How to setup a basic home lab running Active Directory (Oracle VirtualBox)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so I just wanted to do like a quick and dirty video of how to set up your own kind of virtual environment so you can practice different technologies on I'm not gonna like stop and edit this a whole bunch of time so hopefully I don't mess up I was originally going to do this in hyper-v but you need to have at least Windows 10 Pro to run hyper-v I believe and I think most people might have home so instead of hyper-v I'm going to use VirtualBox Oracle VirtualBox so to get started you need like a few things you'll need a CPU capable of virtualization which most of them are these days but sometimes virtualization has been turned off in the BIOS so you just got to make sure to turn that on it's gonna be different for different computers so you can always google this preferably at least four cores you could might be able to get away with two but it's gonna get pretty slow with less than four preferably at least eight gigabytes of RAM you might be able to get away with four but it's gonna be like pretty bad at least 100 gigabytes free of hard drive space preferably an SSD it's a night and day difference if you run on a spindle drive versus an SSD and you're in you're going to need Oracle VirtualBox that's just a download from the internet you'll need a Windows Server 2016 ISO you can just google this Google like Server 2016 evaluation the same thing you'll need a Windows 10 ISO just Google Windows 10 evaluation and you can download the ISO so I already this is the topology we're gonna be building with domain controller DHCP server random file server and then a couple of clients and then your domain controller will connect all these guys to the Internet hopefully through your home network so to get started I'm just gonna open VirtualBox here so just download VirtualBox open it and then I'm just gonna run through this and then create all the computers I'm just gonna create one of these clients so I'm just gonna create the servers all at the same time so we'll start with the domain controller here and I named it Thor so we'll just say new and then you can put this wherever you want I'd recommend putting them all in the same kind of same folder so I'll name this dc4 domain controller and it's gonna be named Thor and I'll put the IP address I'm gonna use here so just so I can easily see it and so I up here I'm going to give it 10 0 dot 0 dot 101 so that's gonna be the name it's gonna be Windows and it's gonna be running server gosh I'll just say other windows 64-bit and we'll see you next and this is how much memory you can give it depending on how much memory you have you want to you know be careful I'm just gonna give it 2 gigabytes because I have enough to do that and I'll say create the hard disk now that's the type and you can say dynamically allocate it so it will grow I guess if it needs to or shrink I'll just say dynamically and then this is where it's gonna be how big the hard drives going to be so I'll just say create and then all I'll go ahead and do the same thing for the DHCP server in the file server so I'll say it's a new DHCP it's going to be named a named Atlas and the IP address is gonna be 10 dot 0 dot 0 dot 1 o 2 this is just just cosmetic it's just easy for me to like see what the server is and stuff if I put it in the name it remember it's what I said last time yes dynamic ok that's weird I wonder why it opted to like do 32 I'm just gonna say 20 so now we have domain controller we have our DHCP server oh that's Windows 7 that's okay so I'll make lastly not lastly but I'll make our file server name this is use this is a file server named Zeus an IP address I put down here 10.0.0.0 3 this is gonna be other windows 64-bit 2 gigabytes of memory create hardest now dynamic 20 gigabytes and then I'll create one of our clients up here so I'll say new again this is going to be named old 101 computer number one after the computer is an older at all oh this is gonna be a client and then it's going to use it's going to use DHCP for its IP addressing so I won't I won't put the IP address up here and I think I forgot to do this for the other ones but I'll do it here and this is gonna be Windows 10 the 64 bit 2 gigabytes ok sure dynamic that's enormous I'll say 25 so I'll say create and then so now I have my computer's created I'm gonna I'm gonna edit these so in our diagram here the domain controller is connected to two networks so it's connected to the external network and it's also connected to an internal switch so I'm gonna go to settings and I believe I can a yes so the first one is gonna be it's gonna be bridged to my actual Ethernet and then the second adapter I'm gonna add another adapter and it's gonna be internal only and you can name it so I'll just name it like internal internal so I'll say ok to this we can go back in here and like you can if you have a lot of course you can assign more cores to your your virtual machines so I would recommend that I mean if you have a lot I would recommend adding some cores so I'm just gonna add 4 cores to mine so they they tend to go faster so I'll go to I'll go to Atlas and Atlas is the DHCP server and it's connected to the internal network here so I'm gonna go to network and instead of NAT will do internal and I'll choose internal right I'm just gonna give it some more cores because I do not want to deal with it being slow next to Zeus go to settings Zeus here is the file server it's also connected to the internal network so I'll go Network not NAT but internal and system give it 4 cores and then lastly the client we're gonna go to network client is up here it's also connected to the internal switch so instead of NAT will go internal and then I just want to give it some more cores so it runs a bit better so we'll start with Thor we'll go ahead and say start for the domain controller and then the first time it starts up it's like what like I don't have anything on the disk like do you want to install an operating system and if so like can you insert the disk so this is where you'll click browse and then you'll go to wherever you downloaded your ISO to I just happen to put it in this isel's folder and I'm installing Server 2016 on the sky so I'll pick my server ISO and we'll just say start and it's gonna start loading so I'll go through the rest of the