Lab 10.1: Windows Logging
Install AD
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName “paul.local”
$pw = Read-Host -Prompt 'Enter a Password for this user' -AsSecureString
New-ADUser -Name paul.gleason-adm -AccountPassword $pw -Passwordneverexpires $true -Enabled $true
Add-ADGroupMember -Identity "Domain Admins" -Members paul.gleason-adm
Install-WindowsFeature DNS -IncludeManagementTools
Add-DnsServerPrimaryZone -NetworkId “172.16.150.0/24” -ReplicationScope “Domain”
Add-DnsServerPrimaryZone -NetworkId “172.16.200.0/28” -ReplicationScope “Domain”Firewall Rules
MGMT-to-LAN
set firewall name mgmt-to-lan rule 30 action accept
set firewall name mgmt-to-lan rule 30 description “Allow adds service”
set firewall name mgmt-to-lan rule 30 destination address “172.16.150.100-172.16.150.250”
set firewall name mgmt-to-lan rule 30 destination port “53,88,135,389,445,686,1024-65535”
set firewall name mgmt-to-lan rule 30 protocol “tcp_udp”LAN-to-MGMT
set firewall name lan-to-mgmt rule 50 action accept
set firewall name lan-to-mgmt rule 50 description “Allow adds service”
set firewall name lan-to-mgmt rule 50 destination address “172.16.200.11”
set firewall name lan-to-mgmt rule 50 destination port “53,88,135,389,445,686,1024-65535”
set firewall name lan-to-mgmt rule 50 protocol “tcp_udp”WKS01 onto Domain:
DNS configuration:
Join Domain:
https://www.itechguides.com/join-windows-10-to-domain/
Wazuh Install Windows:
WKS01
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.10-1.msi -OutFile ${env:tmp}\wazuh-agent-4.3.10.msi; msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.10.msi /q WAZUH_MANAGER='172.16.200.10' WAZUH_REGISTRATION_SERVER='172.16.200.10' WAZUH_AGENT_GROUP='windows'
NET START WazuhSvcMGMT02
sftp paul@172.16.150.0:wazuh-agent-4.3.10-1.msi ${env:tmp}\wazuh-agent-4.3.10.msi
msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.10.msi /q WAZUH_MANAGER='172.16.200.10' WAZUH_REGISTRATION_SERVER='172.16.200.10' WAZUH_AGENT_GROUP='windows'
NET START WazuhSvc