Tom on Tech

Hardening IIS Servers – some nifty tools

I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1

*Test in a non-production environment first!*

There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:

Remove IIS and ASP.NET identification
Enforce HSTS (HTTP Strict Transport Security)
Enforce HTTPS (redirects all requests from HTTP to HTTPS)
Prevent framejacking
Disables insecure / weak ciphers
Configures SSL / TLS to meet PCI best practices

Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.

Microsoft has published a Windows Roadmap

Microsoft has published a new roadmap website for business and enterprise customers detailing features coming to Windows 10. This roadmap not only shows features coming to PCs, but to HoloLens, IoT, Surface Hub, Windows 10 Mobile, and industry devices like kiosks, ATMs, POS devices.

Check it out at https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap

I’d also encourage taking a look at the Microsoft Edge Platform Status at https://developer.microsoft.com/en-us/microsoft-edge/platform/status/to learn more about features coming to Microsoft Edge.

How-To: Obtain Windows Install Media

Lost that DVD? That USB key? Misplaced your ISO? Microsoft has you covered! Below are the official links to download media directly from the source.

Windows 7 – https://www.microsoft.com/en-us/software-download/windows7

Windows 8.1 – https://www.microsoft.com/en-us/software-download/windows8ISO

Windows 10 (Media Creation Tool) – https://www.microsoft.com/en-us/software-download/windows10

NOTE: If you’re looking to upgrade an existing system, use the media creation tool. It will intelligently download the necessary bits and walk you through the Windows 10 upgrade process.

Windows 10 (ISO) – https://www.microsoft.com/en-us/software-download/windows10ISO

Looking for a Windows Live Writer Replacement?

Anyone remember Windows Live Writer? It was pretty much the best blogging client available for many years…if you were a Windows user. If you use a Mac, there haven’t been any good free options. Until now.

My good friend Den Delimarsky is setting out to build a cross-platform blogging client for Windows, OS X, iOS, and Android. It’s called Alki. No ETA on availability, but he’s got some cool features planned according to his website.

If you’re interested in signing-up to test Alki when it’s available, go to http://dennisdel.com/alki/ and sign-up from the home page.

Thank you Microsoft for year #5!

I tend to look forward to January 1st each year, as this is my MVP Award renewal date. Woke up this morning and received the following message.

Thank you Microsoft, thank you to my wonderful MVP lead, and thanks to all of you. My goal this year is to try to do more blogging, and with Windows 10, Windows Server v.Next, and more on the way, that should be a relatively easy goal to achieve.

Install Windows 10 Tech Preview using Parallels Desktop

Microsoft has released the Windows 10 Technical Preview and Preview for Enterprise this week. If you’re like me and you use a mix of Macs and PCs, you may decide to run the Technical Preview using some sort of virtualization software. In my case, I was trying to install the preview with Parallels Desktop 10.

During the install, it was asking for drivers before the install could continue. Turns out the fix for this issue is a very simple one. Instead of using a SATA DVD drive in the VM, change the DVD drive to use and IDE drive, as illustrated below.

It’s time to transform the datacenter!

With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.

Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.

If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!

Cincinatti, OH – 9/20/2014 – Register Here

Tampa, FL – 9/22/2014 – Register Here

Chicago, IL – 9/22/2014 – Register Here

Bellevue, WA – 9/23/2014 – Register Here

Phoenix (Tempe), AZ – 9/24/2014 – Register Here

Denver, CO – 9/25/2014 – Register Here

Houston, TX – 9/26/2014 – Register Here

Detroit, MI – 9/27/2014 – Register Here

MVP Summit Tips and Tricks

If you are a first-time Microsoft Most Valuable Professional or this is your first time attending the MVP Global Summit in Seattle, then this post is for you.

This is my fourth year as an MVP and will be my third time attending Summit. I wanted to provide my tips and tricks to those who have not attended before.

First rule of summit – don’t talk about summit. But for real, remember your NDA. Don’t tweet, blog, Facebook, Instagram, Foursquare, or Snapchat anything you learn during summit week. There may be times that it is okay, but err on the side of caution and ask first.

If you’re arriving in Seattle, and you are looking for reliable transportation to / from the hotel and airport, I would recommend Shuttle Express. I have used them since 2008 and the service has always been superb. With gratuity (tip) you are looking at about $50 for round trip service.

When registration opened you might have heard some talk about the Hyatt. Why is the Hyatt so important? A) it’s centrally located to Lincoln Square / Bellevue Square, B) it’s a large hotel so a lot of activities take place here, and c) the rooms are really nice. If you missed out on getting a room at the Hyatt this year, remember, there is always next year.

In most years, registration has taken place across the street from the Hyatt at the Westin Lincoln Square so I would guess that registration will be here again as well. There are also side sessions and other activities that can take place here so keep an eye on the session builder tool to know where to go.

Once you get on the Microsoft campus, it’s like being transported to a whole new world. Yes, it’s a corporate campus, but there is a variety of building design, style, and tons of cool amenities. If you’ve never been on campus before, navigating can seem a bit daunting. I spent two summers in high school working at Microsoft on the main campus and I still didn’t entirely know my way around. But never fear! Here’s a PDF of the Microsoft Campus Map that should come in handy.

If you get lost or just want to know how to get to a different building, feel free to look for anyone from the event services team (typically red shirts in prior years), or you can go to any building receptionist and they can page a shuttle for you to get you to where you want to go.

While you are on campus, make sure to visit building 92. Building 92 is where the Microsoft Visitor Center (really cool museum displays and hands on stuff) and Microsoft Company Store (logo’ed gear and access to the holy grail of goodies that are provided with a VIP pass from the MVP program team) are. If you are an international MVP, make sure you take advantage of your company store reward, as you will not be able to redeem it online through the online store.

As far as touristy things go, here are some of my recommendations. Bear in mind that I’m not a big tourist but there are my personal favorites.

Pike Place Market – Open air market in the heart of Seattle
Anthony’s Pier 66 – If you want great seafood, Anthony’s is one of the best places in all of Seattle
Washington Park Arboretum – Gorgeous park nestled near the University of Washington and right on Lake Washington
Space Needle – Amazing views of Seattle from the top

Office 365 / Azure Integration Update for Windows Server 2012 R2

If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.

Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.

More info: Update Rollup August 2014 | Office 365 Integration KB

Tip: Install Windows Server 2012 Essentials Connector without Domain Join

There may be times where you want to install the Windows Server 2012 Essentials Connector without joining a domain. By not joining the Essentials domain, the following features are impacted:

– Any features that require a domain such as Group Policy, SSO by use of AD credentials to domain resources

– Any 3rd-party add-ons or applications that require the use of a domain

The connector can be installed in these cases by creating a registry key prior to launching the connector installation.

1. Launch Command Prompt as an administrator

2. Run the following command (may need to remove the dash in “SkipDomainJoin” due to formatting):

reg add “HKLMSOFTWAREMicrosoftWindows ServerClientDeployment” /v SkipDomainJoin /t REG_DWORD /d 1

3. Launch the Connector Installation