service and kind of get them started do the same thing Atlas select the ISO server start I think you can do well maybe I can't to do more than one that's really lame so I'll just install so this is Thor I mean I'm just gonna click through and install the operating system just pick if you don't pick desktop experience it's gonna it's going to install and you only have a command-line and nothing else so custom install pick the hard drive and just say go no apparently you can't do more than one at a time just interesting so while the domain controller is installing I'll go to Alderwood 101 I guess I guess I can't do that apparently so I'll stop this for now I'll come back to it later and I will do all the road 101 cuz this is gonna use Windows 10 so I'll start this guy hopefully this one will work and I'll select the disk that I want to use Windows 10 Enterprise which I downloaded this is the eval free download and I can say start and it should start installing it as well so just for now I'm just gonna go through all of these and install the operating system on all of them I'm gonna pause this real quick so now that the domain controller is finished installing I believe I can just I can restart it and I think I can eject to this disk I'll just say devices optical drive and remove disk from this device doesn't need it anymore it finished installing and then I believe I can move to the next server and boot with that disk hyper-v lets you use the same I so unlike install multiple VMs with it but I guess you can't in VirtualBox so I'll go to the next server I'll go to optical drives and I'm gonna mount window or server and then I'll reset this should boot yeah so it's loading the the boot disk or the OS installer this is original one it's still going in the background and so I'm just gonna do the same thing with Atlas same old default install okay for all the servers that's gonna ask like what your you want to make your admin password I'm just gonna use capital P password one that's easy to remember I'll use that for everything same thing desktop experience and this is the first one that's finished so I'll go ahead and finish the rest of these before I start doing the actual config but normally you'd press like Control Alt Delete here you can go to input and say keyboard and control-alt-delete there's a host delete combo but I can't remember what it is you can just come up here and click this login your password 1 capital P I'll just minimize this for now and here's our Windows box just say or Windows 10 box just restart and we can eject the installation media from it so at this point I'm just waiting for Alice the next server to finish installing after this one finishes I mean I'm gonna go to Zeus and then do the same thing install Server 2016 there so I'll kind of pause this for now so you don't have to just watch it installing so it looks like second server completed so password one capital P and I will eject the disk from here input keyboard control at delete and then login after one and then we have one more server to setup so I'll go ahead and start this guy we're gonna choose because we ejected the server ISO so I'll put it in here and I'll start this guy and this Windows installation deal is gonna start up and our Windows 10 box finished as well so we'll just kind of go through this or finish this set up at the same time and I'm gonna skip this for now that Network because it's it's on like an internal like Network no this is the final server setup I'm just going to next next next on this guy he was gonna be using this PC we'll just this is like a mock school network so I'll just name the user student no password and back to the server setup desktop experience agree custom and don't know we don't need to use Cortana Cortana I'm just gonna turn all these off this will take a little bit of time pause it again okay so this guy finished installing Server 2016 so give him the same password is the other ones the input keyboard ctrl Alt Delete and we'll login cool so now fix this sorry so now we have four computers completed we have Thor which is the domain controller we have our client computer all the road 101 computer number one we have our DHCP server named Atlas and then we have our file server name is Zeus and if we go to this guy we back to the Oracle VM manager we can see all of our servers here so at this point we just have three servers and one client OS and they're all blank they don't have a name they don't have a proper name no IP address or any of that so back to our topology here I'm going to zoom in here so I'm gonna work on the domain controller first so first thing I want to do is I want to give it a proper name and proper IP addressing so we'll go to Thor down here yeah why not and it I always forget to name my servers because I always name the VM right and it says Thor but actually this isn't the actual computer's name yet until you name it for real so we'll go this is our thorium so an easy way we can right click the start menu and go to system and then here's the name of it it's has some crazy name here so we'll click sorry click change settings and then we'll click change here and then computer name we're just going to name a Thor this is gonna be our domain controller say ok ok say close and we'll restart and this should go should go pretty quick I guess we can maybe I'll do it one at a time so I don't like confuse you too much so we named our D so we got this out of the way we named it input keyboard control up delete password 1 and I'll go command prompt and I can say like Who am I oh that's yeah I guess you can see it here Thor administrator or you can say host name says Thor right so we know we named it and next I'm going to go to run and we're gonna change the IP addressing I like to do this way so it's faster you can type NCPA dot Cpl and it goes like straight to the network adapter and you'll remember we gave this particular virtual machine to Nix one is internal and one is external connected to like our actual physical network and you're like oh which one is it you can right-click one of them and say status and then details and you can say this one has an IP address already it got one from like our home like the actual physical router so or you know our home modem or whatever you want to call it so I realize this is the one that's connected to the Internet so I'm just gonna rename this and then