I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1
*Test in a non-production environment first!*
There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:
- Remove IIS and ASP.NET identification
- Enforce HSTS (HTTP Strict Transport Security)
- Enforce HTTPS (redirects all requests from HTTP to HTTPS)
- Prevent framejacking
- Disables insecure / weak ciphers
- Configures SSL / TLS to meet PCI best practices
Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.
I tend to look forward to January 1st each year, as this is my MVP Award renewal date. Woke up this morning and received the following message.
Thank you Microsoft, thank you to my wonderful MVP lead, and thanks to all of you. My goal this year is to try to do more blogging, and with Windows 10, Windows Server v.Next, and more on the way, that should be a relatively easy goal to achieve.
With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.
Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.
If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!
Cincinatti, OH – 9/20/2014 – Register Here
Tampa, FL – 9/22/2014 – Register Here
Chicago, IL – 9/22/2014 – Register Here
Bellevue, WA – 9/23/2014 – Register Here
Phoenix (Tempe), AZ – 9/24/2014 – Register Here
Denver, CO – 9/25/2014 – Register Here
Houston, TX – 9/26/2014 – Register Here
Detroit, MI – 9/27/2014 – Register Here
If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.
Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.
More info: Update Rollup August 2014 | Office 365 Integration KB
There may be times where you want to install the Windows Server 2012 Essentials Connector without joining a domain. By not joining the Essentials domain, the following features are impacted:
– Any features that require a domain such as Group Policy, SSO by use of AD credentials to domain resources
– Any 3rd-party add-ons or applications that require the use of a domain
The connector can be installed in these cases by creating a registry key prior to launching the connector installation.
1. Launch Command Prompt as an administrator
2. Run the following command (may need to remove the dash in “SkipDomainJoin” due to formatting):
reg add “HKLMSOFTWAREMicrosoftWindows ServerClientDeployment” /v SkipDomainJoin /t REG_DWORD /d 1
3. Launch the Connector Installation
I am very pleased to announce that Microsoft has chosen me to be a Microsoft Most Valuable Professional for the 4th year in a row. As many of you may know, I have been an MVP for Windows Home Server. However, with the discontinuation of Windows Home Server, I have been chosen to be an MVP for Windows Server for Small and Medium Business.
I am honored to have been chosen, and I look forward to all the amazing community work ahead in 2014.
Congratulations! We are pleased to present you with the 2014 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Windows Server for Small and Medium Business technical communities during the past year.
As some of you may have noticed, Windows Server 2012 R2 Essentials no longer includes media streaming functionality out of the box. This feature existed in the non-R2 version, as well as previous versions, dating all the way back to Windows Home Server v1.
Instead of keeping this feature in the base product, Microsoft have released the Media Streaming Pack for Windows Server 2012 R2.
The Media Streaming Pack adds media streaming functionality to Windows Server 2012 R2 Essentials as well as those Standard and Datacenter servers running the Essentials Experience role.
The following features are included:
- Streaming of media (photos, music and videos) to DLNA-compliant receivers
- Smooth streaming to HTML5-compliant browsers through Remote Web Access and web service applications
- Configuration through the Windows Server Essentials Dashboard
The Media Streaming pack is a free download from Microsoft and is available at http://www.microsoft.com/en-us/download/details.aspx?id=40837