Virtual Machines

[lukesterboy]

Hi, so basically at the moment i'm testing out a few windows server features such as Active Directory, WDS and MDT. As you may or may not know Active Directory requires the same server to have its own DNS and DHCP. Recently as i have a domain and setup i believe its to do with PXE in deployment bench as seen in the screenshot here (https://gyazo.com/83d8ef9c4f8fd8abdd9f881244d6a6c2). Since if i startup a new machine i want it to just to be able to connect to the network and see PXE without having to approve it etc. So my question is how can i stop other devices on and joining my network e.g my phone being effect by this DHCP? Since when DHCP hands out the info the DNS is set to be the server and not a DNS like 8.8.8.8. Also i was wondering if there was a program that you can run virtual machines but have them all kind of trapped in there own network but have internet access?

[Blake]

1. AD doesn't require DHCP or DNS to be run on the local system, you can easily set them up on dedicated DNS/DHCP servers, it is however a little harder then the next next next setup that is AD.

2. On the MS/Windows side, NPS is what you are looking for https://technet.microsoft.com/en-au/network/bb545879.aspx to stop unauthorised clients for getting a connection to you network.

3. Throw only trusted devices on a trusted subnet, and tell your router to not forward DHCP packets between subnets, would be cheaper then using NPS, and probably easier to configure.

4. Seeing as your talking about virtual systems, have 'internal or host only' network setup, just need to go into Virtual Switch manager in Hyper-V manager and configure it. then you just need to add the hardware to each VM your wanting to have access to the host or internal network. You can also setup a virtual router (just a normal VM running iOS or PFsense - don't do pfsense on hyper-v, too much hassle) with a connection to your physical network (setup as a wan connection) and then another connection to your internal network.

[lukesterboy]

14 hours ago, Blake said:

1. AD doesn't require DHCP or DNS to be run on the local system, you can easily set them up on dedicated DNS/DHCP servers, it is however a little harder then the next next next setup that is AD.

2. On the MS/Windows side, NPS is what you are looking for https://technet.microsoft.com/en-au/network/bb545879.aspx to stop unauthorised clients for getting a connection to you network.

3. Throw only trusted devices on a trusted subnet, and tell your router to not forward DHCP packets between subnets, would be cheaper then using NPS, and probably easier to configure.

4. Seeing as your talking about virtual systems, have 'internal or host only' network setup, just need to go into Virtual Switch manager in Hyper-V manager and configure it. then you just need to add the hardware to each VM your wanting to have access to the host or internal network. You can also setup a virtual router (just a normal VM running iOS or PFsense - don't do pfsense on hyper-v, too much hassle) with a connection to your physical network (setup as a wan connection) and then another connection to your internal network.

1. Ok i think i will just leave DHCP and DNS down to AD.

2. Ok, thanks.

3. I dont understand.

4. Can you link me a few tutorials on doing this. As for a virtual router is that done by software or something?

[Blake]

1 hour ago, lukesterboy said:

1. Ok i think i will just leave DHCP and DNS down to AD.

2. Ok, thanks.

3. I dont understand.

4. Can you link me a few tutorials on doing this. As for a virtual router is that done by software or something?

This is assuming hyper-v is what your using: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_virtual_switch

[lukesterboy]

17 hours ago, Blake said:

This is assuming hyper-v is what your using: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_virtual_switch

Ok, thanks.