I'll already MIT like Internet so it's like really obvious and then this one I'm gonna rename to internal so I'm not I don't get confused later so we're gonna assign our IP addressing to this internal adapter so we'll go to properties ipv4 and for IP addressing we decided to use this IP address it can be anything but this is just how I designed this network so you can experiment if you want but I'm gonna use 10 0 0 1 0 1 I wrote it up here also just so we can like you know see it mask 255.255.255.0 and we're not gonna have a gateway because this server Thor the domain controller is gonna function as the gateway for the other computers eventually and DNS because this is a domain controller it's gonna be running Active Directory integrated DNS we're gonna point the DNS to itself so you'll remember our one 27001 is the loopback address I could just as well put it like 10.0 to 0 that 101 because these will both resolve to the same thing it just means like myself so we'll say ok say ok and we can close this and so just to give you a look at this again real quick means you mount this is the domain controller it's gonna serve as the Gateway for all these computers they're gonna go through the domain controller and go to the Internet that's why we didn't assign the Gateway because it it is the gateway zoom back in a little bit so we're going to since this is going to be the domain controller we're gonna we're gonna create a domain so to do that we have to install Active Directory domain services so we'll go back to Thor here and we'll go to manage add roles and features next next and this is that's weird I guess this didn't update let me let me just add it it'll be fine so this will say next and we're gonna do Active Directory domain services just add all features next next next and then finish and this will take a little bit so I'll pause it okay so a DDS Active Directory domain sources finished installing so I'll say close to this and then you'll notice this flag up here with this exclamation point we can click this and then we can say promote this server to a domain controller and then we're gonna add a brand new forest and here I said I wanted the new force to be this domain name this is what the school like if you go login at the library or something or like Alderwood lab all those computers are on this domain so I'm just gonna copy it so you can the copy like a real world domain so I'm gonna name ACS that's academic Computer Services EDC C dot C T C is Community and Technical College's and then the idea a CSD DC see that CT see that edu is our domain name it's it's very long but it's a real one so I'll say next and directory services restore mode password just oh no what did I do we're not going to use this because it's just a lab but just use capital P password one next next just next next next all the way through next next if you want to for some reason this will automate the whole like creation of your domain if you want to save it but we don't need to just say next it's gonna do like a prereq check and probably warn us about something but that's okay sounds good all these errors you can care about them or not and just say install and then it will install Active Directory domain services and this this part takes kind of a while so I'll pause this again so it automatically restarted the domain got promoted now it's running a domain usually the first restart after you install domain controller like takes forever like even my computer's like pretty fast somehow it manages to like take a long time so I'm just gonna pause it again okay so it finished and restarted so we'll go to input troll login to our our new domain controller and now you'll notice this like ACS backslash administrator this means like we're logging in with domain domain credentials now so our password is still password password one cool so now we have our domain up so which means we have Active Directory and DNS and all that good stuff so instead of using like the default administrator account I'm gonna create my own like domain admin account so you can go to tools here and then go to Active Directory users and computers or you can go to start and run and do DES DSA MSc I think this is like directory services agent or something like this anyway it opens Active Directory users and computers and so I just want to create like my own like domain admin account without having to use like the built-in one so I'm just gonna make like a new oh you for now in an organizational unit and I'll just name it admins I'm gonna put that account inside of here so I'll say new account or user I guess and I'm just gonna name it Josh my login name is just gonna be Josh you can do you know your own name if you want password capital P password one I'm gonna uncheck this and then password never expires just for the lab because I don't want to deal with that well so I finished and then now we have our account I'm just gonna add it to some groups so the account was like really powerful so sorry I'll go to the account and properties and member of then ad then I'm gonna add it to domain admins Enterprise admins and schema schema admins just so I can you know I don't have to come back and like add it to like a group or something I can just have like you know a super strong account just apply and okay what do we have to do here so I'll come back and create like the other accounts and like random folders and stuff later so now now we have like our domain basically set up so I'm just gonna I'm just gonna log out of the domain controller for now and then I'm going to go to the other servers and I'm gonna for example I'm gonna go to our DHCP server and I'm gonna name it give it an IP address IP address saying I'm gonna join it to the domain and then I'm gonna set up DHCP on it real quick so our DHCP server we can find it down here Atlas so here we are and first thing I'll just give it an IP address first so I'll go to I'll do it differently this time you can go here right click this like network icon and open network and sharing Center and then I can say change adapter settings and then all of these are internal so I don't need to label them just go to properties and we decided for IP addressing for Atlas we're going to use 10.0.0.0 2 2 5 5 0 and the default gateway you'll notice is 1000 101 which is the actual the domain controllers IP address because remember the domain controller is