MCSA Lab ?

[OCD-FREAK]

hello everyone,

 

iam currently studying for MCSA and want to get "professional" at it in a practical way.

 

so what do you guys suggest for a home lab that i can train situations as close as real problems that is industrial standard ?

 

please be as detailed as possible

 

thank you all  

[EarthWormJM2]

Off the top of my head. If you have a decently powered PC you can create a few virtual machines on it (with Hyper-v in Server 2012 R2), or use a few old computers/laptops you have laying around and set them up to have at least 1 workstation, a Domain Controller, and an e-mail server for starters (preferably Exchange 2013 or O365 as they are most commonly used right now). You will need at least a basic router with enough ports for all of your machines, you can use wifi, but its usually best to start off hardwired over ethernet. Then you can add in a switch for more in-depth routing, a firewall for security, another router as an access point, or a NAS to get a little more set up like an actual business would have.

 

You can download Server 2012 R2 for free, but you will be limited to a 30 day (i think) trial which gives you full access to all the features, then after 30 days, It will force a reboot every couple of hours (or at least once a day). I recommend 2012 R2 as it is the most commonly used OS right now. 2016 is starting to gain traction, so not a bad idea either, I'm just personally more familiar with 2012 R2.

 

If you have a Domain Controller and at least 1 separate workstation, You can do a lot of the MCSA lab stuff. A lot of it is setting up and learning all the roles and features in Windows Server, and you can have a lot of them all on your Domain Controller at the same time (not recommended in real-world scenarios) since you will be working inside a small environment. Also, Make sure you are doing this on computers or drives that are not important to your everyday tasks in case you mess something up or need to wipe and do a fresh install of Windows. 

 

Hopefully that's good enough to get you started!

[Mikensan]

You can rearm 2012 up to 180 days.

 

Setup 3 main focus areas of a network... User end (2+ End user desktops), back end (File Server), and management/core (Domain Controller / DNS / other ACL stuff). I'd skip email server, that's out of scope for MCSA. Focus on group policies / account creation / creating shares and locking them down.

 

Look at using a STIG guide to harden your lab environment, will get your feet wet with GPOs. I believe disa.mil has a few utilities to scan machines to verify if settings are correct. I wouldn't worry too much in the beginning about networking / firewalls. Keep everything on the same subnet for your LAB.

 

What is important is don't fly off onto another path and create such a huge undertaking that you feel overwhelmed, hence why I suggest avoid firewalls/VLANs/segregation. Focus on basics like getting the lab working.

[OCD-FREAK]

2 hours ago, EarthWormJM2 said:

Off the top of my head. If you have a decently powered PC you can create a few virtual machines on it (with Hyper-v in Server 2012 R2), or use a few old computers/laptops you have laying around and set them up to have at least 1 workstation, a Domain Controller, and an e-mail server for starters (preferably Exchange 2013 or O365 as they are most commonly used right now). You will need at least a basic router with enough ports for all of your machines, you can use wifi, but its usually best to start off hardwired over ethernet. Then you can add in a switch for more in-depth routing, a firewall for security, another router as an access point, or a NAS to get a little more set up like an actual business would have.

 

You can download Server 2012 R2 for free, but you will be limited to a 30 day (i think) trial which gives you full access to all the features, then after 30 days, It will force a reboot every couple of hours (or at least once a day). I recommend 2012 R2 as it is the most commonly used OS right now. 2016 is starting to gain traction, so not a bad idea either, I'm just personally more familiar with 2012 R2.

 

If you have a Domain Controller and at least 1 separate workstation, You can do a lot of the MCSA lab stuff. A lot of it is setting up and learning all the roles and features in Windows Server, and you can have a lot of them all on your Domain Controller at the same time (not recommended in real-world scenarios) since you will be working inside a small environment. Also, Make sure you are doing this on computers or drives that are not important to your everyday tasks in case you mess something up or need to wipe and do a fresh install of Windows. 

 

Hopefully that's good enough to get you started!

i currently have 3 blade servers , 10 computers and 5 laptops, i want real life practices i dont want virtual machines i want to get real hands on experience that i will face when i get employed in an industry and i want to fix any problem in ease, so what do you suggest ?   

 

thanks alot

 

[OCD-FREAK]

2 hours ago, Mikensan said:

You can rearm 2012 up to 180 days.

 

Setup 3 main focus areas of a network... User end (2+ End user desktops), back end (File Server), and management/core (Domain Controller / DNS / other ACL stuff). I'd skip email server, that's out of scope for MCSA. Focus on group policies / account creation / creating shares and locking them down.

 

Look at using a STIG guide to harden your lab environment, will get your feet wet with GPOs. I believe disa.mil has a few utilities to scan machines to verify if settings are correct. I wouldn't worry too much in the beginning about networking / firewalls. Keep everything on the same subnet for your LAB.

 

What is important is don't fly off onto another path and create such a huge undertaking that you feel overwhelmed, hence why I suggest avoid firewalls/VLANs/segregation. Focus on basics like getting the lab working.

many thanks for your professional advice, would you go a little bit in detail of what i need to set my lab to be as close as to real scenarios that might occur in an industry? and by the way how can i create problems or scenarios so i can practice analytical and fast problem solving skills ?

 

thanks again

  

[Mikensan]

16 hours ago, OCD-FREAK said:

many thanks for your professional advice, would you go a little bit in detail of what i need to set my lab to be as close as to real scenarios that might occur in an industry? and by the way how can i create problems or scenarios so i can practice analytical and fast problem solving skills ?

 

thanks again

  

It's hard to get too much further into detail without writing out a full guide - which for each part of setting up a lab/domain already exists. 

Majority of the enterprise-world is visualizing everything, so I would highly suggest getting used to either Hyper-V or VMware vSphere. There's a sprinkle of Xen out there, more so for remote desktop access.

 

Start off slow, it's a massive rabbit hole. Very first step - create a domain controller. Second step, create a file server. Third step, join a workstation to the domain. Fourth step - play with GPOs. It's good to know how to harden a network.

https://www.stigviewer.com/stig/windows_server_2012_2012_r2_member_server/

Address all the highs.

 

I would suggest creating GPOs per "Version" of a finding. IE "WN12-GE-000001" I would create a GPO called "STIG GE" or something similar. That way if one of the findings breaks functionality it is a little easier to work with.

 

It's not very common to STIG a network outside of a government network or enterprise that handles PII / credit card data. However I feel it's a quick way to get you used to manipulating GPOs.

 

 

As for recreating problems to solve - the process of breaking something is going to show you how it's solved vs real life where you walk into work and S has hit the fan. Since each network is unique, it's impossible to teach 1 solution to everything - so it is hard to give answers. This is simply gained through working experience and I don't have any advice here.