Objective:
On the ROAS topology, run a windows server
machine on VLAN 30 and manage the other
workstations on all VLANS with active directory.
Configure Organizational Unites, Group Policy
Objects, and manage users.
This project was performed on the EVE-NG
virtual platform, please refer to "Virtualized
High Redundancy Network" project for
EVE-NG setup documentation. The
configurations for this lab are below. Images
for some outcomes above.
Objective:
On the ROAS network topology, run a windows
server machine on VLAN 30 and manage the
other workstations on all VLANS with active
directory. Configure Organizational Units, Group
Policy Objects, and manage users.
This project was performed on the EVE-NG
virtual platform, please refer to "Virtualized
High Redundancy Network" project for
EVE-NG setup documentation. The
configurations for this lab are below. Images
of some outcomes to the left.
#Winserver Configuration #System Hardening, User Credentials, and updates already assumed New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 10.0.30.10 -PrefixLength 24 -DefaultGateway 10.0.30.1 Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 10.0.30.10 Install-WindowsFeature AD-Domain-Services, DNS -IncludeManagementTools Import-Module ADDSDeployment Install-ADDSForest ` -DomainName "lab.local" ` -SafeModeAdministratorPassword (ConvertTo-SecureString "********" -AsPlainText -Force) ` -InstallDNS ` -Force Import-Module ActiveDirectory # Create OUs New-ADOrganizationalUnit -Name "LabUsers" -Path "DC=lab,DC=local" New-ADOrganizationalUnit -Name "LabComputers" -Path "DC=lab,DC=local" # Create Users New-ADUser -Name "TestUser1" -GivenName "Test" -Surname "User1" -SamAccountName "TestUser1" -AccountPassword (ConvertTo-SecureString "P@ssw0rd!" -AsPlainText -Force) -Enabled $true # Create Security Group New-ADGroup -Name "LabAdmins" -GroupScope Global -GroupCategory Security -Path "OU=LabUsers,DC=lab,DC=local" # Create GPO New-GPO -Name "PasswordPolicy" -Comment "Enforce strong passwords" # Link GPO to OU New-GPLink -Name "PasswordPolicy" -Target "OU=LabUsers,DC=lab,DC=local" #On workstations PCs' to be managed by AD #System Hardening, User Credentials, and Updates Already Assumed Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 10.0.30.10 Add-Computer -DomainName "lab.local" -Credential lab\Administrator -Restart