going to act as the default gateway so we're configuring Atlas right here and it's going to use the DC as a default gateway to get to the Internet if that makes sense so I'll zoom back in here so here we are default gateway 10.0.0.0 1 and then the DNS server is going to be the domain controllers IP address because it's running integrated ad integrated DNS so we'll put the domain controllers IP address 10.0.0.0 1 we'll say ok ok and just say yes I suppose and then we're gonna change the name for this remember because it we didn't change the name yet we only named the VM so we'll right click start menu go to system and the name some crazy so we'll go to change settings and change and we're gonna name it Atlas and then we're also gonna join the domain at the same time and because we did IP addressing first we should be able to use DNS and find the domain controller so our domain remember it's a CSD DCCC that's UTC that edu and we might be able to just get away with typing just a CS and okay yes in if for some reason yours doesn't work just use the whole fully qualified domain name like a CSI ADC see that CT see that edu and if it says cannot find like blah blah blah cannot join the domain probably something is wrong with your IP addressing or your network adapter so just make sure that is so it's asking for a username that you want to use to join this computer to the domain that's allowed to do it so we created a domain admin already I just called it my my own name if you if you if you're still using the administrator name you can use that but I made it I made a domain admin and my password was password one so we'll say ok it should let us join sometimes I get like an error but it joins anyway but we'll we'll see what happens here I feel like taking abnormally long bouts deposit maybe I won't okay so a couple seconds later it looks like it worked welcome to the ACS domain okay okay so they close and then restart and then I'll just go through I'll go to the file server and do the exact same thing pal server's name is Zeus so we'll go to the file server here also Zeus Zeus and then we'll do the IP addressing again I'll do it this way and CP a dot CP L and the property is IP address for Zeus we decided tend gosh 10.0.0.0 three to five two five two five zero default gateway again that's the domain controller we use we're going to use it as the default gateway ultimately so 10.0.0.0 no one is a domain controllers IP address for DNS we're also going to use the domain controller because it's running DNS zero 10.0.0.0 a yes and then now we're gonna name this computer so we'll right click start menu and we'll go to a system and computer name change settings change and this is the file server named Zeus we'll name is Zeus we're gonna join the domain gonna join ACS and as long as our IP addressing is squared away in our network adapter you squared away they're both internal we should be able to join so last time I used my domain admin so I'm gonna use the built-in administrator this time just just to show that it probably works administrator and then capital P password one will try to join this guy alright welcome to the ACS domain okay okay okay then we can restart and let's go back to DHCP real quick so now atlas our DHCP server this this guy is on the domain now it restarted it's on the domain so now I'm just gonna set up the DHCP server so our client computer can get an address so I will log in to this guy input keyboard control delete and instead of using the built-in administrator account I'm gonna go down to other user and then see how it says sign in to ACS so I'm gonna use a domain account now I'm gonna use my domain admin account I made it's an enterprise admin as well so I'll log in with capital P password one should be pretty quick and now we're going to install the DHCP role and create a DHCP scope so our client can get an IP address so we'll go to manage add roles and features next next and this computer Atlas next server roles we want to install DHCP next next install this shouldn't take that long we're gonna pause it anyway okay the DHCP role finished so we're gonna say close and we'll go to this flag again incomplete DHCP configuration we'll click this and next and you have to you have to authorize the DHCP server to like let it turn on I guess and start issuing addresses and I I think you need an enterprise admin account to do it I think but I added this account to domain admin and anti price admin so it should work so I'll just say like commit and it looks like it's done so we'll say close now we can go to tools and then DHCP and then we can start making our scopes so I'm gonna maximize this and then we have ipv4 so I'm gonna right click this and say new scope so next and I'm just gonna name the scope since our range is like 1000 200 to 250 I'm just gonna I think I can name it that just it's a lame name but 215 next starting address is 1000 about 200 ending out of 1000 250 the length will be a 24-bit mask or 255 255 - we'll say next and I don't want to do any exclusions least duration you can you know 8 days it's fine or if you want it to be like 8 hours you can do that too it doesn't matter I want to configure options because I want to configure like DNS and the Gateway and stuff so a router is the default gateway so we decided we want to use over here 1000 101 for the gateway which is the the domain controller because that's going to be acting as our gateway eventually so we'll do 10 dot 0 dot 0 dot 1 0 1 add next DNS it already has it in here the domain name say next wins is old we're not going to use that and yes I want to activate the scope and we'll say finish and so now at this point we have our DHCP servers up a DHCP role is installed and the scope is active and it should be issuing IP addresses automatically so from here our DHCP server should be totally done and we shouldn't have to touch it anymore so I'm just gonna minimize this guy and then I'm going to go to our Alderwood 101 computer it's running its IP address is set to use like DHCP so I'm gonna just verify that that's working and then I'm gonna join it to the domain if it's working so we'll go down here to client all the road 101 and it looks like this thing popped up so it looks like that we actually did get an IP address so we'll say also yes to this and then I'll just open the PowerShell works you and I can say IP config and then we can see sure