You are working on securing your Windows Servers, and as part of the effort, you want to configure a domain isolation policy between the employee workstations and the application servers. You want to make sure that the employees can only log into an application server from a domain-joined client workspace. In order to do this, in this hands-on lab, you are going to configure a Group Policy to enforce Windows Defender Firewall rules between client and server VMs.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure the Active Directory Domain Services Environment
- Install Active Directory Domain Services
- Create the Domain Admin user
- Create organizational units (OUs)
- Join the client and server VMs to the domain and add them to their respective OUs
- Configure Group Policy for Windows Defender Firewall Rules
- Create a Group Policy Object and link it to the server organizational unit
- Edit the policy to Require authentication for inbound connections and request authentication for outbound connections to the server VM
- Create a Group Policy Object and link it to the client organizational unit
- Edit the policy to Request authentication for inbound and outbound connections to the client VM
- Update the Group Policies on the virtual machines
- Create a Group Policy Object and link it to the server organizational unit
- Confirm Firewall Rules Have Been Applied
- Confirm that you can only directly remote into the client VM and not the server VM
- From the client VM, confirm that you can remote into the server VM using the private IP address or the Fully Qualified Domain Name (FQDN)
