Active Directory Basics — This room will introduce the basic concepts and functionality provided by Active Directory.

Windows Domains

Welcome to THM Inc.

During this task, we’ll assume the role of the new IT admin at THM Inc. As our first task, we have been asked to review the current domain “THM.local” and do some additional configurations. You will have administrative credentials over a pre-configured Domain Controller (DC) to do the tasks.

Be sure to click the Start Machine button now, as you’ll use the same machine for all tasks. This should open a machine in your browser. Should you prefer to connect to it via RDP, you can use the following credentials:

THM flag

Username Administrator

Password Password321

Note: When connecting via RDP, use THM\Administrator as the username to specify you want to log in using the user Administrator on the THM domain.

Since we will be connecting to the target machine via RDP, this is also a good time to start the AttackBox (unless you are using your own machine).

Question 1:

In a Windows domain, credentials are stored in a centralised repository called…

Answer: Active Directory

Question 2:

The server in charge of running the Active Directory services is called…

Answer: Domain Controller

Active Directory

Question 1:

Which group normally administrates all computers and resources in a domain?

Answer: Domain Admins

Question 2:

What would be the name of the machine account associated with a machine named TOM-PC?

Answer: TOM-PC$

Question 3:

Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?

Answer: Organizational unit

In Active Directory (AD), an Organizational Unit (OU) is a container within a domain that can be used to organize and manage objects like users, groups, and computers. OUs provide a way to structure and delegate administrative tasks in a more granular manner than the default domain structure.

Key points about Organizational Units (OUs) in Active Directory:

1. Hierarchy: OUs can be organized in a hierarchical structure within a domain. This allows administrators to create a logical structure that mirrors the organization’s departments, teams, or any other criteria.
2. Delegation of Administration: OUs enable administrators to delegate specific administrative tasks to individuals or groups. For example, an OU can be assigned its own set of administrators who have control over the objects within that OU without affecting other parts of the domain.
3. Group Policy Application: Group Policies (GPOs) can be linked to OUs to apply specific settings and configurations to the objects within those OUs. This allows for more fine-grained control over policies in different parts of the organization.
4. Security Group Nesting: Security groups, which are used to grant access permissions to resources, can be placed within OUs. This allows for easier management of access controls and permissions.
5. Naming Conventions: OUs can be named according to the organization’s naming conventions and can represent various entities within the organization.

For example, an organization might have OUs like:

• Finance
• Marketing
• Sales
• IT
• Users
• Computers

These OUs can then be used to structure and manage objects in a way that aligns with the organization’s structure and administrative requirements

Managing Users in AD

Follow the step-by-step instructions provided by THM

Login to THM\phillip using the credentials provided

Open PowerShell run the command provided and change the password

Login to THM\sophie and use the password that you just changed to login

Question 1:

What was the flag found on Sophie’s desktop?

Answer: THM{thanks_for_contacting_support}

Question 2:

The process of granting privileges to a user over some OU or other AD Object is called…

Answer: delegation

Managing Computers in AD

1. Workstations

Workstations stand as one of the prevalent devices in an Active Directory domain. Each domain user typically logs into a workstation, utilizing it for daily tasks and regular web activities. It’s imperative that these devices do not have a privileged user signed in.

1. Servers

Servers rank as the second most ubiquitous devices within an Active Directory domain. Their primary role is to furnish services to users or other servers, serving critical functions in the network infrastructure.

1. Domain Controllers

Domain Controllers hold the position as the third most prevalent devices in an Active Directory domain. They play a pivotal role in managing the Active Directory Domain, acting as the central hub for authentication and authorization processes. Considered highly sensitive, these devices store hashed passwords for all user accounts in the environment.

Challenge:

Since we are tidying up our AD, let’s create two separate OUs for Workstations and Servers (Domain Controllers are already in an OU created by Windows). We will be creating them directly under the thm.local domain container. In the end, you should have the following OU structure:

Now, move the personal computers and laptops to the Workstations OU and the servers to the Servers OU from the Computers container. Doing so will allow us to configure policies for each OU later.

Question 1:

After organising the available computers, how many ended up in the Workstations OU?