enough 1000 200 our gateway and everything got set so then we can see write our lease time it started like 1 min ago so right when we activated the scope this computer was able to grab an IP address and get on the network so now all we have to do is name it and then join it to the domain so I'll right click start and go to system and I don't like this one I think I can like scroll down and say system info oh this is better so I scroll down we went to system info and then here we can just join it to the domain has this crazy name still so we're just gonna say change settings and then change and we'll name it all the word 101 that's room 101 computer oh 1 and then we're going to join ACS domain IP addressing is setup DNS is setup so it should just be able to contact the domain controller it does we'll just use our domain admin credentials password 1 and we're gonna join this guy to the domain looks like we we joined say ok ok say close restart and once this guy restarts it's gonna have his name her name whatever it's computer his name is gonna be set and it's gonna be on the domain and I can't remember if I joined the file server or not so let me let me go to file server Zeus and the login to this guy so we'll say input keyboard control-alt-delete and yes it looks like we joined this computer to the domain so I'll just I'm just gonna log in with my oops with my domain admin for now password password 1 and login and let's take a look at what we've done so far so pretty much we've done this whole whole DHCP server is finished we joined the client to the domain and but I don't believe I did this part so I'm gonna simulate it at school like when you log into the library with your student ID you have like you have an S Drive where you can like put your documents and you can log into like any computer on campus and then you still have those documents in that s Drive so I'm gonna kind of simulate that so I can give kind of a some kind of idea how that works so we're going to go to the file server Zeus so we'll go to the file server and we're gonna create a folder called on the root of C called profile so we'll go to explore here and we'll go to C Drive and we're gonna create a folder called profile alright and then we're gonna share it out sharing advanced sharing hopefully I don't mess this up and we're gonna name we're gonna name it profile dollar sign and when you do the dollar sign this makes it so the the share is like hidden by default you won't be able to see it so we'll go to I'm just gonna I'll just do this full slow control so for permissions sorry I got like ahead of myself so share name profile dollar sign for permissions I'm just gonna say domain users domain users have full control maybe you you wouldn't want to do this in real life but I'm just gonna do it to make sure like stuff works for the lab so I'll say full control I'll say apply okay apply okay and then close and then just to like test it I'm gonna log into our our client has already logged in the Alderwood computer so I'm just gonna go to that real quick and I'm gonna log in this is the local account I'm gonna go to other user and say like I'm gonna log in with my domain account hopefully this like just goes oh my gosh it's doing this alright hold on okay so it finally logged in so I just want to test the share to like make sure it's like there I guess and make sure it's invisible so we created it on the file server Zeus so I should be able to go like slash slashes you since I enter and it opens this thing and it's like oh it's empty there's no shares that's because we we named it profile with and the dollar sign like automatically makes it so it's hidden so if I say enter I can go to it and it goes to the share but it just so happens to be empty but that's that's fine we haven't put anything in it yet so we'll close this I'm just gonna log out of this client computer so now our file server is done and we created the folder named a profile we gave the users full control so now our file server is done all this is done and all of this is done so I'm gonna go to the domain controller and I'm going to create some student accounts and I'm gonna make the students like home folder point to that share we created not should make more sense when we start doing it so we'll go back to Thor down here is Thor so our domain controller I'll go input log in control delete and I'll log in I'll log in with my my domain admins my own account password one and we're gonna open up Active Directory users and computers it's my habit to like do this because it's faster but you can you can go tools Active Directory users and computers and it's a good way so we made it a know you called admins I'm just gonna make another oh you called students so it's like more organized I guess new I'll say new organizational user users and I'd like to this is just my habit I put like an under underscore underneath my OU's so [Music] kind of like the stuff I created it is separate from the stuff that's built in just for my labs I like to do that so I'm gonna create a student here so I'll say new new user and I'll say Matt Josh madacorp and all I'll give it my student ID number like Edmunds so I'll pretend it's like an actual student so you can you can use your student ID number here just as well this is mine password password one password one I'll do this so I don't have to deal with like you know resetting the password I'll say next finished and so my student account is here now so I'm gonna right click it and go back to properties and then under a profile I think this is how you do it so our our share remember was in it was slash slash use profile this is the share that we made and I want my profile to be in here but to have my own like user name as the folder so I believe gosh I think it's this I think it's percent username percent well we'll figure it out if it's not so the the share and then the name of the folder and then connect s2 I believe this is correct I believe we'll we'll figure out if it's not so we'll say apply to this so remember I created this account the username is nine point five two six two three three three and then you picked whatever your password was profile path is this is the share we created oh and then that % username % automatically turned into like the username right and then it's gonna connect the S Drive to this chair so we'll say okay and then let's we can test