Lab Continuation: Windows 10, Join PC to Domain, Installing RSAT tool, and Server Manager

 Today what we're gonna do is install Windows 10 on a VM, join that to a domain and some other things so let's get started. First thing's first is to download the Windows 10 ISO file which can be downloaded here. 

I've already explained how to download the ISO file from the installation media from my first blog but I will just paste it here just for the sake of it:

 For home Windows, download the installation media and make an ISO file off of it.

First thing that we have to do is install a Windows 10 virtual machine on VirtualBox. The process for it is basically the same thing when we made a VM with Windows Server 2016 so there's no point in bringing it up all over again and you can just go back to the previous blog that I did which I already linked. Just to let you know to pick Windows 10 Pro at the setup.

After it's installing, what I want to do is open the Windows Server VM and make it a static IP. Why are we doing that? Because we don't have a Cisco Router, we don't have a Switch, and we basically don't have anything we could put in a server or a router, and if you try to use the IP address of your ISP, it's going to give you tons of problems and we don't want to do that.

We want to have our own lab with a static IP. We want to make a fake IP address and we're going to add that computer to a domain as well. While the other Windows 10 VM is still installing, go to the Windows Server 2016 machine, click the Start button and go to Control Panel > Network and Sharing Center > Change Adapter Settings.

Once that's done, click on Ethernet, then to its Properties, and then the TCP/IPv4 section until it shows like this.

Since we are going to use a static IP address, we can fill in our own made up IP address but first, click on the Use The Following IP Address radio button.

For my own lab, my inputs were:

• IP Address: 10.1.10.2
• Subnet Mask: 255.0.0.0
• Default Gateway: 10.1.10.1
• Preferred DNS Server: 10.1.10.2
• Alternate DNS Server: 10.1.10.1

 Next what we'll do is go to the Devices tab at the top left of the Virtual Machine, then go to Network > Network Settings. Once you get there, at the Attached To: section, choose "Host-only Adapter" and click Ok once you're done.

Go back to the other VM that we have which is the Windows 10 that we made. At the setup, make sure to create a local User account. Don't worry about the password for now as we'll try to do something else for a bit. I'm going to show you how to enable the admin account. There's usually an admin account by default on Windows 10 so we'll do that.

Once we're at the desktop on Windows 10, click on Windows Explorer, right click on This PC, and hit Manage. Since we're already using an admin account by default, you won't get prompt by UAC. Once Computer Management opens, you want to go to the Local Users and Group folder, go to the Users folder, and right click on the Administrator account, and hit Properties.

Uncheck Account is Disabled and leave the Password Never Expires box alone. Hit Apply and then Ok.

PROTIP: When you see a small arrow icon pointing down on the users, it means it's disabled.

Right click on the Administrator again and what you'll do is Set Password, and then proceed. It'll prompt you for a new password. You can pick whatever you want but for my example, I chose "welcome1" as my password for the Administrator account.

Close out all the remaining applications and go right click on Start, and Sign Out. Once you're at the Login screen, you'll be able to see the Administrator account which has already been there by default and we weren't able to see it until we enabled it at the Computer Management settings.

Go click on the Administrator account instead and type in the password you placed for it, which for me is "welcome1".

Once you login, go back to File Explorer and right click This PC and hit Manage again. Once Computer Management opens, you need to go to Local Users and Groups > Users and delete the local User account that we made a while back. What we were trying to do was enable the Administrator account in our local system.

Sign Out once more and you'll see we only have Administrator around. Keep that in mind that the screen is different here compared to once we login to a Domain Controller.

We want the Windows desktop to be for the Help Desk person that's going to help users. Basically we want this desktop to have access to things like Server Manager, and what Server Manager has. When you work at IT or Help Desk, you are not going to have that much access or privilege with Server Manager, it's just too much.

We want the Help Desk desktop we're setting up to only have access to the essentials of the applications that are in Server Manager. Go to the Start menu of our Windows 10 desktop, search "programs" and then go to Add or Remove Programs. 

After that, we want to go to Optional Features and hit Add a Feature. Once we're in, you want to scroll down and click on the following features:

After that's done, you want to hit Install. RSAT gives you the ability to have Active Directory Users and Computers on a Windows 10 machine. You can install Active Directory on Windows 10, you just have to download RSAT tools for that.

As a Help Desk person, you won't be able to access Server Manager just remember that. Obviously, if you do Help Desk or IT Support, they will never give you access to Server Manager unless you're like Level 2 or a sysadmin. For this lab environment, we're installing a bunch of things that we normally don't have a bunch of access to. The point is that we can access Active Directory Users and Computers on a Windows 10 desktop where we'll have everything we need in our laptop or computer, without login in or connecting to a server.

