANs VMX0/em0 and VMX1/em1 are WAN and LAN respectively Your WAN interface will be set to your assigned IP, while the LAN IP will be set to 10.0.5.2/24 Your WAN upstream gateway address is 10.0.17.2 We are not using IPv6 on WAN nor LAN We are not using the firewall for DHCP on the LAN
When done, your console should look similar to this:
💣Do not use Hermione's WAN IP (.74), use your own!
We will complete our configuration using the web interface from our Windows 10 system (wks01)
You should also be able to enter a shell (8) and ping google.com
WKS-01 Virtual Networking:
OS Configuration:
💡The Windows 10 desktop system (wks01) will display the champuser username, which is our deployer account. You will need to set up a new Local Named Administrator account, which you will use for the rest of the term.
Here are specific instructions on how to add a new Local Named Administrator account.
Go through the normal configuration steps:
During 1st boot, the setup asks to “Connect Now to Save Time Later” > Select No
Username: yourname (you may need to add a new local administrative user)
Adjust your privacy settings by turning everything off when prompted
Give wks01 a static IP address of 10.0.5.100, netmask of 255.255.255.0 and a gateway and DNS of 10.0.5.2 (your fw01 LAN interface).
Give your system a hostname of wks01-yourname.
💡Pro Tip
Navigate to https://10.0.5.2 and login using admin/pfsense
Follow the FW wizard and make the following changes: hostname:fw01-yourfirstname Domain: yourfirstname.local Primary DNS Server 8.8.8.8 Uncheck block RFC1918 Private Networks (Step 4) If you change the password, take steps to remember it
Your Windows 10 system, WKS01, should be able to ping your LAN's default gateway 10.0.5.2 and resolve and ping google.com
AD01 - Server Core Make sure AD01 is on your SYS265-LAN network
Change and record the new administrator password for the Server Core machine. Using sconfig, configure the following: Network Settings IP: 10.0.5.5 Netmask: 255.255.255.0 Gateway: 10.0.5.2 Preferred DNS: 10.0.5.2 Computer Name: ad01-yourname Manual Windows Update
💣This is important, renaming your server after AD installation is a recipe for disaster!
When rebooted, the sconfig screen should look similar to:
Installing AD on Server Core. In previous courses, you have relied on the GUI to install AD. This time, we will use powershell.
On AD01, invoke Powershell and use the CLI to install Active Directory and create a new Forest with a Domain Name of yourfirstname.local (not hermione.local…)
Install the Forest with the following command:
Read through the install prompts, and it will take some moments & of course an auto reboot.
When complete, you should be able to show that you are the Domain Admin account of yourname.local, and NOT the Local Admin Pre-AD account (this Local Admin account is suppressed on Domain Controllers, but not on Member Servers or Clients):
Configure MGMT01 MGMT01 is a Server 2019 with GUI. Its job will be to remotely manage any server core systems. It should be configured with Network Adapter 1 on SYS265-LAN-your.name just like the other LAN based VMs.
💡If you are asked for an activation key, skip that option.
Using sconfig from command prompt, make updates manual MGMT01 should have the IP address of 10.0.5.10 gateway of 10.0.5.2 DNS should be set to the IP of the new DNS server Hostname should be mgmt01-firstname Join it to your domain
After rebooting mgmt01, make sure you login to the domain, and not the local host.
On MGMT01, figure out how to Install the following features on mgmt01:
Using Server Manager on mgmt01, add ad01 to the list of managed servers.
Domain Users Using Active Directory Users and Computers, create the following domain named users: first.lastname (domain named user) first.lastname-adm (domain named admin)
Add your -adm account to the Domain Admins group DNS Create a Reverse Lookup Zone for the 10.0.5 network
Create an A record and PTR record for fw01-yourname
Manually add the PTR records for ad01 and mgmt01. Your PTR records should look similar to this:
On MGMT01, logout and then re-login as your -adm@yourdomain account.
Joining WKS01 to the domain Go ahead and join wks01 to the domain as your Named Domain user. Q:What needs to be changed to facilitate these changes?