Setting up Windows 10 as a virtual machine is an important part of a Metasploit practice lab because it gives you a realistic target system for learning scanning, exploitation, and post-exploitation concepts in an authorised environment. Many training exercises use vulnerable Linux targets first (such as Metasploitable), but adding a Windows machine helps you understand how real-world operating systems behave, how services are exposed, how firewalls affect visibility, and how different vulnerabilities may be tested in a controlled lab.
In this topic, the goal is to install Windows 10 inside a virtualization platform such as VirtualBox or VMware and connect it to the same lab network as your Kali Linux attacker machine. The first step is to create a new virtual machine and choose the correct operating system type (Windows 10, 64-bit in most cases). Then you assign system resources such as RAM, CPU cores, and disk size. Windows usually needs more resources than lightweight Linux targets, so giving it enough memory and storage helps avoid slow performance during lab exercises. If your host system has limited resources, you can still run Windows 10, but you may need to reduce background apps and optimise VM settings.
Next, you attach the Windows 10 installation ISO and start the virtual machine. During installation, you complete the standard setup steps such as language/region preferences, user account creation, and basic configuration. In a lab environment, it is useful to choose simple, memorable settings so troubleshooting becomes easier later. After installation, you should install virtualization tools (such as VirtualBox Guest Additions or VMware Tools) if your setup supports them, because these improve display handling, mouse integration, and overall usability.
Once Windows 10 is installed, networking becomes the most important part for Metasploit practice. The VM should be attached to the same lab network mode as your Kali machine (for example, NAT Network or Host-Only, depending on your course design). After booting, check the IP address and verify whether the machine can communicate with other lab systems. You may also need to adjust Windows Firewall settings for specific lab tasks, such as allowing ping responses, but this should be done carefully and only within your isolated lab.
Finally, take a snapshot of the clean Windows 10 VM before making major changes. This allows you to restore the machine quickly after testing. By the end of this topic, you should have a functional Windows 10 virtual machine connected to your hacking lab, ready for safe and structured Metasploit exercises.
