# Active Directory Lab > **Lab Requirements** > > * 1 Windows Server > * 2 Windows 10 Workstations > * 60 GB Disk space > * 16 GB RAM * Proceed with installing a Windows Server 2022 VM and two Windows 10 VMs inside VMware * For each of them install the VMware tools *** ## Windows Server 2022 🔗 [Win Server 2022 Evaluation iso - direct link](https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso) * Hostname - `HYDRA-DC` * User (domain admin) - `administrator`:`P@$$w0rd!` * **IP** - set a static IP * `Control Panel\Network and Internet\Network Connections` * IPv4 IP - `192.168.31.90` (in my lab) * Add the following server roles * Active Directory Domain Services * Active Directory Certificate Services * Domain - `MARVEL.local` * **Active Directory Users and Computers** * Copy the `Administrator` user and create a second domain admin * `tstark`:`` * Copy the `Administrator` user and create a service account * `SQLService`:`MYpassword123#` * Create new users * `fcastle`:`Password1` * `pparker`:`Password1` * **File and Storage Services** * Create a new SMB Share Quick - `hackme` * **Group Policy Management** * Create a new Enforced GPO - `Disable Windows Defender` * Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus - Enable `Turn off Microsoft Defender Antivirus` * **SPN** - Register the Service Principal Name - SQLService ```bash setspn -a HYDRA-DC/SQLService.MARVEL.local:60111 MARVEL\SQLService # Query for SPN setspn -T MARVEL.local -Q */* ``` ![](/files/ffwS9UrAROA8404smmIU) * Open `Powershell` as admin and set timezone ```bash Set-TimeZone "W. Europe Standard Time" ``` *** ## Windows 10 🔗 [Windows 10 Enterprise iso](https://www.microsoft.com/en-us/evalcenter/download-windows-10-enterprise) * Hostname1 - `THEPUNISHER` * User - `frankcastle`:`Password1` * Hostname2 - `SPIDERMAN` * User - `peterparker`:`Password1` * **IP** - set the DNS to the DC IP - `192.168.31.90` * Join both VMs to the `MARVEL.local` domain * Login using `MARVEL\administrator`:`P@$$w0rd!` * `Edit local users and groups` * Reset password and enable local `Administrator`:`Password1!` * Add the domain users to the Administrators group * `fcastle` for `THEPUNISHER` VM * `fcastle` and `pparker` for `SPIDERMAN` VM * Go to Network and turn on `Network discovery and file sharing` `SPIDERMAN` - Logoff and login locally to `.\peterparker`:`Password1` * **Map Network Drive** - `\\HYDRA-DC\hackme` , reconnect at sign-in, using different credentials *** | VM | IP | | ------------------------ | ------------- | | hydra-dc.MARVEL.local | 192.168.31.90 | | spiderman.MARVEL.local | 192.168.31.92 | | thepunisher.MARVEL.local | 192.168.31.93 | * Set `/etc/hosts` in the Kali VM ```bash 192.168.31.90 hydra-dc.MARVEL.local 192.168.31.92 spiderman.MARVEL.local 192.168.31.93 thepunisher.MARVEL.local ``` *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.syselement.com/tcm/courses/peh/4-active-directory/1-ad-lab.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.