Proxmox AD Lab: Win10 Vuln Client Setup (WC1)

# Setup We will be setting up this machine that sits on two vlans first ## Clone and Startup ![image](https://hackmd.io/_uploads/r1TMcUAgR.png) 1. Clone from template ![image](https://hackmd.io/_uploads/HJ2p49yZA.png) 2. Clone settings ![image](https://hackmd.io/_uploads/r1XGS5y-0.png) 3. Add another NIC so it is accessible on both vlans - 666 and 999 ![image](https://hackmd.io/_uploads/rJgB8q1Z0.png) ![image](https://hackmd.io/_uploads/Hyu7I9J-C.png) 4. Power on and follow setup as usual 5. Accept ![image](https://hackmd.io/_uploads/B1Fi89kW0.png) 6. Create local user and password 7. Same privacy settings as before ![image](https://hackmd.io/_uploads/H1_xv9JZA.png) 8. After we login, we can access cmd and enter `ipconfig` and see that we have indeed been assigned identities in the two vlans by the respective DHCP servers in them (pfSense and DC01) ![image](https://hackmd.io/_uploads/SJZ-iBgZ0.png) ## Setting a Static IP For this machine, we will assign it a static ip. For ease, we shall assign it 201 in both /24 vlans. So it will have have the IP Addresses: - 172.16.66.201 - 192.168.99.201 1. Access Network Connections ![image](https://hackmd.io/_uploads/Hyd-9i-bA.png) 2. For ethernet adapter connected to the vlan with the DC ![image](https://hackmd.io/_uploads/ryC8jsZ-A.png) - Disable IPv6 - Set the IP address as desired - Set the DNS server to the DC 3. For the ethernet adapter on the vlan managed by pfsense ![image](https://hackmd.io/_uploads/SJkWho-ZR.png) - Similarly, disable IPv6 - Set the static IP address 4. End state might look something like this ![image](https://hackmd.io/_uploads/rkfs_RzbR.png) ## Rename PC Personally, I genuinely am a fan of having my PC name be something like DESKTOP-TB95UB. Something about that format just gives me a weird mini Dopamine shot - well, that's ADHD for ya! However, as part of the exercise - and for later (I say "later" - but really, I'm adding this bit into this documentation much after, at the point when I realised I had to, really.) usage. ![image](https://hackmd.io/_uploads/rJqe6aSb0.png) ## Create limited-privilege user ![image](https://hackmd.io/_uploads/rJuZsIIWR.png) ![image](https://hackmd.io/_uploads/H1NBjILZR.png) ![image](https://hackmd.io/_uploads/Bk5rs8IWC.png) ## Additional Settings 1. Disable Screensaver ![image](https://hackmd.io/_uploads/rkrMT2bZC.png) - If Sleep option is available - set that to never as well 2. I also tried setting the default gateway to the DC, but this made little difference ![image](https://hackmd.io/_uploads/H1yeO0G-C.png) 3. To ensure that they were on the same network, I turned off the firewall so my Kali VM could ping the Windows Client, but then I turned the firwall back on again later ## Joining the Domain ![image](https://hackmd.io/_uploads/S16ZyABb0.png) ![image](https://hackmd.io/_uploads/SkVQyCHbC.png) Another way of making sure your computer can find the DC and join the domain ![image](https://hackmd.io/_uploads/S1Vs1ABZC.png) ![image](https://hackmd.io/_uploads/SJT610rb0.png) ![image](https://hackmd.io/_uploads/BkxygRrbA.png) ![image](https://hackmd.io/_uploads/ByPklABWC.png) ![image](https://hackmd.io/_uploads/Sy1ee0S-R.png) ![image](https://hackmd.io/_uploads/r1txxRSb0.png) ## Enable Autologon as limited-privilege user ***This step was actually done very close to the end during the finishing touches stage*** Double-click executable to begin ![image](https://hackmd.io/_uploads/H1x5s8Lb0.png) Agree, because we all read it that one time ![image](https://hackmd.io/_uploads/rkHTj88ZR.png) Set it using the local limited-privilege credentials ![image](https://hackmd.io/_uploads/Hky-hIL-C.png) ![image](https://hackmd.io/_uploads/HJ8WnL8WR.png)