Proj 12x: Member Server and Group Policy (20 pts. extra credit)

What You Need for this Project

A computer with VMware Player, or some other VMware product installed.
The Domain Controller you made in the previous project

Purpose

To add a Member Server to the domain, and make Sally Smith's domain account a local administrator.

Start your Domain Controller

Start the Domain Controller you made in the previous project.

Your Domain Controller must be running and on the same network as the Member server.

Getting the 7z File

You should already have the Win2012R264.7z file. If you don't, get it here.

Unzipping the File

Using 7-Zip or The Unarchiver, unzip the file. The result is a VMware virtual machine ready to go.

Start the Member Server

Start the newly unzipped Windows Server 2012 VM. This will be your Member Server.

Username: student
Password: P@ssw0rd

Running Sysprep

Since this machine is based on the same image as the Domain Controller, we need to run Sysprep to generate an unique SID.

At the lower left of the desktop, right-click the third icon. Click "Run as Administrator", as shown below.

In the Powershell window, execute this command:

c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /reboot

A "Settings" screen appears, as shown below.

Click Next.

In the next screen, you must enter a Product Key. You can get one from Microsoft Imagine, linked at the top of this page:

https://samsclass.info/

Enter the key and and click Next.

On the next screen, click "I accept".

The next screen asks for a password.

Enter P@ssw0rd in both boxes and click Finish.

Logging In

Username: student
Password: P@ssw0rd

Adjusting the DNS Server

Click the third icon at the lower left of the desktop to open PowerShell.

Execute this command:

control netconnections

A Network Connections window opens, a shown below.

Right-click Ethernet0 and click Properties.

In the Ethernet0 Properties box, double-click "Internet Protocol Version 4 (TCP/IPv4)".

In the Internet Protocol Version 4 (TCP/IPv4) Properties window, in the lower section, click the "Use the following DNS server addresses" button.

Enter the IP address of your domain controller, as shown below.

Note: your IP address will be different from my example

Click OK.

In PowerShell, execute this command:

ping hackme.com

You should get replies, as shown below.

If you don't, you need to fix your networking problems before proceeding with this project.

Joining the Domain

In PowerShell, execute this command:

sysdm.cpl

System Properties opens, as shown below.

In System Properties, click the Change... button.

In the "Computer Name/Domain Changes" box, make these adjustments, as shown below:

Change the Computer Name to YOURNAME-Member, without embedded spaces
Click the Domain button.
Enter a Domain of hackme.dom

In the "Computer Name/Domain Changes" box, click OK.

A Windows Security box pops up. Enter these credentials, as shown below:

Username: student
Password: P@ssw0rd

In the Windows Security box, click OK.

A box pops up saying "Welcome to the hackme.com domain", as shown below. Click OK.

A box pops up saying "You must restart your machine...". Click OK.

Close all windows and restart your Member Server.

Logging In to the Domain

When the Member Server restarts, press Ctrl+Alt+Delete.

The initial login box starts with a long random computer name, as shown below. This is a local account, not a domain account.

Click the little leftward-pointing arrow.

Now you see two icons, as shown below.

Click the "Other User" icon.

Username: Hackme\sally
Password: S@lly123

Verifying Domain Membership

Notice that Sally's password was not entered into the Member Server user account database. This login occurred over the network, sending credentials to the Domain Controller via Kerberos.

On your Member Server, open PowerShell.

In PowerShell, excute this command:

whoami

The answer is hackme\sally as shown below. This shows that you are logged in to the domain.

Saving the Screen Image

Make sure you can see hackme\sally as shown above.

Save a FULL DESKTOP image with the filename Proj 12xa from Your Name.

Adding Sally to the Local Administrators Group

In a Domain, privileges are administered on the Domain Controller, not on an individual workstation.

On your Domain Controller, in Server Manager, at the top right, click Tools, "Administrative Tools", "Group Policy Management", as shown below.

In Group Policy Management, on the left side, click the triangle next to "Forest: hackme.com" to expand it, as shown below.

Expand Domains.

Right-click hackme.com and click "Create a GPO in this domain, and Link it here...", as shown below.

In the "New GPO" box, enter a Name of "Local Admins", as shown below. Click OK.

In Group Policy Management, on the left side, click the triangle next to hackme.com to expand it, as shown below.

Right-click "Local Admins" and click Edit.

In Group Policy Management Editor, in the left pane, navigate to

Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups

as shown below.

Right-click "Restricted Groups" and click "Add Group...".

In the "Add Group" box, click Browse....

In the "Select Groups" box, type

Administrators

as shown below.

Click OK.

In the "Administrators Properties" box, in the top section, click the Add... button, as shown below.

In the "Add Member" box, enter

HACKME\sally

as shown below.

Click OK.

Now the right side of Group Policy Management Editor shows that sally is in the Administrators group, as shown below.

Observing Sally's Privileges

On your Member Server, at the lower left of the desktop, right-click the third icon. Click "Run as Administrator", as shown below.

A User Account Control box pops up, asking for a user name and a password, as shown below.

This shows that Sally is not a local administrator.

Updating Group Policy

On your Member Server, at the lower left of the desktop, click the third icon to open PowerShell.

In PowerShell, execute this command, as shown below.

gpupdate /force

Logging Out and Logging Back In

On your Member Server, at the lower left of the desktop, right-click the Start button.

Click "Shut down or sign out", "Sign out".

Press Ctrl+Alt+Delete.

Click the icon labelled "Sally Smith", as shown below.

Enter this password: S@lly123

Observing Sally's Privileges Again

On your Member Server, at the lower left of the desktop, right-click the third icon. Click "Run as Administrator", as shown below.

A User Account Control box pops up, asking for a click on "Yes", as shown below. This shows that Sally is now a local administrator!

Click Yes.

In PowerShell, execute this command:

whoami

Saving the Screen Image

Make sure you can see these required items, as shown above:

"Administrator: Windows Powershell" in the title bar
hackme\sally

Save a FULL DESKTOP image with the filename Proj 12xb from Your Name.

Turning in Your Project

Send the images as email attachments to cnit.124m@gmail.com with a Subject line of Proj 11x from Your Name.

References

Step 1: Setting Up the Infrastructure

Create Local Administrator Security Group with GPO

Posted 9-23-17 by Sam Bowne