Once it's installed, click the Start menu and check Windows Administrative Tools. You'll pretty much see the essentials you need to work with.

Next thing we will do is just restart the machine just because sometimes when you install those things, they don't work properly at first. Just remember that you'll have access to these tools if you're Help Desk unless your company is limited, then that's another issue. 

Next thing we'll do is open one of the tools we've installed. I recommend opening Users and Computers just to see what's up. It'll give you a bunch of error messages which isn't really that much of a problem. Once that's open, there's really nothing inside of it for now.

As a Help Desk/IT person, you want to add the Windows machine/computer to our domain. Remember that we already placed our static IP address for our Domain. Open up command prompt and type in ipconfig and we see our IPv4 address being 10.1.10.2. You need to know the IP address of your domain or any specific domain otherwise you can't connect to said server. Anyone can have whateverwebsite.com for their domain name but the IP address is what makes the difference.

So we downloaded everything we needed right now, now we want to add the Windows machine to our domain. Before we do that, we want to rename our computer. Go to File Explorer, right click on This PC and hit Properties. Once its open, scroll down and hit Advanced System Settings.

Once System Properties opens, hit the Computer Name tab and hit the Change button. It'll open up a new Window where it'll give you the option to change names. How you name it depends on you but for this lab, I'll rename it to Desktop1. Once you're done, just hit OK. Every time you change your computer name, it's going to ask you to restart the computer, so just go on and restart it.

Remember your local admin account because we're going to go over that as well. The computer that we have right now is named Desktop1 and we'll have another computer that we'll place to be our client placeholder.

Once it's done restarting, next thing we'll need to do is open Microsoft Edge. Go to google.com and download Chrome. Once Chrome is installed, go to google again and download Teamviewer. Once the setup is downloaded, open it to install Teamviewer.

Once that's done, Teamviewer will automatically open after installation. 

Now what we need to do is actually add the computer to our domain. If you try to ping our domain's IP address, you won't be able to, so what we need to do is go to the Start menu again, type Control Panel, hit View Network Status and Task, click Change Adapter Settings, double click on your Ethernet, click Properties, and go back to TCP/IPv4. We're using a static IP for our computer so we will have to manually input our IP address. 

If you've noticed by now, it's the same or similar to our Windows Server but Desktop1's IP address is 10.1.10.3 compared to our domain's IP address which is 10.1.10.2. 

Even with both the IP addresses being similar, if we try to ping our domain's IP address from our Windows machine, we're still not able to access it and it'll just give us a hard time. 

One thing we need to do is go to the top left menu at hit Devices > Network > Network Settings and change it from NAT to Host-Adapter Only like we did last time with our domain. When we try to ping it from CMD, it'll start working as we intended it to.

Once again, go to File Explorer, right click on This PC and hit Properties. Once its open, scroll down and hit Advanced System Settings. Once System Properties opens, hit the Computer Name tab and hit the Change button. One thing different though is that instead of Workgroup, select the Domain option instead and write down the domain name. Mine was stealytek.com so that's what I'm putting.

It'll prompt you for a login and all you'll have to put in is the administrator user name and the password for our domain. Once that's done, it'll welcome you to the domain and it'll briefly ask you to restart the computer. Go ahead and restart. 

Let's go back to the Windows Server machine. It should be on our domain now. Go to Active Directory Users and Computers, click on the left arrow of our domain name(stealytek.com), and go to the Computers folder. You'll see the Windows 10 machine we setup there with the name DESKTOP1.

Go to the Users folder and look up the HelpDesk account we made from copying a while ago and reset its password from right clicking it. We're going to try logging in with HelpDesk. Back to our other machine, if you check the login section, we'll have both local account and an account to log in to the domain. 

Login on the other user using the HelpDesk account that we recently changed the password to and it'll be up and running.

Once you're logged in, go to the Start menu, and scroll down to the Windows Administrative and open Active Directory Users and Computers. You'll see that you can access the RSAT tools now. Now you'll have access to the essential tools needed for a Help Desk computer.

Note that if you're a beginner IT person, you'll probably be able to only access the Users and Computers and don't have the same permissions as a Level 2, 3 or sysadmin have.

That's all for today. It was a colossal task to even work on this blog but it was worth it. Might be a continuation for tomorrow as I still need to practice working and knowing how to navigate Active Directory and I have other things that I want to at least work and focus on outside of just learning IT stuff. Trying to juggle between all of them is physically and mentally exhausting but it is what it is.

There will be other projects besides using Active Directory so I will stay put for now and call it a day.