Connectivity overview for the lab

After some time spent installing, configuring, reading and rebooting, the lab is going quite well. Also, it might look like there are too many tools or too many solutions with overlapping capabilities, but its all in the name of lab testing :).

 

On the bellow diagram,  you could find the connectivity overview of the lab – inculind the on-premise secion and the two public clouds that will be integrated.

In future posts, there will be more info how to configure some of the components, for example the virtual router of MicroTik and so on.

Enable ping on windows 7/ Windows Firewall

By default, the pre-built windows firewall blocks ping requests. But ping being usually useful command, its convenient to be enabled, when working in a trusted environment.

 

To enable ping in Windows firewall:

  1. Open Start Menu
  2. Search for Windows Firewall
  3. Select Advanced Settings on the left
  4. Click Inbound Rules
  5. Find the rule, named: File and Printer sharing (Echo Request – ICMPv4)
  6. Right click on the rules and select “Enable”

Another option is to enable ping via GPO

Active directory interview questions, part 2 of 2

  • How does group policy resolve setting conflicts?
  1. Following the GPO’s processing order. More particular – the GPO containing the conflicting policy setting that applies last is the setting that overwrites all other settings.
  • Give three examples of where PowerShell pipeline should be used, rather than set as variable
  1. This is an intriguing question also in the Linux/bash environment.
  2. Allows data to be sent from one command to the second, without the need of variable definition
  3. Allows for easier ongoing refining of the function/script results
  4. Streaming/ piping values allow working with “infinite” length of continuous data, while its rather impossible to define such a variable
  • How do you establish a remote PowerShell session?  What are the pre-requisites?
  1. [If working within Domain] Enable PowerShell Remoting/ Enable-PSRemoting -Force
    1. Starts the WinRM service
    2. Starts automatically with system start
    3. Creates a firewall rule for incoming connection
  2. [If working within Workgroup]
    1. Configure the network as private
    2. Configure TrustedHosts on both machines.
  3. To execute a single remote cmdlet: Invoke-Command
  4. To initiate a remote session: Enter-PSSession

 

Making remote server management easier

After making sure the networking is done, installation is complete, AD is created, DNS/ DHCP are proparly configured, time to make life easier by enabling remote server management.

On the managed servers, you need Remote server

  • On the computer that you want to manage remotely open a Windows PowerShell session with elevated user rights.
  • Type the following, and then press Enter to enable all required firewall rule exceptions.

    Configure-SMRemoting.exe -enable

On the management server

  • Navigate to server manager, in the upper right cornet select Manage and add Server
  • Fill the newly opened window with something like this:
Configure Remote Management in Server Manager
Configure Remote Management in Server Manager
  • Wait few seconds for the refreshment
  • Enjoy the improved functionality :).
Configure Remote Management in Server Manager
Configure Remote Management in Server Manager

 

Improved home lab

So, after the new hardware upgrade, time to set-up proper functioning lab.

Some background: the infrastructure in question will be for engineering company with about ~50 employees. It will have 4 branches, 3 operating within the major economical regions – EMEA, APAC, AMCS, and fourth one – the HQ. This will be used for setting up the active directory structure later on. Every branch will have local HR, finance, engineering team, on-site support and all the basic departments (definitely not the most optimized solution, but should be interesting).

Underlying infrastructure: Heavily based on Microsoft products: composed Workstations with Windows 10, on-premise Exchange, File & Share servers. To spice up the things, there will be some Linux based instances, use primary for java, web & middleware, sandboxing and testing. In the end there would be also some android devices, just for the sake of testing BYOD scenarios. Active directory will be used for proper management.

Security solutions: here is the funny part – hopefully more thinks will break and will have to be fixed for the fun.

  • Antivirus: Symantec Endpoint Protection, McAfee Enterprise & Microsoft Defender.
  • Encryption: Checkpoint Full Disk Encryption and Microsoft BitLocker
  • Network Security: Symantec Endpoint Protection, Splunk, AlienVault
  • Vulnerability management: Nessus
  • Penetration testing: Kali OS, Parrot OS
    More to be added in the future.

Series: Security testing

Series: Security testing

Purpose:

  • Analyze various malware [viruses, trojans, keyloggers] in sandbox environment
  • Penetration testing [web applications, system testing]
  • Intrusion prevention/ detection system deployment, usage and testing
  • Vulnerability management
    • Testing vulnerability management solutions
    • Testing vulnerabilities them selves
  • Policy compliance

Continue reading “Series: Security testing”

Series: Gaining some Linux traction

Series: Gaining some Linux traction

Purpose:

  • Delve into Linux system administration
  • Practice installation, configuration, and other package/ program management tasks
  • Test networking and security
  • Gain additional experience in administering *nix systems
  • Enjoy VIM and try out EMACS
  • Gather some scattered knowledge
  • enjoy while building, breaking and fixing

Continue reading “Series: Gaining some Linux traction”

Series: Compact corporate environment

Series: Compact corporate environment

Purpose:

  • troubleshoot common problems found in complex environment
  • gain additional experience
  • test new products and features
  • develop some PowerShell and Desired State configuration scripts
  • go through the design and deployment phases
  • enjoy while building, breaking and fixing

Continue reading “Series: Compact corporate environment”

FIX: Windows cannot find the Microsoft Software License Terms

So, setting up a nice Windows Server 2012 R2 machine in Hyper-V for some active directory testing.

Allocating the minimum required resources for WS 2012 R2, as seen here , and just after selecting the edition that I wanted to install [doesn’t matter if you prefer Standard or datacenter edition, with or without GUI], a greeting window appeared:

Windows cannot find the Microsoft Software License Terms
Windows cannot find the Microsoft Software License Terms

Continue reading “FIX: Windows cannot find the Microsoft Software License Terms”

Active Directory/ Windows environment troubleshooting toolbox

A small collection of useful programs, applications and mmc’s that can be of use, when your Active Directory isn’t cooperating and working as designed, or trying to find that small problem in the environment, that has been bothering you for quite some time.

Post in progress, regularly updated.

Continue reading “Active Directory/ Windows environment troubleshooting toolbox”