HomeTech JournalsPersonal ProjectsSysadmin Wiki

Project 7 - Windows Admin Center

Setup AD01

sconfig:

IP: 10.0.5.5/24

Time: Setup

Hostname ad01-Paul

Make Forest

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName "paul.local"

Install ADDS

Install-WindowsFeature DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -NetworkID 10.0.5.0/24 -ReplicationScope "Domain"
Add-DnsServerResourceRecordA -CreatePtr -Name "fs01-paul" -ZoneName "oliver.local" -AllowUpdateAny -IPv4Address "10.0.5.7"
Add-DnsServerResourceRecordPtr -Name "5" -ZoneName "5.0.10.in-addr.arpa" -AllowUpdateAny -AgeRecord -PtrDomainName "ad01-paul.paul.local"

Setup User

$password = Read-Host -AsSecureString
New-ADUser -Name paul.gleason-adm -AccountPassword $password -Passwordneverexpires $true -Enabled $true
$password = Read-Host -AsSecureString
New-ADUser -Name paul.gleason -AccountPassword $password -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members paul.gleason-adm
Add-ADGroupMember -Identity "Enterprise Admins" -Members paul.gleason-adm

DHCP

Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service dhcpserver
Add-DHCPServerv4Scope -Name "lan-scope" -StartRange 10.0.5.60 -EndRange 10.0.5.70 -SubnetMask 255.255.255.0 -State Active -LeaseDuration 1.00:00:00
Set-DHCPServerv4OptionValue -ScopeID 10.0.5.0 -DnsDomain paul.local -DnsServer 10.0.5.5 -Router 10.0.5.1
Add-DhcpServerInDC -DnsName "ad01-paul.paul.local" -IpAddress 10.0.5.5

WK01 on DHCP

FS01

IP: 10.0.5.7

Hostname fs01-Paul

Join domain

Setup Windows Admin Center

Click through installer

Windows Admin Center Setup

Click add and add servers

Add Extension:

Install AD and DNS extension

GPO for WinRM Setup

I made a new OU in AD for WKS01-Paul

Then Added A New GPO

Then go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management > WinRM Service then select Allow remote server management through WinRM and set to Enabled and * for filters

The modify Computer Configuration > Policies > Windows Settings > Security Settings > System Services and selected Windows Remote Management

Make it look like

Finally add an inbound firewall rule: Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security

Then did a "gpupdate /force" on windows once windows restart then go on fs01 and test the connection

PreviousProject 6 - Federated IdentityNextProject 8 - Kerberos - Deep Dive

Last updated