Virtual Galactic Solutions Network

Here is a layout of Virtual Galactic Solutions network. I am using Eve-ng to virtualize all this. I have a Cisco router performing NAT and I have a Windows Server 2022 that will be providing Active Directory, DHCP, & DNS services. I have 3 Windows 10 systems, one for each department (Sales, Accounting, Help Desk). The objective is to create an environment where I have a centralized server that will allow me to manage users and computers as well as provide IP addresses. The Help Desk Account user will be set to assist employees without them having access to Windows Server or Server Manager.

Installing Active Directory

I installed Active Directory by adding a role. I promoted the server to a domain controller called vgs.com following the configuration wizard. I was prompted to reboot the server but I did a few thing before rebooting. One of the configuration I made was renaming the server to something short that identifies the location and what the server is running. The second configuration I made was adjusting the server for best performance. Lastly, I enabled the recycle bin within Active Directory Administrative Center. This will keep me safe from accidental deletion of objects. I rebooted the server so that changes take effect.

Configuring Active Directory

After the server booted, I created Organizational Units for the Sales, Accounting, and Help Desk department. Within each Organizational Unit, I created a group. Having a group will allow me to manage & and provide access controls. I created a user in their corresponding Organizational Unit and filled out some information about the user as well as set a temporary password that i will provide to the user so they can log in. I then added each user to their corresponding group.

Adjusting Group Policy Settings

There are few settings I configured, one of which is Password Aging. The maximum password age will be set to 30 meaning users will have to change their password after 30 days. The minimum password age will be set to 5 meaning when users set a new password, they are allowed to changed it after 5 days. The other setting I configured is the Account Lockout Policy, users will have 3 attempts to sign in after which their accounts will be locked. They will also have to wait 5 minutes before attempting to sign in again.

Installing & Configuring DHCP

The router isn’t providing DHCP services so I went ahead and set up DHCP within the Windows Server. I created a scope of 10.1.1.1 to 10.1.1.254. I excluded 10.1.1.1 to 10.1.1.10 for the purpose of using them for systems that need a static IP. I set the gateway of 10.1.1.1 & the DNS of 10.1.1.15 which is the Windows Server IP. After configuring DHCP, I activated the scope.

Joining A Computer To A Domain

Before Joining the Computer to the domain, I renamed the computer and enabled the administrator account. I made sure the computer received TCP/IP settings. I then proceeded to join the computer to the domain. After rebooting the PC, i logged in with the Help Desk Domain user Christopher.

Installing RSAT Tools

I gave the Help Desk account access to Active Directory and Remote Desktop Service Tools without giving them full access to server manager. This will allow the Help Desk Technician to assist personnel.

Creating A SMB Share Drive

I created a share for the sales department. After creating the share, I copied the path of the share to add it to the security group description. I then disabled inheritance so I can remove users who have access to this share. I proceeded to add the sales group and gave them read and write access.

Mounting Share

Kim which is part of the sales group needs assistance mounting the sales share and making sure it stay mounted even after reboots. I mapped a network drive within Active Directory and added the path. Now Kim should see the share folder when she logs in.