Proj 16: Windows 2016 Server Virtual Machine (15 pts)

What You Need for This Project

Task 1: Installing a Fresh Windows Server 2016 Virtual Machine

Downloading the Installer ISO File (180-day Evaluation)

In a Web browser, go here:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016

Click "Register to continue".

Fill in name, email address, etc., and click Continue.

Click ISO, as shown below.

Click Continue.

Select English.

It's a 7 GB download.

The file name is "14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO"

Installing Windows

Start VMware Player. Click Player, File, "New Virtual Machine...", as shown below.

In the "Welcome to the New Virtual Machine Wizard" screen, click the "I will install the operating system later." button, as shown below.

Click Next.

In the "Select a Guest Operating System" box, select "Microsoft Windows" and "Windows Server 2016", as shown below.

Click Next.

In the "Name the Virtual Machine" box, enter a Virtual machine name of Win16-YOURNAME, replacing "YOURNAME" with your own name, as shown below.

Click the Browse... button and navigate to the VMs drive and the folder with your name on it.

DO NOT SAVE VIRTUAL MACHINES ON THE C: DRIVE IN S214

Click Next.

In the "Specify Disk Capacity" box, accept the default options, as shown below, and click Next.

In the "Ready to Create Virtual Machine" box, click the "Customize Hardware..." button, as shown below.

In the "Hardware" box, on the left side, click "New CD/DVD". On the right side, click the "Use ISO image file" button.

Click the Browse... button. Navigate to your Downloads folder and double-click the 4393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO file, as shown below.

Click the Close button.

In the "Ready to Create Virtual Machine" box, click the Finish button.

VMware Workstation Player now shows a "Win16-YOURNAME" item on the left side, as shown below.

On the right side, click "Play virtual machine".

If a box pops up titled "Software Updates", click "Remind Me Later".

If a box pops up titled "Removable Devices", click OK.

A "Windows Setup" box appears, as shown below.

Click Next.

On the next screen, click the "Install now" button.

In the "Select the operating system you want to install" box, click "Windows Server 2016 Standard Evaluation (Desktop Experience)", as shown below.

Click Next.

On the next screen, click the "I accept the license terms" box, and click Next.

On the next screen, click "Custom: Install Windows only (Advanced)" box.

In the "Where do you want to install Windows" box, click Next.

Wait a few minutes while Windows installs.

Your virtual machine restarts twice, and you see the box shown below.

Enter these values:

Click Finish

Windows starts, as shown below.

Logging In

In VMware Player, at the top left, click Player, "Send Ctrl+Alt+Del".

At the login screen, enter a password of P@ssw0rd as shown below. Then press Enter.

Adjusting Resolution

If the text in the virtual machine is tiny, and hard to read, do these steps:
  • At the top right of the VMware Workstation Player window, click the red X.
  • A box pops up. Click Suspend button.
  • On your desktop, right-click the "VMware Workstation Player" icon and click Properties.
  • In the "VMware Workstation Player Properties" box, on the Compatibility" tab, click the "Disable display scaling on high DPI settings" box.
  • Click OK.
Then restart VMware Workstation Player and run your VM again. The font should be larger.

Task 2: Lowering Security Settings

Blocking Automatic Updates

Updates are important for security, but for this class we want a vulnerable target machine, so we'll stop them.

On your Windows Server 2016 desktop, in Server Manager, on the top right, click Tools, "Windows PowerShell", as shown below.

In PowerShell, execute this command:

sconfig
A menu appears, as shown below. Enter these values:

After a minute or two, an "Update Settings" box pops up. Click OK.

Disabling IE Enhanced Security Configuration

This setting prevents you from downloading software directly on the server, which is a poor practice.

We want to allow that, so do these steps:

In Server Manager, on right side, find "IE Enhanced Security Configuration". Click the word On next to it, as shown below.

In the "Internet Explorer Enhanced Security Configuration" box, click both Off buttons, as shown below.

Click OK.

Disabling Realtime Protection

Windows Defender is much weaker than commercial antivirus products, but it'll still block some of the attacks we'll use. So we want it turned off.

In Server Manager, on right side, find "Windows Defender". Click the word On next to it, as shown below.

In the "Settings" box, turn off both "Real-time protection" and "Cloud-based protection" buttons, as shown below.

Close the "Settings" box.

Turning Off the Firewall

In Server Manager, on left side, find "Windows Firewall". Click the word On next to it, as shown below.

A "Windows Firewall" box pops up. On the left side, click "Turn Windows Firewall on or off".

In the "Customize Settings" box, click both Off buttons, as shown below.

Click OK.

Close the "Windows Firewall" box.

Lowering DEP Settings

Data Execution Prevention is a powerful defense against buffer overflows, but it stops some old software from running.

On Servers, DEP is enabled by default. This adjustment will lower the security level to the value used on Windows client versions.

On your Windows Server 2016 desktop, at the lower left, right-click the Start button and click System, as shown below.

In the "System" box, on the left side, click "Advanced System Settings".

In the "System Properties" box, click the Advanced tab. In the Performance section, click the Settings... button, as shown below.

In the "Performance Options" box, click the "Data Execution Prevention" tab. Click the "Turn on DEP for essential Windows programs and services only" button, as shown below.

Click OK.

A "System Properties" box pops up. Click OK.

In the "System Properties" box, click OK.

Close all windows. At the lower left, right-click the Start button. Point to "Shut down or sign out" and click Restart, as shown below.

A box pops up asking you to "Choose a reason". Click Continue.

If a screen appears saying there are background tasks running, click "Restart Anyway".

Log in as normal when the server restarts, with the password P@ssw0rd

Installing VMware Tools

VMware tools make it much easier to use the virtual machine.

In your Windows Server 2016 machine, close Server Manager.

In VMware Workstation Player, at the top left, click Player, Manage, "Install VMware Tools...".

If a "Software Updates" box pops up, click the "Download and Install" button.

On your Windows Server 2016 desktop, at the lower left, click the yellow folder icon to open Windows Explorer.

On the left side, click "This PC".

On the right side, double-click the DVD drive containing VMware Tools, as shown below.

An installer starts, as shown below.

Click Next, Next, Install, Finish.

Click Yes to restart now.

Log in as usual. Close Server Manager.

Troubleshooting

When VMware Tools installs, if you are using a Mac host, the desktop may shrink down so the letters are hard to read, as shown below.

To fix that, open VMware Settings, Display, and uncheck "Use full resolution for Retina display".

Downloading VMware Tools

VMware-Tools-10.1.0-core-4449150.zip

Viewing the VMware Tools Service

At the lower right corner of your Windows 2016 desktop, click the upward-pointing arrow to see hidden items.

Right-click the little vm icon. In the context menu, click "About VMwate Tools", as shown below.

A box opens, showing that VMware Tools is installed and running, as shown below.

Recording Your Success

In a Command Prompt window, type in this command and then press the Enter key:
systeminfo
You should see information about your Windows version, as shown below. Find the text that is covered by a gray box in the image below.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Version information (redacted in the image above):

Extending the Trial Period

You won't need to do this for six months, but if you want to extend your trial, here's how to do it.

In Powershell, execute this command to see how many days you have left in your trial:

slmgr -dlv
Execute this command to extend the trial for another 180 days:
slmgr -rearm
You can extend the trial six times, for up to three years.

Posted: 5-17-18
Rearm added 5-22-18
Integrated with Canvas 6-27-18