Introduction
Hello and welcome back to the second blog post in this Active Directory blog series! In this blog post I will discuss how to install and configure a Windows 11 end-user machine to work within the domain controller that we installed in the previous post.
This blog series will be based upon the Active Directory portion of TCM Security’s Practical Ethical Hacking course. I completely recommend you check it out to learn more about Active Directory hacking, but also information gathering, enumeration, vulnerability scanning, web application exploits, Linux hacking, and more. Here is a link to check out the course:
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
You can also watch an older version of the Active Directory portion of the course for free on YouTube here:
We will be creating a total of two end-user virtual machines for this lab environment. I will only detail the process for one and you will need to repeat the instructions for the other one.
The effect that these Windows 11 machines with have on our environment is to be able to perform different exploit techniques to gain unauthorized access to the domain controller. This will help us learn different techniques that adversaries will use and how we can defend against them as security analysts and security engineers.
Configure the Virtual Machine
As with the previous blog post, we will be creating this Active Directory lab environment within VMware Workstation Pro. You can find more about the solution that I am using at this URL:
https://www.vmware.com/products/workstation-pro.html
The first step of this process is to download the ISO file to install on our virtual machine. You can down a free evaluation copy of Windows 11 Enterprise from this link:
https://info.microsoft.com/ww-landing-windows-11-enterprise.html

Select “Create a New Virtual Machine” to initiate the virtual machine configuration process.

We will opt for a standard configuration in this case.

Find the Windows 11 ISO file you downloaded in the previous step and choose it for the virtual machine’s setup process.

You have the freedom to assign any name to the virtual machine. It’s advisable to name it based on the user account you plan to create within this virtual machine. While I’ll decide on the names later, you may proceed to name it now.

Because Windows 11 requires a TPM for operation, setting up a password is necessary. You have the flexibility to choose any password, but ensure it’s memorable. If preferred, you can save the password in the credential manager for easy access.

You may set up the virtual machine with the recommended size, which will suffice for this lab environment.

Should you wish to modify any hardware specifications of the virtual machine, click on “Customize Hardware.” This action opens a menu allowing adjustments to various hardware settings, including memory, processors, and network adapters. It’s crucial that all machines in this lab are configured to use NAT for their network adapter.


Once you’re happy with the hardware specifications, you can complete the setup process and boot up the system.


Next, we’ll proceed with the installation of the Windows 11 operating system, ensuring all necessary components are properly set up.
Install Windows 11
After the Windows 11 virtual machine has completely started, you will be presented with this setup window. Adjust these settings to suit your preferences and requirements.

Proceed by selecting “Install Now.”

To continue, you must accept the notices and license terms.

We will opt for a custom installation of Windows.

Upon the appearance of the custom menu, select the “new” option, which will divide the virtual disk into three distinct partitions. Choose the primary partition type for the installation of Windows 11.

Once you click “Next,” the installation process for Windows will commence. This will require some time to complete.

Following the completion of the installation, the next step will be to configure the newly installed Windows virtual machine.
Configure Windows 11
Once the installation concludes, you’ll be asked to choose your country or region.

Next, select the keyboard layout that best suits your needs.

If necessary, you have the option to add a second keyboard layout at this point.

At the time I was setting up this virtual machine, I encountered a lack of network connection. Nonetheless, if you do have internet access, the setup process will be similar. If you’re without an internet connection, you can still proceed further without it.


At this stage, you will assign a name to your user for the virtual machine. I plan to name my first end-user machine after the Sahara Desert.

Here, you will establish the password for the local user of this virtual machine.

You are required to set up three distinct security questions for this virtual machine. Feel free to fill these out according to your preference.

I choose to disable all options on the privacy settings screen. You should adjust these settings based on what you’re most comfortable with.

Once you navigate past that screen, Windows will complete the initial setup process and reboot after it concludes.

After signing into the Windows machine, it’s highly recommended to create a snapshot of the virtual machine image. This step is crucial as it allows you to revert back to a clean installation if necessary. A snapshot captures the exact state of the virtual machine at the time it’s taken, serving as a safety net. Whether you encounter issues in the future or wish to test different configurations without altering the base setup, having a snapshot ensures you can easily return to a known, pristine state without the need to reinstall Windows from scratch. This practice is particularly important in environments where stability and the ability to quickly recover from errors are paramount.

To activate essential features, like full screen mode, improved graphics performance, and seamless mouse integration, installing VMware Tools on your machine is necessary. VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s operating system and improves the management of the VM. It facilitates better interaction between the host and guest operating systems, ensuring smoother operations, including file sharing, clipboard sharing, and drag-and-drop functionality. This installation is a key step in optimizing your virtual machine for a more efficient and user-friendly experience.
Navigate to VM -> Install VMware Tools… to initiate the installation process.

Execute the setup64.exe file to start the installation.

Select “Next” to proceed.

Choose the “Complete” setup type option for this installation.

Select “Install” to begin the installation process.

The installation process will take some time to complete.

Once the installation is complete, click “Finish.” You should now notice the new functionality. Try resizing the virtual machine window to see the improvements.

You will be prompted to restart your system to apply the configuration. Select “No,” as we need to configure one additional setting before restarting the virtual machine.

Use Windows search, type in “name,” and open the setting that displays your PC’s name.

Once the setting is open, you should see the option to “Rename this PC.” Click on it.

You should rename your PC to match the username you assigned to this Windows 11 machine earlier.

Now, you can restart the PC to allow all the new configurations to take effect.

If your hardware specifications permit, it would be advantageous for your learning experience in this environment to set up another Windows 11 virtual machine in the same way.
By this stage, you should have successfully deployed one (1) Windows Server AD domain controller virtual machine and two (2) Windows 11 Enterprise virtual machines, enhancing the complexity and functionality of your lab environment.
Conclusion
As we conclude this segment on setting up a Windows 11 end-user machine within our Active Directory lab, it’s clear the groundwork we’ve laid is pivotal for a hands-on learning experience. This step-by-step process, from downloading the Windows 11 ISO to the detailed customization and installation, sets a strong foundation for a practical understanding of Active Directory.
With the setup of one Windows Server AD domain controller and two Windows 11 Enterprise virtual machines, we’ve established a simulated network that’s ripe for exploring security, administration, and operational tactics. This environment not only aids in understanding Active Directory’s functions but also prepares us for analyzing security measures and potential vulnerabilities.
Looking forward, our next blog post will guide you through configuring domain group policies and users, an essential next step for an Active Directory environment. This upcoming content will build on our current setup, offering deeper insights into customizing and securing a network environment.
Thank you for joining me in this installation guide. Stay tuned for further exploration into Active Directory, aiming to enhance both your technical skills and understanding of network security.