this by going back to our client and we will log in but we're gonna login with our students that we created so that's 9 5 2 6 2 3 3 3 is mine whatever yours is capital P password 1 enter hopefully of course when is 10 I think there's a way to disable this like weird screen like every time you login for the first time it shows this like thing that I didn't do that of course so here it is alright okay so now we logged in so we'll go to Explorer I hope it worked it looked like it did so we went to Explorer and then automatically our our s drive is mapped so what when you log in at school you'll see like exactly this you'll see like your student ID and then Zeus and profile and now you have like kind of a better intuition of like where that came from like how its configured and you can put your own documents in here like I don't know like English 101 like essay written in notepad oh it's a date six-six oh my god my number lock I'm wasting time six six my num lock doesn't work that way so like 10 seconds doing that so we have we created a document here on our s Drive and it's it's here and say I I go back to the file server Zeus and this is the C Drive on Zeus I go to Explorer C Drive remember and then we made this thing called profile and I don't know why this v6 is in here but this that's really odd these folders got created automatically and then you can see like all the students files are in here so if I'm but anyway as you create more students their their profile is automatically created so for example I'll create like one more student I'll go back to the domain controller and I think I think you can right-click a student and say like copy and then you can just like make a new one like 925 I don't know zero zero zero zero zero I'll make this up Timmy his last name is Tommy he has double first names tight password one password one password never expires I'm so next finish and I think we can go to properties and then profile and then automatically because the original username was like percent username percent it automatically like has that in here so we can say okay and then we'll we'll go back to our our Alderwood or our client computer and we'll sign out of my are your profile will say sign out and we'll say other user then we'll login with the one we just made this thing again okay so here we are with our new student will say Explorer and we go to this PC and you can see it automatically automatically mapped this s Drive in this folder here so we can make a new document our 100 final and we can like you know draw pictures this is our final and we can even write we can log out and then if we go back to our file server and we go back to the C Drive and profile again I know what this is but you can see this folder this one was like automatically created and then this dude's document is in here too or oh I guess it's a guy we named it Timmy and so that's pretty much all as far as like the student and like their share and like the general infrastructure is concerned let me zoom out so I can like see what else we want to do here so we finished we finished all of this so when students log in they automatically get their folder mapped and right now okay so right now we don't have access to the Internet so let me let me go back to my client so I can show you this is the Windows 10 I'm just gonna log in with my pretended like a normal student login with my student account I just want to show that like I don't have access to the Internet this should be a giveaway like this like exclamation mark down here but we can open up a command line and peeing like I don't know we can ping the Google's DNS server it shouldn't be able to make it and you can see like we can't we can't browse the internet either so internet doesn't work so what we want to do is we want to set up the domain controller to run at your network out of address translation shall all network address translation so all these computers can route traffic through the domain controller and out to the Internet and back so we want to go on to the domain controller just Thor down here and we're gonna install a role so we'll go to add roles so next next this server and roles will be remote access lead next next and I believe routing is the one we want but it automatically selects that so we'll say next next next finish installing I forget I don't think this one takes that long I'll pause anyway all right so this finished role installation finished we'll say close and I don't remember if I like doing it this way I think I just go to tools and then go to routing in Rome remote access and then you'll go to this guy Thor and we'll right-click and say configure and enable routing we'll say next and we want to setup NAT network address translation we'll say next and I think something something good was wrong with this this happens sometimes like I don't know why let me just like cancel this and let me open it again routing in remote let me try it one more time so you can figure next that okay and now these are like magically here so here you can say this is why I named these earlier remember it says use this public interface to connect to the internet and then we named this one Internet earlier so we wouldn't get confused this is that this thing that's selected right here that represents like this interface right here so use this public interface to the connect to the internet the one we named the Internet so we'll say next and finish and it should start the service and then app should just be like running like all magically like that it's it's super easy okay so that it should be up that should be up so we'll go back to our client this is our client computer running Windows 10 I'll try to ping again it should it should work and yeah it surprised like we can get to the internet now so we should be able to like browse google and like do like whatever we want even on like our VMs and all of our traffic is so we're up here on old 101 so traffic's being routed through like the internal switch and we set our default gateway to the domain controller so this is sending traffic here to the domain controller the domain controller setup to run NAT so automatically Nats your traffic and sends it out to the internet and then goes like to do like this back and forth and any of these computers can now get on the internet since we set up NAT so I'll go to like for example the DHCP server which is