Lab Continuation: Join Windows 10 PC To Domain, Group Policy, RSOP Report

 For this one, we're going to create an account, and install Windows 10 on another VirtualBox. The new VirtualBox is going to be Desktop2 after Desktop1 and Desktop2 is going to be the User Account that we're going to work with since Desktop1 is the HelpDesk computer that we made.

Just to remind you that this is a continuation of the previous blog here.

 What we'll need to do is create another VM and this time, we are going to call it Desktop2 as our User Account.

 

The process is fairly straightforward and simple. We've already done this several times in the previous blogs and I will not show it to you again because documenting all of this stuff is mental anguish by itself.

While the Windows VM is still installing, we're going to create another account for it.

Go to the HelpDesk/Desktop1 computer and go to Active Directory Users and Computers.

 

First things first is that is to left click on the domain and create a new Organizational Unity.

 

The point of an Organizational Unit or an OU is to keep everything organized. Like you might have an OU just for HR, or IT, and so on.

For this one, we'll name our new OU as HR and click OK.

Now once that's done, go back to Active Directory Users and Computers, and create a new User Account. Left click on the User folder, go to New, and select User.

After that's done, we are going to name the user account "Patty". Fill in the forms and click Next after. I don't really have to show you anything if you've read the previous blogs anyway since we went through creating multiple accounts so it should be intuitive for you by now.

After once that's done, drag Patty's account to the HR folder. It's going to give you a prompt warning sign but don't worry about it since it doesn't matter in this context.

Now what we need to do is create another Organizational Unit and name it IT. We'll probably be doing other labs down the road so it's something to think about(that is only if I will put up with more of this torment). Click OK next.

Once you're done with that, go to the Users folder, find the HelpDesk account and drag it to the IT folder. Now we have two different OUs with HR and IT.

 

Just a side note, if you want to see Attribute Editor on a User Account, first things first is you enable the Advanced Features option on the View menu in Active Directory Users and Computers.

 

Then go to the HR folder, right click on Patty's account and go to Properties. There will be a tab that refers to the Attribute Editor.

 

Next thing we are going to do is go to Group Policy management. First things first is go to Server Manager, go to the Tools tab, and click Group Policy Management.

 

Once that's done, it will open a new window or mcc for the Group Policy Management.

Go to the Forest area and click on the Domains folder. You'll see our domain section. That's where we'll go to see our domain's group policy.

 

Once you're in, just go to the other dropdown options and go to Default Domain Policy. Once we're there, go to the Settings tabs. It's the only important thing that we care about.

If you're brand new to IT, and you don't know anything about Group Policy, you'll get calls all the time like "how long is my password for?" or "when does it expire?" and all that whether they're asking about how many logon tries you get or the required complexity of a password. I would just straight up go to where we're at right now in this situation or maybe take a screenshot of the whole thing and save it somewhere else. You can also tweak the policies depending on you if you want(something that I will not dwell into).

Once that's done, go back to the Windows client we just made. Change the client name to Desktop. For that, we go to Windows Explorer, right click on This PC and change its name and restart the computer. We've already done that in the previous blogs before so I don't want to tell you how to do it.

One thing we want to do is that we should have one uniform admin account for all the computers. Go back to Desktop2, go to Windows Explorer, right click on This PC and hit Manage.

Then it'll open Computer Management.

Once you're there, go to Local Users and Groups. Go to the Users folder and then click the Administrator account and then enable it by deselecting the "Account is disabled" button.

After that, click Apply, and then OK. Once that's done, right click on the Administrator account and click on Set Password. Go through all of it and you don't have to actually set a legitimate password right now for it.

Sign out of Desktop2, and login again as Administrator. It should give you that option once you're in the Sign In page.

First things first is that we have to delete an account. Go to This PC's properties, and go to Advanced System Settings. Then once you're in, go to User Profiles.

The thing that we have to do here is delete a local account, and in my case, Jaquan is a local account that we have to delete.

 

The last thing that we have to do is change our IP address to fit in with the host and add it to the domain. Go to Control Panel > Network and Sharing > Change Adapter Setting and go to your Ethernet's IPv4 address settings where you manually input your IP address to Static. Here's the input:

After that's done, change the Network setting of the Virtual Machine by going to the menu Devices > Networks > Network Settings and change NAT to Host-Only Adapter.

Now the last last thing we have to do is to add Desktop2 to the domain and making it a part of stealytek. Go to the same spot where we renamed our computer and select the Domain button instead of Workgroups. You'll see the option where you can input your domain name. Type it in(stealytek.com) and once you click OK, it'll ask you for credentials on an account that has permission to join a domain.

It'll then ask you to restart the computer. Go ahead and restart. If you go back to Desktop1 and check Active Directory Users and Computers, you can see Desktop2 on the Computers folder. Sign out of Desktop2 and try to login as another user. We'll use one of the HR User Accounts named Patty which is the one we made before. Log in as her, put in the password that you set up a while back, and then we are finished. We have another computer in the domain.

We are good to go after that. That's all I've got for you all.