/Basic-Windows-System-Administration

CSC Lecture for 02/16/2019

Basic Windows Auditing

Using Windows Server 2012

Server Manager

Quickest place to identify services, install new ones, or reconfigure existing ones.

Check for updates

Server Manager -> Local Server -> Windows Update

or

Control Panel -> System and Security -> Windows Update

Date and Time Settings

Server Manager -> Local Server -> Time Zone -> Internet Time

Computer Name

Server Manager -> Local Server -> Computer Name

Remote Desktop

Server Manager -> Local Server -> Remote Desktop

Windows Firewall

Server Manager -> Local Server -> Windows Firewall

Configure Static IP

Server Manager -> Local Server -> [NetworkCardName](ex. Ethernet0)

  • Right click network interface
  • Click status
    • Details will give you information related to your IP address, DNS server, etc.
    • Properties will let you set a static IP address
      • Open up IPv4
      • Select use the following IP address
      • Enter IP settings

Adding Roles and Features

Server Manager -> Dashboard -> Add roles and features

  • Here you can install services like:
    • Active Directory
    • DNS
    • File server

Active Directory

Add organization units, users, and groups.

Setting user logon hours

Active Directory Users and Computers -> Right click user account -> Properties -> Account -> Logon Hours...

Group Policy

Default Domain Policy

Policies in here span across the entire domain. Right click edit in hierarchy to edit rules.

Password Policies

Default Domain Policy -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

Account Lockout Duration Policy

How long do you have to wait to try entering another password after failing X times?

Default Domain Policy -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Account Lockout Policy

Set a custom group policy (Ex. Machine inactivity)

Create the new policy:

Right click -> Create a GPO in this domain, and Link it here... -> Name it and press okay

Edit the policy settings:

Right Click Policy -> Edit... -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Machine inactivity limit

Note: TechNet is a good place to look to reference common group policy rules.

DNS Manager

Holds HOST records (computers on the network) and aliases (CNAME) for hosts (popcorn.microrave.net)

DNSManager

Firewalls

Windows Advanced Firewall

Nice GUI for implementing firewall rules. If you are not writing rules for the domain controller, this interface provides enough functionality to implement what you need. To script firewall rules we use netsh, let Tristan know if you want some material on how to use it (see https://github.com/Grubbly/Netsh-Firewall-Maker)

Process Explorer

Get an in depth view of processes and what child processes they are running. This is helpful for finding hidden red team scripts.

Zenmap

A GUI for nmap that can be used on windows. This is handy if you need to whip up a quick network diagram with all your hosts on it.

See https://youtu.be/I8mfnOOpe4E for more.