Atlas input keyboard ctrl delete and I'll log in with my the main user and I'm gonna open up server manager you can go start on a server manager and go to local server I'm just gonna turn off this ie enhance security configuration if you don't turn off it's like really annoying to browse the internet on a server so I turn that off and you can see the icon it's like ok here I have internet access but I'm just gonna browse the internet anyway just to show you and Here I am I can browse you know on all my VMs I can get Windows updates browsing in area I do like anything so that's cool so we have Nass setup and all this stuff over here setup there's just like a few extra things like we can do like you know just - just for display or like like I don't know what's the word I'm looking for just to show you can do stuff I guess so we did this we created a domain account for ourselves we created a couple of students accounts gave them a home folder on s that uses s we did this recruiter to share let's create let's create an oh you and active directory name servers and put all the servers in there and then let's create one named clients and put all the clients in there just to kind of you know maybe show how a real environment might be set up so we'll go back to the domain controller here and then we'll go back to Active Directory users and computers if you again you can go to tools Active Directory users and computers I just happen to have it open so I'll right click the domain root new organizational unit and we'll say clients and we'll put all the windows like Windows 7 and Windows 10 computers in here we only have Windows 10 we have one Windows 10 and when we join computers to the domain they automatically get put in this computers container so we'll just take this Windows 10 client we'll just drag into clients say yes we'll make another oh you organizational unit we'll name it servers and just kind of like organizer environment a little bit go back to the computers container and we can pull these guys in here yeah and we can refresh this so they're all nice and nice and tidy our admins client computer servers and the two students we made right it's nice and nice and organized and I guess we can we can create a startup script you can put like anything in the startup script it kind of when people log in to the computer like whatever's in the script is going to run so I'll just kind of show you how you can do that let's go to I don't know we can go to it doesn't matter the DHCP server I guess and let's create it here let's open notepad and then we'll run it as administrator and then we'll save this we'll say save as and we'll put it in so the domain controllers Thor and then net logon is where the startup scripts go and then we'll make a VB script so we'll say file type all file types and we'll just name it like startup dot VBS this is our startup script startup that VBS will say save and then oh my gosh I think it's W script echo welcome to ACS so whenever whenever people log in this is gonna run so we'll just save that and to show you what it looks like also go to run I'll just go to like Thor and then throw a net log on it's like this folders like automatically created when you build a domain I guess and here's the thing I just saved so I'll just double click it when when users log in we'll say welcome to ACS well we have to set this first so we'll say okay close this this is our script so well we'll go back to the domain controller and I'll just set it for like my student account I'll go to properties and profile and logon script I forgot what I named already hold on start it okay startup VBS yes and well it will automatically look in this net logon folder so I named it startup that VBS so whenever this particular user logs in this startup VBS like script will run so I'll say apply and ok and this is my student right so I'm just gonna go test it I'll go to the client I'll log out of here you can do this just an FYI log off that yuxi i will input keyboard and my student nine four five two six two three three three password one and it should hopefully it doesn't have to like refresh okay so here so whatever you put in the script one if it's assigned to that user like the script will run when they login and you can put interesting things in here like if you want to create a folder on the desktop or you want to map a different drive or you want to delete stuff or you want to install something you can put like anything on the startup script in whenever that particular users who are assigned that script when they log in the script will run and this is just kind of like a demonstration of that so so we we did this we created a startup script and we demonstrated it and group policy so you can you can create some group policies too dang it I forget how to do this I have to like google it but that's okay we can we can do that so I want to create a group policy that allows us to use like remote desktop to connect to computers for example I'm logged into my client Windows 10 computer right now so I want to be able to like open remote desktop and login to I don't know Zeus for example and I don't think I can do that like right off the bat so we need to create like a configuration that will allow us to do it like you you can go to like the individual computer and do it so for example if I go to Zeus trying to figure out oh it's right control and delete its control control so a login password 1 and if I want to do on like the individual computer I can right click the Start menu and go to a like system and then I can go to remote settings and I can say allow remote connection to this computer I can say select users and I can I can do something crazy like I don't know domain users and just light like anyone be able to log into it this should work this is use right and I can say like Connect and now now I can log into it but so for example and connect takes over this desktop now I'm in Zeus so let me let me just get out of here but if you want to like apply it to all your computers at the same time you can use what's called group policy to do it so I'll go to the domain controller you can do a lot of stuff into your policy not not only that but I'm gonna I'm gonna go to the domain controller and I'm just gonna I'll just open up group policy for now you can go to tools and then somewhere group policy management and you can expand this out and