Skip to content

Using Windows Server with Active Directory in the Cyber Range

The U.S. Cyber Range virtual machines support Windows Server with Active Directory, however, this software suite can be invasive to an organization's overall infrastructure. While we do not provide training or in-depth support for managing Windows Server with Active Directory, we can offer guidance on common issues encountered when using it within our environments. The primary concerns of note are that Cyber Range provides access to Windows virtual machines over Remote Desktop Protocol (RDP), and that the DNS change required by Windows Server with Active Directory can cause a mismatch in the names of machines with our exercise area.

Windows Connections Over RDP

Windows Network Level Authentication Requirement

Windows virtual machines must allow RDP login without Network Level Authentication (NLA). By default, images we provide attempt to disable this setting automatically. However, organizational policies that try to enforce this may cause the machine to no longer allow logins from our Exercise Area.

RDP Permission for Active Directory Users

Creating a user in Active Directory does not automatically grant them permission to log in to other servers, even within the same domain. Since this is controlled by Windows Server and not the Cyber Range, we cannot provide extensive support. However, you can manually add domain users to the Remote Desktop Users group:

  1. Log in to the target machine using the local user account.

  2. Open "Local Users and Groups" (accessible via the Start menu search).

  3. Navigate to the "Remote Desktop Users" group and add the new domain user(s).

Other RDP Login Issues

Various settings can affect RDP connections and may prevent users from accessing virtual machines from the Exercise Area. Our system may not always provide a clear error message. If you encounter connectivity issues, we reccomend testing RDP between two Windows machines within the range to determine if a more detailed error message appears.

Windows-Managed DNS

Windows Active Directory generally requires you to use a Windows DNS server alongside the Active Directory service. This allows for machine lookups and automatic insertion of DNS records that make the product work. The Cyber Range does not prevent any of these functions in our range, but doing so means you will be using your own host and domain names, which may not match the original system. We are unable to rename the student's "Join" button to reflect changes you have made within the environment. Additionally, machines that start using Windows DNS will no longer be able to address the other machines under "example.com" by that DNS address.

Have a Question? Contact Support

We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our Support Team and we'll get back to you as soon as possible.