Answer: 7

Question 2:

Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)

Answer: yay

Group Policies

Follow THM directions to learn about

· GPO distribution

o Distribution of Group Policy Objects (GPOs) Group Policy Objects are disseminated across the network using a network share known as SYSVOL, which is stored on the Domain Controller (DC). Typically, all users in a domain should have network access to this share to periodically synchronize their GPOs. The SYSVOL share, by default, directs to the C:\Windows\SYSVOL\sysvol\ directory on each of the DCs in the network.

o After any modifications to GPOs, it may take up to 2 hours for computers to catch up with the changes. If immediate synchronization of GPOs on a specific computer is desired, the following command can be executed on that particular computer. PS C:\> gpupdate /force

· Restrict Access Control

o We aim to limit access to the Control Panel on all machines exclusively to users within the IT department. Members of other departments should not have the ability to modify system preferences.

o To achieve this, we’ll establish a new Group Policy Object (GPO) named “Restrict Control Panel Access” and proceed to edit its settings. As our focus is on applying this GPO to specific users, we’ll navigate to the User Configuration section to locate the relevant policy.

o Once the GPO is configured, we will need to link it to all of the OUs corresponding to users who shouldn’t have access to the Control Panel of their PCs. In this case, we will link the Marketing, Management and Sales OUs by dragging the GPO to each of them:

· Auto Lock Screen GPO

Authentication Methods

Kerberos and NetNTLM are both authentication protocols used in computer networks to secure communication and verify the identity of users and systems.

1. Kerberos:

• Definition: Kerberos is a network authentication protocol designed to provide strong authentication for client-server applications by using secret-key cryptography.
• Functionality: It allows entities on an open network to prove their identity to one another in a secure manner. It’s particularly used for authenticating users and services in a distributed computing environment.
• Key Features:
• Uses a trusted third party, called the Key Distribution Center (KDC), which facilitates secure authentication.
• Employs symmetric-key cryptography to secure communication between entities.
• Reduces the need to transmit passwords over the network.

1. NetNTLM:

• Definition: NetNTLM (NTLM stands for NT LAN Manager) is an authentication protocol used in Windows environments for secure communication and authentication between clients and servers.
• Functionality: It is often used for single sign-on and is the default authentication protocol used in Windows networks.
• Key Features:
• Relies on challenge-response mechanisms for authentication.
• Can be used for both local and networked logins.
• Older versions of the protocol have been criticized for security weaknesses, and newer versions of Windows have introduced more secure authentication methods.

Question 1:

Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)

Answer: nay

Question 2:

When referring to Kerberos, what type of ticket allows us to request further tickets known as TGS?

Answer: Ticket Granting Ticket

Question 3:

When using NetNTLM, is a user’s password transmitted over the network at any point? (yay/nay)

Answer: nay

Trees, Forests and Trusts

Trees, forests, and trust relationships are fundamental concepts that help organize and manage resources within a Windows network environment. Let’s break down each term:

1. Trees in Active Directory:

• Definition: In Active Directory, a tree is a collection of domains that share a contiguous namespace. It consists of a root domain and one or more child domains that form a hierarchical structure.
• Hierarchy: The root domain is the top-level domain in the tree, and each child domain is subordinate to the parent domain. Domains within a tree share a common schema and global catalog.

1. Forests in Active Directory:

• Definition: A forest is a collection of one or more domain trees that do not form a contiguous namespace. Each tree in the forest has its own namespace, and the trees are linked together through trust relationships.
• Global Catalog: A forest contains a single schema, configuration partition, and global catalog. The global catalog is a distributed data repository that contains information about objects from all domains in the forest.

1. Trust Relationships in Active Directory:

• Definition: Trust relationships establish a secure communication channel between domains, allowing users and computers in one domain to access resources in another domain. Trusts are a crucial part of the Active Directory authentication and authorization process.
• Types of Trusts:
• One-way Trust: Allows authentication in one direction only. For example, Domain A trusts Domain B, but not vice versa.
• Two-way Trust: Allows authentication in both directions. Domain A trusts Domain B, and Domain B trusts Domain A.
• Transitive Trust: If Domain A trusts Domain B, and Domain B trusts Domain C, then there is an implicit trust between Domain A and Domain C. This is called transitive trust.
• Shortcut Trust: A manually created trust between two domains in the same forest to improve authentication performance.
• Forest Trust: Establishes a trust relationship between all domains in two different forests, allowing access to resources across the entire forests.

In summary, in Active Directory, trees represent a hierarchical structure of domains with a common namespace, forests are collections of domain trees with distinct namespaces linked by trust relationships, and trust relationships facilitate secure communication and resource access between domains within a tree or across different trees and forests. Understanding these concepts is crucial for designing and managing complex Windows network environments.

Question 1:

What is a group of Windows domains that share the same namespace called?

Answer: tree

Question 2:

What should be configured between two domains for a user in Domain A to access a resource in Domain B?

Answer: A Trust Relationship