Wednesday, March 13, 2013

Installing Windows Server 2012 with Active Directory and VPN

After installing the vSphere Hypervisor I wanted to setup VPN connection to my home network. I wanted to do that on Windows Server 2012 and use Active Directory for user management. Here's how I went about it.

1. Install Microsoft Server 2012

I'm skipping the parts where you download it from MSDN, upload the ISO to your datastore, create the VM, mount the ISO and install the server. Installing the server is just skipping through the wizard and getting it up and running.

The only thing I did afterwards and through the vSphere client console was:

  • Assign a static IP to the server after installation.
  • Enable remote desktop for the server
  • Give a meaningfull name to the server ( which is first step in setting up AD in the video tutorial below )
Note - this is after installing Active Directory + VPN + IIS.


After that, I switched to RDP for obvious reasons.


2. Install Active Domain Services

From the dashboard - 'add a feature' and install the Active Directory Domain Services. There's a bunch of tutorials out there, showing how to do it. After installation, you need to setup your domain to make the machine the domain controller. Windows Server will notify you that you have to do this, and it's a walk in the park.


3. Install 'Remote Access' role (VPN) on the server

Again - this is just adding a role to server and there's a bunch of tutorials for this too. I think the installation process automatically installs the DNS server and configures it correctly, i.e. makes it's default DNS server itself.

I'm using a forward lookup domain so you want to make sure that is set up correctly. Use the top right Tools > DNS and get your ISP DNSs in:


Also - after setting up a VPN connection - I noticed that I had no internet access, nor could I reach other hosts within the network. I changed the DHCP settings to a static pool using Tools > Routing and Remote access > right click on the server and go to properties:


I'm NOT changing the per-user setting of the dial-in permissions, since this would not be workable in a working environment. I'm going to use a network policy for this.

4. Create active directory group with user

I created a user group called VpnUsers in order to simulate a working environment, and created a user in that group. Server 2012 has this nice thing called Active Directory Administration Center which makes this a breeze:


I'm setting up the group - because I don't want to do a per-user setting of the VPN policy.


5. Create a VPN Access policy on the Network Policy Server

The final step was for me to give these VpnUsers permission to dial-in. Go to the Network Policy Server and set it up in the 'Network Policy' folder.

Right click Network Polcy and hit 'New'. This is what I did:










And presto - you've got VPN set up and with a manageable setup to allow and disallow users to access your VPN.

The only thing left for me to do was to port-forward the PPTP port on 1723 of my router:

15 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Their servers are located throughout the world and you can easily connect to a server that will provide you with a quick and safe access to the blocked content. Jenny

    ReplyDelete
  3. This is very useful information on vpn server. I actually needed Windows VPN services since few months and just last month, I signed up with one of best windows vpn service i.e ExpressVPN. Heard that this is one of best windows VPN services which are available at cheap prices so will recommend my friend too.

    ReplyDelete
  4. Now some of top VPN are simple to use both on PC and Mobile. I tried some of these 30 days free trail. However I like ExpressVPN better.

    ReplyDelete
  5. I just got a product key from www.vanskeys.com. it worked perfectly. I'm so excited to share my experience here. their customer service is 1st class and I will definitely be recommending the site and I will be using the site again.

    ReplyDelete
  6. While a large number of VPN users prefer using free VPN services as it saves them the money and also gets the work done, many-a-times a premium VPN account is a necessity. ..and so on

    ReplyDelete
  7. ITIngredients offer free IT Training on Windows Server 2012 R2, Citrix XenApp, Citrix XenDesktop, VMWare ESXi, VMWare Horizon Air. It's a one stop shop for all the queries related to IT.

    install sql server 2012 window server 2012.

    ReplyDelete
  8. I am thankful for this blog to gave me much knowledge regarding my area of work. I also want to make some addition on this platform which must be in knowledge of people who really in need. Thanks.
    Cisco SF250

    ReplyDelete
  9. I found this blog after a long time which is really helpful to let understand different approaches. I am going to adopt these new point to my career and thankful for this help.
    HPE OfficeConnect 1910

    ReplyDelete
  10. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value. Im glad to have found this post as its such an interesting one! I am always on the lookout for quality posts and articles so i suppose im lucky to have found this! I hope you will be adding more in the future...
    links

    ReplyDelete
  11. Use Best VPN for Windows for Active Directory with easy integration. https://fastestvpn.com/windiws-vpn

    ReplyDelete
  12. Wonderful illustrated information. I thank you about that. No doubt it will be very useful for my future projects. Would like to see some other posts on the same subject!
    how to get an australian ip address

    ReplyDelete
  13. Great Article it its really informative and innovative keep us posted with new updates. its was really valuable. thanks a lot.
    hide my ass pros and cons

    ReplyDelete
  14. Great tips! With NordVPN, you can protect your IP address and your internet activity from your ISP so that it is not passed to third parties, including advertisers or government.

    NordVPN offers military-grade encryption with a strict no logs policy along with a host of other features:

    P2P allowed
    Onion Over VPN
    Malware and cyber threat protection
    Blazing speeds
    Global network
    Kill Switch
    Unlimited bandwidth
    Double encryption
    Bitcoin accepted

    Plus you'll enjoy an uninterrupted streaming experience with no bandwidth throttling or buffering. Just download the app and click the 'on' button to get instant protection.

    Join now at one of the lowest prices for yearly subscriptions in the industry:

    http://clickmeterlink.com/nordvpn1

    ReplyDelete