Servers & Devices

Setting up Active Directory and User machines:

Windows Server 2022

Windows Server 2022

Proxmox VM Set Up

Install Files

To start, you'll need to download some files. The 2 files you need are the Server ISO and the VirtIO Driver. You can download the latest stable release at the link below:

When configuring your VM use the following settings to ensure you're VM can boot correctly:

OS Configs

image.png

System Configs

image.png

Disk Configs

image.png

CPU Configs

image.png

Memory Configs

image.png

VM Hardware

Once created, select your VM and navigate to the hardware section. Select Add, and add CD/DVD device. Here, you'll add the VirtIO driver. I've already added it, so you'll see 2 CD/DVD Drives.

image.png

Installation

Start your VM to begin installation and navigate into the console section of your VM. Select defaults as desired. Once the installer reaches installation type, select Custom:

image.png

Here, you'll load the VirtIO driver:

image.png

Select Browse, then select the following:

Select the Red Hat VirtIO SCSI Controller, then click next:

image.png

Once installed, it will ask you what disk you'd like to use. Select the Disk and then continue the install. Once the device reboots, you'll be prompted to enter an admin password, then you should arrive at the following screen:

image.png

Final Steps

The last thing you'll need to do is install the VirtIO win-guest tools and then remove boot drives attached to the VM to ensure proper installation. 

Next, remove the CD Drive for VirtIO from the Hardware section of your VM in Proxmox, and then configure the Server ISO CD/Drive to "Do not use any media":

image.png

Your installation of Windows Server is now complete!

image.png

Windows Server 2022

Setting Up Server as Active Directory Domain Controller

Keeping it simple, select install Active Directory Domain Services and DNS Server, via Manage ---> Add Roles and Features.

After installation, promote your Windows server to a Domain Controller :

image.png

A Deployment Configuration Wizard screen will pop-up. This step is important to properly setting up active directory services! Select Add a new Forest to begin the configuration wizard:

image.png

image.png

If you're setting this up in a test environment, you'll likely see the following warning pop-up. For our purposes, this is okay:

image.png

Click through Additional Options, Paths, and Review Options to get to the prerequisite checks:

image.png

image.png

Useful Tips:

Windows Users "Employees"

Windows Users "Employees"

Proxmox VMs for Users

Use, the following configurations to set up VMs for Windows 11 on Proxmox...

Name your machine, then move on to Operating System:

image.png

image.png

Next, configure Disks:

image.png

After configuring your CPU and Memory, configure your network as follows:

image.png

You can now boot up the machine. You should see the default Windows Installer Pop Up:

image.png

Select "I don't have a product key" and walk through the default setup. Once you reach the Installation Type, select Custom Install, then Load Driver:

image.png

Select "Browse":

image.png

Select your VirtIO CD ---> amd64 ---> w11:

image.png

Install the RedHat driver:

image.png

Continue through the set up and create a User for this machine. I'll be creating 4 VMs total, and this one will be User2. 

When setting up your machine, you'll be asked to connect to the network. To bypass this enter the following in CMD prompt:

image.png

image.png

Almost Done! Let your Device Finish Setting Up and then log in and open up File Explorer. Select your VirtIO drive and run the installer to install all components:

image.png

image.png

After finishing the install, you should now be connected to the internet. To verify this, navigate to your router (OPNsense in my case) and check to see if your computer is being assigned an IP.

image.png

Windows Users "Employees"

DNS Configurations

After setting up your VM and installing Windows 11 Pro, you'll need to configure some DNS routing to make sure your VMs can reach your Domain Controller. I've done this via my OPNsense router and I'll be using "User 2" to demonstrate, Windows 11 Pro VM I've set up. To do this, I configured DNS leases for the VMs via the web GUI as follows:

Navigate to Services ---> ISC DHCPv4 ---> Leases and find the IP of your Windows 11 Pro VM:

image.png

Next, select the "+" icon to add a static mapping:

image.png

To assign a static IP, enter the IP in the IP Address box:

image.png

Save and Apply Changes. You should know see the IP Assignment type change to "Static":

image.png

You may  note that there are now 2 listings for the same device. We now need to change the Adapter settings on the VM. To do this, navigate to Settings --> Network & Internet ---> Advanced Network Settings. Select "Edit" next to More Adapter Options:

image.png

Select IPv4 Properties, and assign it the static IP. We'll also assign it the DNS of Domain Controller we set up earlier. My Domain Controller is at 192.168.2.100, so I'll change properties accordingly:

image.png

After making these changes, you'll see only one assignment for this VM's mac address, a static one:

image.png

You're now ready to add it to your workgroup. Check the next page for how to add it! 

Windows Users "Employees"

Adding Users

With everything configured properly, you should now be able to join your User VM to the Domain/Workgroup. To do this, navigate to Settings ---> About ---> Domain or workgroup in your Windows Settings:

image.png

Select Change and enter your Domain details. You will be prompted to enter admin credentials. Use your server admin credentials:

image.png

If successfully done, you should receive the following Welcome screen:

image.png

Repeat this on your other "Employee VMs" and you're all set!

Active Directory - User Creation

First, lets confirm we've successfully added the Employee VMs to the domain. Navigate to Windows Administrative Tools ---> Active Directory Users and Computers ---> your domain ---> Computers:

image.png

Navigate to Users and right click and select New ---> User

image.png

Create a User. I'll create 4 Users in the following manner:

image.png

The following screen will ask you to make a password. Here, you can set initial password policies. These can be configured now, or changed later:

image.png

For simplicity, I'm going to keep the log in credentials as follows:

Your User Object will be created:

image.png

My 4 Users:

image.png

Test

Now, lets see if it worked! Start one of your Employee VMs and try to log in:

image.png

image.png

Active Directory - Structuring and Group Creation

To get started, I'm going to create an Organizational Unit called "TheCompany". Here, we'll store our Users and Security Groups:

image.png

The I've made 2 security groups: Sales and Marketing

 

image.png

Marketing SG Properties:

image.png

Sales SG Properties:

image.png

Next, I'll load 2 drives, 1 for each SG and set permissions so that only members of each security group can see the relevant shared drive for the group. This will be help set up baselines for when I attempt pentesting to simulate malicious insider threats.