Read on Twitter
lets got for FULL install standard as that is fairly common
ok that's cooking!
Don't worry we are gonna encrypt the backups as well! so we've got a nice 2012 R2 deploy going alongside this!
Im deffo going back in time here but yolo :P
FOr real, we used to deploy quest AD recovery manager. That was fucking sweeeet! it took the scare out of schema changes and upgrades/restores etc.
so we've got 3 servers in the mix, a backup server, a DC and an RDP server! it's funny how slow the DC promo is compared to 2016+
so here's a quick overview
now here's where it's all going to start going wrong :(
yep for some stupid reason the admin has changed from default mode to NLA disabled.. DO NOT FUCKING DO THIS! there's 0 reason i can think of to NOT use NLA
so we joing this server to the domain!
whilst we are at that let's get veeam deployed! @Veeam rocks but way too many people do what i'm doing in the lab here (on purpose) and deploy it domain joined! DO NOT DO THIS ANYWHERE like for real just don't!
ok we gotta patch this before veeam will install! ;)
so whilst we wait lets emulate IRL a bit more and let's ensure not ONLY IS RDP exposed (TCP 3398) but we are also going to expose WINRM TCP 5985
also fuck it lets's deploy a web server as wel! (this is gettting more IRL that u realise)
MOAR fun :) this is really some of the shit u will find IRL when u look :(
zzzzzzzzzzzzzzzzzzzzz
ok we got a few plates spinning now but ez pz
this might work this time, there's a missing file on the MS site...
ok cool veeam install on its way :)
sweeet! pro top don't fucking domain join this shit or expose it to the net
ok gang we now have 1x DC, 1 X RDS box with IIS and FTP, 1 x Backup server (domain joined) and a PAWS
