Task 1: Setup Router as a DHCP server
• Start router/ Idle- PC (higher # w/ *)
o Console interface on router:
? config t
? int g0/0
? ip add 10.10.10.1 255.255.255.0
? service dhcp
? ip dhcp pool gns3
? network 10.10.10.0 255.255.255.0
? default router 10.10.10.1
? dns-server 10.10.10.2
? domain-name gns3.com
? end
? copy run start
SCREENSHOT- ip dhcp pool gns (under show run) -OR- WAN ip address at start up interface for firewall
Task 2: Create a domain with one client machine
Start DC server
o Tools
? Computer Management
• Local users & groups
o Users
? Administrator (right click)
• Set password: Password1
Right click start
• Network connections
o IPv4 Properties (IP address- found in powershell/ preferred DNS)
Manage
• Roles/ Features- next 3 time
o Active Directory Domain Service (add features)- next 3 times- install
? “promote this server to domain controller” – click hyperlink
• Add new forest
• Root Domain Name: gns3.com
• Password: Password1- next- prerequisite check- install
Move to Client Machine!!!!
• Ping the server- (Edit Ipv4 properties- Preferred DNS / IP add)
o Control Panel
? Systems and Security:
? Advance system settings
? Computer name (Change)- WIN10
? Domain: gns3.com
o IF ERROR OCCURS!!
? Network Connections
• Change Adapter Option
• IPv4 Settings
o Preferred DNS: (IP of Server)
? Computer will restart!!!
Move to Server Machine!!!!
• Tools- ADUC
o Expand gns3.com
? Computers
• WIN10
? SCREENSHOT! – Local server static IP address AND WIN10 computer in ADUC
Task 3: Create OU with 3 nested OUs
• Right click gns3.com
o New- Organizational Unit
o Name: 2602 OU
? Right click 2602 OU
• Create 3 nested OUs
• Name: USERS/ COMPUTERS/ GROUPS
? SCREENSHOT!!! – All 4 new OUs
Task 4: Create User in USERS OU
• Create user
o Password never expires
• SCREENSHOT! – User in User OU
Task 5: Make sure Client Machine is in appropriate OU
• Move WIN10 to COMPUTERS OU
• SCREENSHOT! – WIN10 in COMPUTERS OU
Task 6: Create one group in the GROUPS OU
• SCREENSHOT! – Group in GROUPS OU
Task 7: Create an account policy named ‘Passwords’ that remembers the last 20 passwords and only allows the password to be use for 60 days
• Tools
o Group Policy Management
? Domain
? gns.com
? Groups Policy Objects (right click)
• Name: Password
o Right Password Policy- Edit
• Policies
o Window Settings
? Security
• Account Policy
? Password- MAX DAY 60/ MIN 30/ HISTORY 20
• SCREENSHOT! – Group Policy Management Editor showing Password MAX/ MIN/ HISTORY
Task 8: Create an account policy named ‘Lockout’ that locks an account for one hour after three failed attempts
• Groups Policy Objects (right click)
o Name: Lockout
? Right click Lockout Policy- Edit
• Policies
o Window Settings
? Security
• Account Policy
o Lockout: 60 MIN/ THRESHOLD 3 attempts
• SCREENSHOT!! – Lockout Policy Settings
Task 9: Apply the “Password” policy to the Users
• Group Policy Management
o Right Click “Users”
? Linking existing GPO
• Password
• SCREENSHOT! -Users OU
Task 10: Apply the “Lockout” Policy to the Groups
• Right Click “Groups”
o Link existing GPO
? Lockout
• SCREENSHOT! – Groups OU
Task 11: Firewall Rule Allow ICMP from LAN to DMZ/ Block from DMZ to LAN
MOVE TO CLIENT MACHINE!!
• Ping the firewall (address is in workstation firewall)
o Web Browser
? https:// (firewall IP)
? Details- Go to page
• Username: admin
• Password: pfsense
? Click next until reload- Reload
• Click here to continue to pfsense
? Interface tab- OPT1
• Description: DMZ
o Enable INT
? IPv4 config type- NONE
• Save/ Apply Changes
• MOVE TO FIREWALL
o Enter option: 2
o Enter option: 3
o New IPv4 add OPT1: 10.10.20.1
o 24
o Enter x2
o Y
o 10.10.20.2
o 10.10.10.254
o N
o (CRTL+ATL)
• MOVE TO CLIENT MACHINE
o Go back to pfsense web browser
? Firewall- Rules
• Edit DMZ & LAN (remember to “add up”)
o LAN- add
? Action: Block
? Source: DMZ NET
? Protocol: ICMP
? Save/ Apply Changes
• SCREENSHOT!! -Screen after changes were applied
• Rules
o DMZ- add
o Actions: PASS
o Protocol: ICMP
o Save/ Apply Changes
• SCREENSHOT!! – Screen after changes were applied
• MOVE TO GNS ENVIORNMENT
o Turn on DMZ
o Open terminal
o Type: IP DHCP
o Ping the client
• SCREENSHOT!! – Ping to Client
• MOVE TO CLIENT MACHINE
o Ping the DMZ
• SCREENSHOT!! – Ping to DMZ
Task 12: Create firewall rule to allow DNS
• Rules- LAN- add
o Action: PASS
o Protocol: UDP
o Source: SHOW ADVANCE
? From: DNS
? To: DNS
o SAVE/ APPLY CHANGES
• SCREENSHOT!! – Screen after changes are applied
TASK 13- 15 Same procedure as 12
Right click and “save as”