📖
Building a Windows AD lab
  • Building a Windows AD lab
  • Lab-setup
    • Lab overview
    • Building the lab
      • Prerequisite
      • Creating images
        • Optional: Install software & Settings
      • Network setup
      • Cloning & Creating VM's
      • Creating bank.local
        • Creating Domain Controller - DC01
          • Enable RDP
        • Creating amsterdam.bank.local
          • Creating Domain Controller - DC02
            • Creating a AD structure
            • Create a CA
            • Configure LDAPS
          • Creating Fileserver - FILE01
            • File services
          • Creating W10 client - WS01
            • PSRemoting
          • Creating Webserver - WEB01
            • Web Services
            • SQL Server
              • Create database
      • Creating secure.local
        • Creating Domain Controller - DC03
        • Creating File/SQL Server - DATA01
          • SQL Server
            • Create database
    • Attack Paths
      • Attack path 1 (hard)
        • Configuring
        • Tasks
        • Manual
      • Attack path 2
        • Configuring
        • Task
        • Manual
    • Troubleshooting
    • To-Do
  • Vulnerabilities & Misconfigurations & Attacks
    • Initial Access Attacks
      • Username Enumeration
        • Password Spraying
        • AS-REP Roasting
        • Empty Password
      • SMB Relaying
      • SMB Null-Session (To-Do)
      • SQL Server default login
    • Active Directory Attacks
      • Password spraying
      • AS-REP Roasting
      • Empty password
      • Password in description
      • Kerberoasting
      • Delegation Attacks
        • Unconstrained Delegation
          • Printerbug
        • Constrained Delegation
        • Resource Based Constrained Delegation
          • Computeraccount Takeover
          • Change-LockScreen
          • Webclient Attack (todo)
      • DACL-Abuses
        • Write Owner
        • Owns
        • WriteDacl
        • GenericAll
        • GenericWrite (todo)
        • ForceChangePassword
        • Add user to group (todo)
        • Targeted Kerberoast (todo)
        • Get-Changes
      • Reused local administrator (todo)
      • SQL Server Attacks (todo)
        • Initial Access
          • SQL Server default login
          • Normal domain user access
        • Privilege Escalation
          • Impersonation
          • DB-Owner
          • Enumerate Logins
            • Weak passwords
        • Executing Commands
        • Database-Links
        • Capturing hashes & Relaying
      • Reading LAPS passwords (todo)
      • Priviliged Groups (todo)
        • DNS-Admins (todo)
        • Account Operators (todo)
        • Backup Operators
        • Server Operators (todo)
      • Hopping domains and forests
        • Child to parent domain
          • Krbtgt hash
          • Trust key
        • Cross forest Attacks (todo)
          • Foreign user
    • Misc
      • Reverse shell trick
      • Lateral Movement
        • PSRemoting
        • PsExec (todo)
      • Misconfigured Service (todo)
        • Unqouted Service Path
      • Discovering Shares
      • Password on shares
      • Different methods of dumping credentials
        • LSASS (todo)
        • Dumping DPAPI
          • Browser passwords
        • Scheduled tasks (todo)
        • Services (todo)
        • Vssadmin Shadow Copy
      • ms-ds-machineaccountquota (todo)
      • add DNS Records (todo)
      • Bypassing UAC
    • Template page
  • Defence
    • Detection
    • Hardening
      • LDAP
        • LDAP Signing
        • LDAPS Binding
      • Strong Password Policy
      • Change who can join computers to the domain
      • Protected users group
      • Account is sensitive and cannot be delegated
      • Powershell Execution Policy
      • Template page
Powered by GitBook
On this page
  • General machine info
  • Installation after sysprep
  • Renaming
  • Joining the domain
  • Removing local admin users
Edit on GitHub
  1. Lab-setup
  2. Building the lab
  3. Creating bank.local
  4. Creating amsterdam.bank.local

Creating W10 client - WS01

PreviousFile servicesNextPSRemoting

Last updated 3 years ago

General machine info

  • Machine Name: WS01

  • IP Adress: DHCP

  • Subnetmask: DHCP

  • Gateway: DHCP

  • DNS: DHCP

  • Role: Workstation for end users

  • Domain: amsterdam.bank.local

Installation after sysprep

  1. Startup the machine

  2. When asked if you copied the Virtual Machine, select "I Copied It"

3. Choose your region, in our example "Netherlands" and click "Yes"

4. Choose your keyboard layout, in our example "United States-International" and click "Yes"

5. On the second layout screen, click "Skip". After this our machine will do some basic configurations and updates.

6. Once the Pop-up comes to agree with the Windows terms and conditions, click "Agreed".

7. Now we're asked to 'Sign in with Microsoft' account and we click on "Domain join instead".

8. Create an user-account with the password Welcome01!, because we already created the user-account "User", we need to create a second user. In our example we choose User02.

9. Next they ask for some security questions, we fill in "A" because we will delete the account in a later stadium anyway.

10. Choose the most privacy friendly options. We choose the following options: No, No, Send Required diagnostic data, No, No, No.

Now the machine will spin up and load our user-profile. After some minutes the machine is ready to use.

Renaming

  1. Open File Explorer --> right click "This PC" --> Properties

2. Click on "Rename this PC"

3. Fill in WS01 and click "Next"

4. When asked to restart, click on "Restart Now"

Joining the domain

1. Open File Explorer --> right click "This PC" --> Properties

2. In the top right corner click on "Rename this PC (advanced)"

3. A new window will pop-up called 'System Properties', within this window click on "Change..."

4. Another window will pop-up called 'Computer Name/Domain Changes', within this window change the 'Domain' to "amsterdam.bank.local" and click on "OK"

5. You will be asked to supply credentials, we will use the administrator account from amsterdam.bank.local and click on "OK"

6. We're welcomed to the domain, click on "OK". After this message it will asks us to reboot the machine, click on "OK". Close the 'System Properties' window and restart the machine now.

now we're able to login into the amsterdam.bank.local domain.

Removing local admin users

  1. Login to the machine with the Administrator user from the domain with password Welcome01.

  2. Execute the following commands to remove the user user and user02.

net user user /del
net user user02 /del