Windows Server VM
Last updated
Last updated
I usually go with a Windows Server 2022 VM with VMWare or Virtualbox. I have VMWare Workstation Pro as Broadcom bought out VMWare and made it free, you just need an account with them. You can go with either VMWare or Virtualbox, both work and it just comes down to personal preference on the application and what you're use to.
Obviously your setup may differ depending on your system specs. I typically go with 4GB(4096 MB) of RAM per VM, 2 processors and 2 cores per processor but I am running with 32GB of RAM and an Intel i7-10750H.
If you need to, you can start with 4 or 8GB of RAM and 2 processors and 2 core per processor, for the install so it goes faster then drop it down to 2 or 4GB of RAM and 2 processors and 1 core per processor for the victim machines.
Starting with typical setup
I add the .iso after
Name the VM and where it's stored
How much space you want the VM to have. Note that this is not how much space it will take up unless it ends up using all 100GB. I also keep mine as a single file as I keep this on one machine rather than multiple.
Now we can customize the hardware for it.
For install purposes, I up it to 8GB of ram and 4 Processors. Also add in the .iso file now.
When finished, click close > finish > turn on the VM. Be sure to click into the VM to press a button when it starts.
this section is all just defaults of clicking Next
I select the option with a Desktop Environment.
I go with the custom installation option.
Select the hard drive and click next
Wait for the install process to finish and restart
When it restarts it will ask you for your Administrator password, use whatever you'd like, just remember this is for a lab environment, so it should be something simple/crackable.
Log in with the password you just set. Select "Yes" when asked to have the PC discoverable.
I usually start with installing VMWare tools and renaming the PC. When it comes to Installing VMWare tools, I do the complete installation and choose "no" to restarting as we will restart after we rename the PC. To rename the PC, open the start menu and type in "rename".
Select "Rename this PC" and give it a new name. Remember this is your Domain Controller(DC).
It will prompt you to restart your PC. Restart it, log back in and we will turn this into our DC. With the Server Manager open, click manage in the top right and select "Add Roles and Features".
From here, select "Active Directory Domain Services". Then click "Add Features".
Now click "Next" until the end, then click "Install". Once it installs, select close, and we promote it to a DC. In the Server manager, in the top right, it will be a flag with a yellow exclamation mark. Select it, then click where it says "Promote the server to a domain controller".
Add a new forest and give it a name, be sure to add ".local" to the end of it.
It will ask for a password, I give it the same password as the Administrator user. This is not a secure practice, but this is for our lab environment.
From here, click "next" until we can install it and it will restart the machine. Once it restarts, the login screen will show the domain name\user account, indicating your logging into the domain with the user.
Now lets add another feature, Active Directory Certificate Services. We go through the same process as adding the last feature till we can select it.
From here, it will again be, next till we can install it. Once installed, we will have another notification by the flag in the server manager.
It will be another simple, next till the end from here. Select Configure in the bottom right, and we're set!
Now lets add some users to our Domain. Make a .csv file with firstname, lastname, username, password, and ou.
Copy that to the server and open it with notepad.
Now open Powershell ISE, make a new file paste in the following code, editing your DC name.
Click the green button in the top bar.
Now in the server manager, select Tools > Active Directory Users and Computers.
Going to 'Users' we should see our list of users.
But we should also add a service account. So in the users and computers area, right click on a blank spot and select `Add User`.
Name it SQL-SVC and give it a weak/crackable password, like P4ssw0rd123!. Then in an Admin command prompt run the following, ensuring that you choose an arbitrarily large port, not a common one. This will change the account to a service account by assigning it an SPN.
Now also, give the SQL-SVC user a description by right clicking on it, and selecting properties.
From the Server Manager, on the left hand side, select 'File and Storage services', then select Shares
In the top section, select Tasks, New Share. In the new Window, select SMB Share - Quick.
Click next till you get to give it a share name, then next till you create it.
Now is when you will want to shut down the VM and adjust RAM and Processors if needed. Drop it for 2GB or 4GB of RAM and 1 or 2 processors.
I recommend setting a static IP for the server so it doesn't change when turned on. Open the Control Panel from the Start Menu, in the top right, change Category to Large or Small Icons, your choice. Then select Network and Sharing Center.
In the left panel, select Change Adapter Settings, then right click on the adapter and select properties.
Select Internet Protocol Version 4 (TCP/IPv4), and select properties.
Now open command prompt and run ipconfig
In the Properties window, change it to be either the same IP or something very close.
I HIGHLY recommend creating a snapshot after you have this done and setup so that way you can always revert back to that snapshot if needed if something breaks or you just need to clean things up.
Now I am going to take this tip from John Hammond. After you create the Snap Shot, I recommend going into the VMs options, changing the name to Some form of Template and Options and enabling Template mode. So clone the VM choosing the Snapshot when we want to make a VM using this one so we don't have to re-create the VM from scratch every time.
IF you want the other VMs that will join this Domain to have Windows Defender disabled, I recommend doing this for simplicity sake, IF you are pentesting against this and having another VM setup with Defender Enabled to test things against that.
Start Menu > Group Policy > Right Click and Run as Admin
Right click on out domain and Create a new Group Policy in this domain (Top option).
Name this "Disable Windows Defender"
Right click on newly added "Disable Windows Defender" GPO on the left and Edit it
Drill Down: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus
Double click on the "Turn off Windows Defender Antivirus" > Enabled > Apply > Ok
Close out of the Group Policy Management Editor and on the Group Policy Management Window, with the Disable Windows Defender selected, if 'Enforced' says no, right click on it, and enforce it
Now we are done!
Again, I HIGHLY recommend creating a snapshot after you have this done and setup so that way you can always revert back to that snapshot if needed if something breaks or you just need to clean things up.
