For the AD6 project, we went to Proxmox and selected the "WindowsServerAD", pressed the console button and had some trouble figuring out how to press control alt delete on the console which doesn't have full access to our keyboard but there was a sidebar with special inputs such as settings, full screen, and another was control alt delete. We went to the log in screen, found the credentials under closed ticket's from a few weeks ago by Jack Stika, under AD1, the credentials were Windows server is installed on Proxmox VM:123, Username: Administrator, Password: Admin123.
Just for my sanity, an OU is an organizational Unit. This is a thing in Active Directory.
We went it the star t menu and typed active directory and select, Active Directory Users and Computers. We're creating a new folder is called an OU. The folder is called IT. So you see there's a new folder on the side panel folder tree. Right click in the empty space on the main epty space of the console window to the right of that side panel. Right click and hover over New, and go down to User in the context menu.
We have 16 students in the class and we need to create Active Directory Domain User Accounts. Jayden is in the console on Proxmox, and I am tasking Diego with accessing the same server through RDP. This was a bit of a challenge. I had him go to the System > About folder and click one of the buttons on the side-panel to check to see if Remote Desktop was enabled, but we found that just allows connection to the other computer that Diego is on.
Doug said that we need to go on the console where Jayden is and go start key > type Allow Remote Connections to this Computer. A window came up and we tried to something in that widow which I think is the default thing to do but we didn't have administrator access to it so when we clicked the button to allow connections to the server, and hit apply, it didn't respond.
I had Diego waiting at the other computer with remote desktop open, we retrieved the IP address of 192.168.3.117 for the server, he typed it into remote desktop. Doug cae over and showed us a workaround, we clicked the windows key and typed Windows Server Manager. From there we clicked on local server on the top left side-panel, went to remote desktop in the middle of the window, system properties window, it was set to not allow remote connections so we set it to allow remote connections and hit OK. We had Diego access it through remote desktop and were prompted to enter credentials.
We found that Diego and Jayden couldn't both be logged in at the same time, so we went about creating Jayden and Diego their own accounts so they could both separately start adding the rest of the class. Jayden quickly found out in creating his credentials that there was an unknown password policy. We found in the TALOS ticket system for student project assignments that in the AD7 project for this same line of projects to create an Active Directory, there in AD7 was the password policy:
Use group policy management to enforce a password complexity across our entire domain (or OU).
Password requirements should be as follows:
At least 8 characters
At least number
At least one lowercase and uppercase character
At least one special character
Passwords expire and must change every 6 months
Jayden found out that you can't end in a special character because of Windows policy. Jayden created his password, he logged out, Diego logged in and now Jayden is logging in on his own account.
Jayden couldn't log in to create users because he's not an admin. Diego went to Active Directory, he clicked on the IT folder in the side tree > double clicked the Jayden user > clicked the member of tab > clicked add > typed in Domain Admin, clicked check names > pressed okay, clicked apply on the outer small window, and now Jayden is in. I had Jayden and Diego both add all sixteen of the names of students in our class.
And then Diego went to create new users by clicking the IT folder, right clicking in the open space inside the folder, go to new > user, then typed the first name of someone with a "1." between the first name and middle initial.
Jayden came up with a standard password for everyone's account so everyone can log in and change their passwords. The password is "Mtech123@Basic". I thought this was strange because it seemed complicated but Jayden said that Windows required complexity.
Between the two of them, Diego and Jayden both created all the user accounts with the basic password and gave them all admin privileges.
No comments:
Post a Comment