Setting Up a Windows Server 2019 VM
A virtual machine(VM) is the virtualization or emulation of a computer system. It’s a way to run a computer system such as windows or linux. You can use this to test new/other features, software, configurations, etc.
VM software that is used to emulate other computer systems are VMWare Workstation Player (Free version), VMWare Workstation Pro (Paid version), or Virtualbox. I have VMWare Workstation Pro but Player works just as well. You can go with either VMWare or Virtualbox, both work and it just comes down to personal preference on the application and what you’re use to. There’s minor differences between the two for most end users.
Obviously your setup may differ depending on your system specs. I typically go with 4GB(4096 MB) of RAM per VM, 2 processors and 2 cores per processor but I have a bit beefier machine. If you need to, you can start with 4 or 8GB of RAM and 2 processors and 2 core per processor, for the install so it goes faster then drop it down to 2 or 4GB of RAM and 2 processors and 1 core per processor.
Windows Server 2019
You can find a link to Evaluation ISOs here on Microsofts website.
Start with our Typical Configuration that we did in the Windows 10 VM Setup with the defaults. Once we load the ISO, boot, and “Install Now”, Choose the “Windows Server 20XX Standard Evaluation (Desktop Experience)”
Accept the EULA and do a Custom Install
Click Next
Let it install and reboot, after install is done and bring you to a screen to set your Admin password.
After that you should be good to log in!
Post Install
Now we install VMWare tools with VM > Tools > Install VMWare Tools
Now we can open File Explorer and go to “This PC” to run the Installer.
This is a typical install, just click next through it all. This will ask to restart the PC, but don’t do that yet, we will have to restart anyway in the next parts of the setup.
Now is when you will want to shut down the VM and adjust RAM and Processors if needed. Drop it for 2GB or 4GB of RAM and 1 or 2 processors.
I HIGHLY recommend creating a snapshot after you have this done and setup so that way you can always revert back to that snapshot if needed if something breaks or you just need to clean things up.
Now I am going to take this tip from John Hammond. After you create the Snap Shot, I recommend going into the VMS options, changing the name to Some form of Template and Options and enabling Template mode. So clone the VM choosing the Snapshot when we want to make a VM using this one so we don’t have to re-create the VM from scratch every time.
Domain Controller Setup
We have our Server Dashboard open
To set this up for our domain controller, in top right: Manage > Add Roles and Features
Most of this will be standard of clicking next
Role-based or feature-based Installation
Now is where we select “Active Directory Domain Services”, with the popup, Select Add Features, then click next.
From here it’ll be “Next” till the end. Click Install and let it install
Installed!
Now we should name our Domain Controller. Start Menu > Search for “Rename”
Click “Rename this PC”
Rename it to what you see fit
Restart the VM
Our Dashboard is showing us a “Warning” Dialog
Click Promote this server to a domain controller
We’re going to add a new Forest and give it a name
Give the DSRM a password. I set it the same as the Admin password. (Not the most secure, but this is for a lab environment)
Then from here it’ll be standard Next to Install
This screen may take a min to finish loading
Now we install it
Once done will automatically reboot. After reboot and login, we should now see
After we Setup user machine and connect them to the Domain, we will do more.
Post Setup Setup
Now that we have the basics out of the way, lets add some users, groups, and policies.
From the Server Manager Dashboard > Tools (Top Right) > Active Directory Users and Computers
I’m going to make a separate Organizational Unit (OU) for Groups just for organization.
Right Click on the Domain.local > New > Organizational Unit
Then Select all the Groups and Drag them into the Groups Folder, so there should only be Administrator and Guest in the Users folder and all the groups in the Groups folder. Easy.
So let’s add our Users. Right click in a blank area in Users > New > User
Add some users and choose the naming convention. For my example my user doesn’t have a last name but if you choose to and want to have a naming convention of first.last or FLast or FirstL, this is where you do that.
Give the user a password, uncheck making the user change the password, and set the password to never expire. This is a VERY bad practice but for a lab environment things will setup a little different than in the real world, at least we hope.
Make another user BUT instead of creating it, right click on Administrator, copy it, and follow the same procedure. This will create a second Domain Admin account.
Create a second base normal user as well.
Now we’re also going to setup a file share. From the Server Manager Dashboard > File and Storage Services (Left Hand Side) > Shares
From the top click on Tasks drop down and select new share > SMB Share - Quick > Next
Give the share a name
Then just click next till it asks you to create it, create the share.
Now we are done!
Optional: Disable Windows Defender
IF you want the other VMs that will join this Domain to have Windows Defender disabled, I recommend doing this for simplicity sake, IF you are pentesting against this and having another VM setup with Defender Enabled to test things against that.
Start Menu > Group Policy > Right Click and Run as Admin
Right click on out domain and Create a new Group Policy in this domain (Top option).
Name this “Disable Windows Defender”
Right click on newly added “Disable Windows Defender” GPO on the left and Edit it
Drill Down: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus
Double click on the “Turn off Windows Defender Antivirus” > Enabled > Apply > Ok
Close out of the Group Policy Management Editor and on the Group Policy Management Window, with the Disable Windows Defender selected, if ‘Enforced’ says no, right click on it, and enforce it
Now we are done!
Again, I HIGHLY recommend creating a snapshot after you have this done and setup so that way you can always revert back to that snapshot if needed if something breaks or you just need to clean things up.