Virtualising an active directory system

 Virtualised active directory and user accounts 

 

Planning my virtual machines 

I’m going to be using 2 virtual machines to simulate an active directory system. One virtual machine will act as the host server, where the active directory is held. The other machine will be a user machine, simulating an employee device interacting with the AD. 

 

Creating the virtual machines 

I’m going to be using the 2019 edition of Windows Server for the host server and Windows 11 for the user machine. To create these servers, I first download the ISO files needed to install the OS. I allocate appropriate resources to the machines and install the operating systems on them. 

 

Powering up the server 

After installing Windows Server 2019, I am brought to the server manager application. This is where I will be managing my active directory to control user access. Please note that the host server should only be accessed by the network administrator to prevent network security breaches and make the business’ security more robust. 

 

Setting up active directory and domain controller 

To install active directory, we need to install active directory domain services. To do this we need to open the “add roles and features wizard. After opening this guided installation window, we should follow the steps to install the active directory domain services. This feature will let me create a domain controller which will manage users connected to the network. 

 

Promoting the domain controller 

Before we can use it to connect and manage users, we need to promote the server as a domain controller. To do this, we need to click on the flag beside the “manage” button where we should see a notification saying, configuration required for Active Directory Domain. After promoting the server, we need to deploy a new domain name. In this case, being a local server, I will just call it ben.local. Our NetBIOS domain name should fill in automatically which will allow my user computer to connect with the host server. 

 

Finishing AD installation 

After installing the AD services and promoting the domain controller, we can restart the server to load the changes. Now the Active Directory Domain Services are installed, and we can manage it through the Active Directory Administrative Center. 

 

Configuring a user account 

The next task I want to do is to create a user account for our user machine to be able to log into. To do this, we click on the “tools” dropdown menu and select “Active Directory Users and Computers. We’ll be brought to a directory browser where we can see the folder “Users”. In this folder, there are lots of pre-configured security groups used for managing access to various parts of the network configurations. We need to click on the create user button and enter the first and last name. In a real-world scenario, this would be the details of an employee who needs to access the network, however in this scenario I will just use “John Doe. I will make the user logon name johndoeand let the user change the password on the first logon attempt. 

 

Network configuration on user machine 

To be able to connect the host server and the user machine together, we need to point the user PC to the server. We can do this by modifying the domain the computer is a part of. By locating to “system -> about” and scrolling down the find the option “Domain or workgroup. In these settings, we can create a computer description and change the domain and workgroup. I’m going to leave the description blank for this scenario as I am only working with one user machine. However, in a real-world case it would be wise to give each computer a description for organisational purposes. We can then press “Change” to modify the computer’s domain so that it can communicate with the server. I will input the domain that I created recently: ben.local. After confirming these changes, I will be prompted to input an administrator password which will be the password I set when creating the host server. After these changes are confirmed, the network configuration is completed, and the server and user machine will be able to communicate. 

 

Testing user account 

By logging out on our user machine, we should be able to log into our user account that we created previously. We’ll input the credentials of John Doe and attempt to login. If everything has been configured successfully, we should be able to set a password and log into John Doe’s user account. When we investigate the “computers” folder on our host server, we should see the virtual machine has been added to the directory. 

 

Create second user account 

Now I am going to simulate another user joining the network using the same computer. To achieve this, all I need to do is to create another user account in the active directory. I will call this user “Nick Smith” with the username “nicksmith”. After creating this user, I should be able to log in with those credentials on the user machine. 

 

Printers 

This next task involves emulating a printer in order to allow users to print documents in the office. By configuring print services, employees can find the printer on the network and send requests to it accordingly. First, I’ll install the “Print and Document Services” feature into the active directory on the host server. After installation, we need to configure a new printer on the network by opening “Print management” under the “tools” dropdown. We can then find the name of the server under “Print Servers, right click and then add printer. As a result, a wizard will open to install a new printer on the network. In this case, we can use the existing port: LPT1 and install a new driver. After this step, we can choose our printer model from a list of Microsoft or generic printer models. After selecting the correct printer, make sure the box “share this printer” is selected and give the printer a name. I'm going to call my printer, officeprinter. Now let it install onto the active directory system. After installation, we can see that the printer is on the GPO in the printers tab. Right click on the new printer and press “deploy” to deploy the printer onto the network. Now users can access and print from the new printer on the network. 

 

Remote desktop 

Remote desktop services can be used to remotely connect devices together in order to troubleshoot or share resources efficiently and easily. To set up remote desktop on the active directory, we first need to enable network level authentication on the user machine. To do this we can go to the computer properties and find remote settings to allow remote connections. This will allow our remote connections to properly connect and data to be shared across the network in accordance with network authentication. Now we’ll need to install the remote desktop feature by installing the required server roles. Click on manage and find “add roles and features” to begin the installation wizard. We want to install the features “remote desktop services”. After installation we can open a remote session on the user machine and connect with the IP address of the server, which will then create a remote session allowing us to remotely access the desktop of the server. 

 

Security groups 

Security groups can be used to manage user access to certain resources. For example, employees from marketing would pose a potential security risk if they had access to confidential information that only high-level employees should be able to see. To control access to these resources, we can set up security groups on the active directory and control access permissions to folders that are to be shared over the network. First, we find our users page where we will create a security group. This group can be named as “managers” or “staff” to be organised. Once created, we can assign users to the group to allow us to bulk-edit permissions without having to assign permissions individually to each user. Then we’ll create 2 folders on the server, one for manager resources and one for staff resources. By clicking on properties then advanced sharing, we can control which groups can read and/or write to the folder in question. Once these are shared, employees can login and access resources in the shared folders they have permissions to. Overall, this upgrades the network’s security and mitigates internal risks such as internal bad actors. 

 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more