Systems:<\/p>\n\n\n\n
- \n
- POS: 6 Point-of-Sale systems (POS) used to make sales and lookup inventory<\/li>\n\n\n\n
- Management PC: Management PC is used to enter and modify inventory<\/li>\n\n\n\n
- Active Directory Server: Used for management<\/li>\n\n\n\n
- Book Database (inventory) System\u2014Retains inventory of books and sales, Runs on a separate server.<\/li>\n\n\n\n
- File Share: Used to share documents with staff.<\/li>\n<\/ul>\n\n\n\n
Domain Name: SmallBookCompany.com<\/p>\n\n\n\n
Policies:<\/p>\n\n\n\n
- \n
- Must have a password policy on computer resources<\/li>\n\n\n\n
- Must have Windows Firewall enabled on all computer resources<\/li>\n\n\n\n
- The Administrator for the system must be able to edit policies<\/li>\n<\/ul>\n\n\n\n
Additional:<\/p>\n\n\n\n
- \n
- Must implement a backup plan<\/li>\n<\/ul>\n\n\n\n
Let us start!<\/p>\n\n\n\n
For the lab, I implemented AGDLP(Account, Global Group, Domain Local Group, Permission). I created the domain SmallBooksCompany.com. In the domain, I created 3 organizational units: Sales, Managers, and BookFacility. The sales organizational unit contains global security group Sales and domain local group Sales Resources. Managers organizational unit contains global security group Managers and domain local group Managers Resources. BookFacility contains domain local group Servers.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final1.png\")
<\/figure>\n\n\n\nFirstly, as illustrated above, I created Active Directory PC used for management, and a Book Database server used to retain an inventory of books and sales. I created domain local security group Servers that contain Active Directory PC, Book Database server, and built-in Administrator.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final2.png\")
<\/figure>\n\n\n\nAbove is an overview of Sales OU. I created 6 POSs and 1 global security group with the users shown above. The users go to the global group, and resources and permissions go to the domain local group.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final3.png\")
<\/figure>\n\n\n\nNext, I created Managers PC, Managers global group, and Managers Resources domain local group. I have six managers, which is certainly unnecessary, but this would not be the case in a real-world implementation.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final4.png\")
<\/figure>\n\n\n\nThe screenshot above illustrates the password policy taken into effect. I edited Default Domain Policy, so changes made are linked across the domain SmallBooksCompany.com<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final5.png\")
<\/figure>\n\n\n\nFirewall rules are configured by me. For public profiles, both Inbound and Outbound connections must be blocked because we do not want unattended online activities.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final6.png\")
<\/figure>\n\n\n\nIn the default domain policy, under the delegation tab, I added Administrator along with its privileges as illustrated above. Again, changes made in the default domain policy are going to affect the entire domain.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final7.png\")
<\/figure>\n\n\n\nRegarding hardening the domain controller, I disabled the Guest account so that no one can log in as a guest.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final8.png\")
<\/figure>\n\n\n\nAbove, some audit changes were made to monitor logs, attempts to change policies and other events.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final9.png\")
<\/figure>\n\n\n\nI created a folder BookFacilityDoc and shared it across the network using Quick SMB. The above screenshot illustrates share permissions given to necessary users\/groups. As can be seen, full control was given to every known group\/user to leave the final decision on NTFS permissions. In other words, in NTFS vs Share permissions, the lowest permissions take precedence.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final10.png\")
<\/figure>\n\n\n\nHere are the NTFS permissions illustrated in the screenshot above.<\/p>\n\n\n\n
![\"\"](\"https:\/\/rasulnazriev.tech\/wp-content\/uploads\/2023\/06\/Final10-1.png\")
<\/figure>\n\n\n\nI created 3 iSCSi disks and implemented RAID-5 for redundancy. The disks should be available across the network for file sharing and storage. The RAID works as a good backup plan in case one of the disks goes down. That was my Active Directory implementation.<\/p>\n","protected":false},"excerpt":{"rendered":"
Hello dear readers. In this post, I would like to implement the following scenario in Microsoft Active Directory. Scenario: I am building a small domain for the Small Book Company, a small bookstore that wishes to have an Active Directory management system to tie together the six computers used as point-of-sale and inventory look-up, research, […]<\/p>\n","protected":false},"author":1,"featured_media":128,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=176"}],"version-history":[{"count":1,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/posts\/176\/revisions"}],"predecessor-version":[{"id":177,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/posts\/176\/revisions\/177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=\/wp\/v2\/media\/128"}],"wp:attachment":[{"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rasulnazriev.tech\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Must implement a backup plan<\/li>\n<\/ul>\n\n\n\n