Milestone 2 ‐ AD - seabar24/SYS-480 GitHub Wiki

Downloading Windows Server 2019 ISO file

First, download the Windows Server 2019 ISO from the file explorer path: \rackstation2\CYBER-SHARE\ISOs\SP24\480

Select the SERVER_EVAL_x64FRE_en-us_1.

image

Upload the file to your datastore2.

image

SysPreping Windows Server 2019

From here, create a new VM similar to the settings below:

  • Thin Provisioned
  • CD/ROM: Datastore ISO file - SERVER_EVAL_x64FRE_en-us_1.

image

image

image

Power on Windows Server and go through the following Install pages:

Boot Normally

image

"Press Any Key to Boot from CD"

image

Select Windows Server 2019 Standard Evaluation (Desktop Experience) then Click Next

image

Select Custom: Install Windows only (advanced)

image

Select empty drive and click Next

image

Wait until install is complete

** DO NOT SETUP ADMINISTRATOR PASSWORD **

Instead, enter Crtl + Shift + F3 to enter Audit Mode to help with SysPrep.

image

From here, go into Administrative PowerShell and type in the command sconfig.

image

Select Option 9 and change the timezone to Eastern Standard Timezone

image

image

Also set Windows Update to Manual via option 5

image

Once done, select option 6 and start Installing Updates

image

  • Select (A) for All Updates
  • This will take about 30 mins to an hour

image

Restart and then repeat Installing Updates until there are none left.

Installing VmWare Tools

Within the ESXi Host, rick-click on DC1.

From here select Guest OS > Install VMWare Tools.

Go back into DC1 and run through the VMWare Tools Setup Wizard.

image

  • Select Typical as Install and wait for it to finish.

image

Finishing up SysPrep

Download script from here: SysPrep or do a wget similar to the command below:

image

Edit the script in Windows Powershell ISE to look similar below:

image

Save the file and run these commands in PowerShell to allow for the script to run

image

Restart and run the C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /unattend:C:\unattend.xml in a Powershell.

This will power off your Windows Server 2019 box and you are complete with Sysprep!

Adding AD DS, DNS, and DHCP

Add an Administrative Password. Remember this!

image

Go within the Powershell and enter the following configuration for the Network Adapter

image

The Default Gateway and DNS will be set to the pfsense gateway.

Return to the sconfig menu and change the computer name to DC1.

FROM HERE WE WILL BE EXECUTING THE INSTALL FROM XUBUNTU INSTEAD OF DOING IT DIRECTLY

Run a ssh command to your deployer user on Windows similar to the screenshot below:

[email protected]

image

Enter the deployer password and you are now ready to deploy AD, DNS, and DHCP onto you Windows box from Xubuntu.

image

Run the following commands to Install ADDS, DNS, and DHCP:

# AD Install
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "sean.local"
# Creating New AD User
$password = Read-Host "Please enter a password for the sean.adm user" -AsSecureString
New-ADUser -Name sean.adm -AccountPassword $password -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members sean.adm
Add-ADGroupMember -Identity "Enterprise Admins" -Members sean.adm
# Adding DNS
Install-WindowsFeature DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -NetworkID 10.0.17.0/24 -ZoneFile “17.0.10.in-addr.arpa.dns”
Add-DnsServerResourceRecordA -CreatePtr -Name "vcenter" -ZoneName "sean.local” -AllowUpdateAny -IPv4Address "10.0.17.3"
Add-DnsServerResourceRecordA -CreatePtr -Name "fw-super1" -ZoneName "sean.local" -AllowUpdateAny -IPv4Address "10.0.17.2"
Add-DnsServerResourceRecordA -CreatePtr -Name "xubuntu-wan" -ZoneName "sean.local" -AllowUpdateAny -IPv4Address "10.0.17.100"
Add-DnsServerResourceRecordPtr -Name "4" -ZoneName “17.0.10.in-addr.arpa” -AllowUpdateAny -AgeRecord -PtrDomainName "dc1.sean.local."
# Adding DHCP
Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
# Adding DHCP Scope
Add-DHCPServerv4Scope -Name “sean-scope” -StartRange 10.0.17.101 -EndRange 10.0.17.150 -SubnetMask 255.255.255.0 -State Active
Set-DHCPServerv4Scope -ScopeID 10.0.17.0 -Name “sean-scope” -State Active -LeaseDuration 1.00:00:00
Set-DHCPServerv4OptionValue -ScopeID 10.0.17.0 -DnsDomain dc1.sean.local -DnsServer 10.0.17.4 -Router 10.0.17.2
# Finishing DHCP in Domain Controller
Add-DhcpServerInDC -DnsName "dc1.sean.local" -IPAddress 10.0.17.4
Restart-service dhcpserver

RDP to Windows from Linux

To enable RDP on Windows through Powershell, run the following command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

And then to let it through the firewall, run the command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

From here you can pick your favorite free RDP service, I chose remmina as it was pretty straightforward to setup. But you can also choose xfreerdp as an alternative.

Recording

SYS480 Milestone 2 Recording