Back Story

1. What is our domain name?

Security.local

 

1. Can you ping our domain name?

 

Yes

 

1. If you cannot ping the domain name (which you should be able to, you most likely have a DNS issue). So let’s check that.

 

Opening command prompt in elevated privilege type and record the following output.

 

Ipconfig /all

 

*Do you see DNS servers? If not – type this:

 

Ipconfig /flushdns – this will release current DNS info

 

Ipconfig /registerdns – this will reregister DNS info

 

*Do you see DNS servers? If not – type this:

 

Ipconfig /renew – this will ‘re-ask’ the DHCP server for your DNS information

 

Then double check with:

 

Ipconfig /all

 

1. Do you see IPv4 DNS servers now?

 

Yes

 

Of course a reboot will work, but when you are troubleshooting DNS or DHCP you don’t want to reboot each time you try something.

 

Once you can ping security.local you can add your computer to the domain.

 

 

 

 

Other things to note – as you move from desktop support to administration, it’s important to know your environment and what you are working on.  I had a lot of questions about usernames and passwords. 

 

I agree, you need to know the starting username and password – but once you sysprep a machine, it’s Game Over.  When you go through the wizard, you are asked for information.  You can use literally whatever you want.  This is a stand-alone computer, it has no domain affiliations, credentials, or policies.  Its local users are unique to it.

 

Once it is added to a domain (my domain) – it is ‘managed’ by Active Directory.  This centralized database of user and computer information is key to much of what we will be looking for in our SIEM products.

Question

1. So back to security, my question to you is – what might you want your SIEM product to protect you from based on this incident?