this is the this is your domain and you can say like create a group policy object and link it here so I'm going to do that and I'm gonna name [Music] allow remote desktop something like this and then I'll right-click this allow remote desktop and I'll say edit and then this window opens and then we can choose the policies we want to apply but I forget how to do that so let me just google it so I'll say group policy allow remote I hope nothing weird showed up how to enable policy this looks promising I don't think that's what I wanted I think this looks more I think this is what we want so it's computer configuration policies administrative templates so computer for computer configuration policies administrative templates windows components Remote Desktop Services windows components Remote Desktop Services Remote Desktop Services Remote Desktop session host remote desktop session host man getting deep their connections allow users to connect remotely by using desktop services allow or allow users to connect remotely ok so maybe maybe this is what we want so I'll enable this and what I feel like I should be able to like specify like which users I feel like this maybe it's not the right one but perhaps I don't know if this doesn't work you can like do your own googling and like figure out how to do it wait let me let me just look at like this one that's weird anyway also enable lists and see if it works so I'll close that allow I'll put this on the root of the domain and I will go to should I go I'll try it I'll go to the DHCP server and I'll open command line is admin and I will do gpupdate this doesn't work sorry but maybe you get the idea of like you know how you could enable it if it if this doesn't work so I'll say GP result are to kind of see what a policies have been applied computer settings applied group policies allow remote desktop so we should be able to like remote into Atlas hopefully I don't know I'll try it so I'll go back to our client and I will do you can type like remote and you can get that or you can type like MS CSC Microsoft Terminal Services client you can open this and say Alice I don't know if that's gonna work it looks like it looks like it's not working there's a way there's a way in group policy to like you know enable you know automatically enabled utila clog into like all the computers I just need to like find where it is but you can you can google it and kind of find it out and I want to do one more the group policies like disable the firewall so for example like disable firewall policy it's not necessarily like good to like just disable like the whole like Windows Firewall but sometimes like I do it in my lab if I'm trying to set up like some software and I just want it to like get out of the way so it looks like it's in C I'll make another one of these create a group policy so I'll just watch this one link doesn't work either edit computer configuration oh this is the this is the local one but maybe it's in here window settings maybe I went to the wrong one polishes window settings security settings Windows Firewall Windows Firewall and then you can go to properties here and you can just like turn all these off off off off okay right so we'll close this guy so we have this disable firewall thing now so I'll just go back to like the client and we'll check this out let me open the command line oh I'm just a mere student whatever open a command line just use your like domain admin - I like for set to open and say I'll say WF to MSC this opens like Windows Firewall and you can see like it's on right firewall on on on so we're gonna do like gpupdate GP update so it should like refresh the group policy and that's like turned off just when I refreshed it it automatically turned off I can I can see it here but we'll go back we'll do WF to MSE Windows Firewall and then you can see it's off off off everywhere it should have taken place like all over the place so if I if I go to Alice for example this we're gonna add it's like it's distracting me so if I go to Alice Alice here and I say WF to MSC Windows Firewall see it's on so I'll say gpupdate G P update you can do for us - I don't really know what the difference is to be honest I guess this force isn't obviously a bit like I don't know why the other one wouldn't so we applied gue policy so if we look at the firewall again that's probably it should be off off off off yes and if we don't do this it'll automatically like push out every like 90 minutes or so there's some like random interval so that's pretty much all there is to it for like a basic lab setup you can you can do all kinds of group policy you can like set up another server if you want and like practice IPAM you can set up I don't know DFS if you want you can do all kinds of crazy things but this is like kind of the base lab setup with like your domain controller and NAT on so you can get to the Internet DHCP server file server clients this is like pretty much the basic thing and if you're like really unfamiliar with the process you're like oh my god like I don't know like what we just did like try to like build this lab like over and over and over again it helps if you have an SSD to be honest like a fast hard drive and like enough RAM but I'll build a slob like over and over and over like I don't know honey how many times I've done this just to like test off on my own must it must be like a hundred times or more to be honest just to like test like random things but just keep practicing building it until you can just like bust this out without having to like look at like a diagram like see if you can build all the servers and like name them IP address like domain controller like setup NAT like if you can like do this like all without looking at the instructions you like watching the video like I think it puts you in like a pretty decent place we have like a decent intuition of like how stuff works and it I don't know I feel like after doing it so many times like building so many labs I tend to feel more comfortable but anyway I hope this was useful and see you later I suppose

Info

Channel: Josh Madakor - Cybersecurity and I.T. Career Advice

Views: 9,935

Rating: 5 out of 5

Keywords: Oracle VirtualBox, Active Directory, Group Policy, Home Lab, Home Lab Setup, Tutorial, Walkthrough

Id: swlIC6jKBRs

Channel Id: undefined

Length: 75min 19sec (4519 seconds)

Published: Thu Jun 06 2019