One Last Section!
In addition to joining our Windows Client machines to the domain, there are just a few more steps we need to do after the machines are on the Domain:
- Join Our Machines to the domain
- Add a LOCAL Administrator account to each Client
- Add DOMAIN Administrator account(s) to each Client
- Turn on Network Discovery
- Map “hackme” as a Network Drive to Spiderman.
Joining Our Machines to the Domain
I am only going to demonstrate this process on one of the VMs.
- Follow along and repeat this process on any other clients you want to join to the domain.
Log into one of the VMs using the template credentials we created earlier.
- Start Menu > Search This PC > Right-click > choose Properties
Go to Advanced System Settings
Click on Computer Name
- Note: We had previously named the computer already
- Click Change
Click More
Set the DNS suffix to match your domain forest.
- Uncheck the box
- Change the computer name if you missed this step in the last post
- Click OK
Back on the previous panel
- Choose Member of domain and set it to your domain forest ie. MARVEL.local
You will get a prompt.
- Enter the domain admin credentials
- Administrator@MARVEL.local:P@$$w0rd!
Success!
You can reboot the VM, and can login with any of the Domain accounts too.
Repeat the process for the other Windows 10 client.
Add Local Administrators to Windows Clients
Log in to THEPUNISHER as MARVEL\administrator
- The first time you log in may take a few minutes
Search “Users” > Edit local users and groups > Users
You see a local Administrator account, that has not been activated (see the symbol)
- frankcastle: this is NOT the Domain fcastle account
- Template: used to set up initial Template
Enable the local Administrator account
- Right-click > Set Password > Proceed > Password1!
- Right-click > Properties > Uncheck “Account is disabled”
- Best Practice: This local administrator account SHOULD NOT be enabled, but this is a common occurrence in production environments
Add MARVEL\fcastle to Administrator Group
Local Users and Groups > Groups > Administrators (Local)
- See who are members of this group
- frankcastle is a member
- Add MARVEL\fcastle and MARVEL\Administrator
Double-click Administrators > Add > Enter “fcastle” > Check Names > OK > Apply
- repeat to add MARVEL\administrator
Make sure you have Applied these changes. Check final list of Administrators:
Turn on Network Discovery
File Explorer > Network > OK
Click to Change > Turn on network discovery and file sharing
- Should see HYDRA-DC
NOTE: This did not automatically find HYDRA-DC; however, if you manually enter the unc (universal naming convention paths, used to access network resources) path name: *\HYDRA-DC* it will become visible
- The format is: *\<server or hostname<path or sharename>*
Complete Settings on SPIDERMAN
Add Local Users and Groups (Local)
Login as a Domain Administrator
- Users - Administrator: Set Password, Enable account Use identical password for both machines
- Groups: Add pparker and fcastle and MARVEL\administrator
NOTE:
- SPIDERMAN has pparker AND fcastle (domain users) as LOCAL administrators
- THEPUNISHER only has fcastle (domain user) as a LOCAL administrator
Turn on Network Discovery
- Check can see HYDRA-DC
Enable hackme as a shared drive for LOCAL accounts
Currently, “hackme” can be seen if a Domain user is logged in
- We want this accessible for a Local account - bad idea, but it happens
Log in as a a LOCAL user, not into the domain
- .\peterparker:Password1
- This PC > Computer > Map network drive
Map the “hackme” folder:
-
Folder: \HYDRA-DC\hackme
-
Enable “Connect using different credentials” - remember, we logged in as a Local user, that does not have access to the Domain or DC - we will have to use Domain Admin credentials to enable access to “hackme”
-
Enter credentials for a DOMAIN administrator account
-
Remember my credentials
And now you will see “hackme” as a mapped network drive.
Congratulations, you now have your own Active Directory Domain!
You now have a small but functional Active Directory Forest with a Domain Controller and two Windows 10 Enterprise clients.
If the VMs seem a little sluggish, you should probably increase the RAM on the VMs. Other than that, you are now ready for the next phase of your adventures.