ok that& #39;s cooking!
Don& #39;t worry we are gonna encrypt the backups as well! so we& #39;ve got a nice 2012 R2 deploy going alongside this!
FOr real, we used to deploy quest AD recovery manager. That was fucking sweeeet! it took the scare out of schema changes and upgrades/restores etc.
so we& #39;ve got 3 servers in the mix, a backup server, a DC and an RDP server! it& #39;s funny how slow the DC promo is compared to 2016+
so here& #39;s a quick overview
yep for some stupid reason the admin has changed from default mode to NLA disabled.. DO NOT FUCKING DO THIS! there& #39;s 0 reason i can think of to NOT use NLA
whilst we are at that let& #39;s get veeam deployed! @Veeam rocks but way too many people do what i& #39;m doing in the lab here (on purpose) and deploy it domain joined! DO NOT DO THIS ANYWHERE like for real just don& #39;t!
so whilst we wait lets emulate IRL a bit more and let& #39;s ensure not ONLY IS RDP exposed (TCP 3398) but we are also going to expose WINRM TCP 5985
also fuck it lets& #39;s deploy a web server as wel! (this is gettting more IRL that u realise)
this might work this time, there& #39;s a missing file on the MS site...
sweeet! pro top don& #39;t fucking domain join this shit or expose it to the net