Don't worry we are gonna encrypt the backups as well! so we've got a nice 2012 R2 deploy going alongside this!
FOr real, we used to deploy quest AD recovery manager. That was fucking sweeeet! it took the scare out of schema changes and upgrades/restores etc.
so we've got 3 servers in the mix, a backup server, a DC and an RDP server! it's funny how slow the DC promo is compared to 2016+
yep for some stupid reason the admin has changed from default mode to NLA disabled.. DO NOT FUCKING DO THIS! there's 0 reason i can think of to NOT use NLA
whilst we are at that let's get veeam deployed! @Veeam rocks but way too many people do what i'm doing in the lab here (on purpose) and deploy it domain joined! DO NOT DO THIS ANYWHERE like for real just don't!
so whilst we wait lets emulate IRL a bit more and let's ensure not ONLY IS RDP exposed (TCP 3398) but we are also going to expose WINRM TCP 5985