I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1
*Test in a non-production environment first!*
There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:
- Remove IIS and ASP.NET identification
- Enforce HSTS (HTTP Strict Transport Security)
- Enforce HTTPS (redirects all requests from HTTP to HTTPS)
- Prevent framejacking
- Disables insecure / weak ciphers
- Configures SSL / TLS to meet PCI best practices
Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.
With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.
Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.
If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!
Cincinatti, OH – 9/20/2014 – Register Here
Tampa, FL – 9/22/2014 – Register Here
Chicago, IL – 9/22/2014 – Register Here
Bellevue, WA – 9/23/2014 – Register Here
Phoenix (Tempe), AZ – 9/24/2014 – Register Here
Denver, CO – 9/25/2014 – Register Here
Houston, TX – 9/26/2014 – Register Here
Detroit, MI – 9/27/2014 – Register Here
If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.
Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.
More info: Update Rollup August 2014 | Office 365 Integration KB
If you’ve been keeping up with Microsoft related news, you’ve probably heard that Microsoft announced new features in Windows Azure, announced Windows Server 2012 R2, System Center 2012 R2, and SQL Server 2014. For many of these products, they are here less than a year after their predecessors. This is a huge accomplishment for Microsoft.
According to a blog post published by Brad Anderson, Corporate Vice President for Windows Server and System Center, Microsoft is able to do this because they are building for the cloud first.
By building for the cloud first, Microsoft says that they are able to do couple things:
- Battle harden what is built. By deploying in Windows Azure first, Microsoft can ensure that they are delivering a solid product both in the cloud and on-premise.
- Unify the planning and delivery across multiple products. With this wave of releases, Microsoft has brought together Windows 8.1, Windows Server 2012 R2, System Center 2012 R2, Windows Azure, and Windows Intune.
What this means for you as a Microsoft customer is that scenarios are being designed for better integration end-to-end, using real world feedback from people like you and I, and validated in the Windows Azure cloud.
It’s an exciting and interesting time for both Microsoft and its customers. I’m encouraged by the products I’m seeing and the scenarios that are being unlocked.
Tonight Microsoft has made available the public preview release of Windows Server 2012 R2. With this release, Microsoft is laying out its vision for what it calls the Cloud OS.
The Cloud OS is the platform that Microsoft is building with the release of Windows Server 2012 R2, System Center 2012 R2, SQL Server 2014 and Windows Azure. The four key tenets of the Cloud OS are:
- Transform the Datacenter
- Enable modern business applications
- Empower people-centric IT
- Unlock insights on any data
New to Windows Server 2012 R2 are such features as:
- Storage Tiering within Storage Spaces
- Software-defined networking
- Virtual IP Address management
- Windows Powershell 4.0
- Windows Server Essentials Experience
To get started with the Windows Server 2012 R2 Preview, go to http://technet.microsoft.com/en-us/evalcenter/dn205286.aspx
Microsoft have released a series of guides to build Test Labs to check out various new features in Windows Server “8.” I’ve included a list below to some of the guides.
Test Lab Guide: Base Test Lab Guide for Windows Server “8” Beta – This Microsoft Test Lab Guide (TLG) provides you with step-by-step instructions to create the Windows Base Configuration test lab, using computers running Windows 8 Consumer Preview or Windows Server “8” Beta.
Test Lab Guide: Demonstrate High Availability Printing in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Printing and step-by-step instructions for extending the Test Lab Guide Base Configuration to demonstrate High Availability Printing.
One of the best things about the Microsoft Imagine Cup is the variety of competition categories that span all of Microsoft’s technologies. One such category is the IT Challenge.
The IT Challenge tests competitor’s skills and knowledge about everything IT. Competitors are given a case study on an organization and have to write a document telling the judges exactly how they would meet this organization’s needs. If they do well and move on to the final round, the competition heats up.
From the Microsoft Imagine Cup website:
“This lab will challenge you to build servers, server images, and configurations on a Hyper-V host server to prove your practical knowledge and experience with the technologies. You will be asked to setup, install, and demonstrate knowledge and expertise around Windows 2008 R2, Exchange 2010, Windows 7, Office 2010, System Center Configuration Manager 2007 R2, System Center Operations Manager 2007 R2, TMG 2010, SQL 2008 R2, Office Communications Server 2007 R2, etc. You will be given 24 hours to complete the hands-on lab challenge.”
One such competitor is Sinescu Ionut, a student at Alexandru Ioan Cuza University in Romania. Sinescu will be competing against five other students in what Sincescu calls “a one man show” of information technology excellence.
For more on Sinescu, feel free to check out his blog (in Romanian), or visit him on Facebook.
One of the major focuses this week at TechEd and for Microsoft in general is cloud computing and cloud based services. One of the services getting some real love this week is Windows Intune. In this post I’ll be introducing the Intune service and explaining how it can benefit you.
Windows Intune is a service that provides security and management capabilities through the cloud and a web-based management console. With Intune, you get malware protection, policy management, system health alerting and more.
- Centrally manage deployment of Microsoft updates
- Malware protection using the same engine as Forefront Endpoint Protection
- Provide Remote Assistance to your users from anywhere
- Track PCs and track software license usage
- Centrally manage firewall and malware settings for PCs connected to the service
I’ve just started using the service today, but what I like I about it is the usability. Unlike deploying Windows Server Update Services, Forefront Endpoint Protection and System Center Operations Manager locally to achieve the same integration, managing Windows Intune is a breeze. Most of the hard stuff is done for you, freeing you up to take care of what matters the most.
Installation of the Intune client is a breeze. One click to download a ZIP file that has the executable and necessary files to associate the client, and then installation takes place seamlessly and silently.
Windows Intune supports Professional, Enterprise and Ultimate SKUs and is reasonably priced at $11 per device per month.
Here’s the no frills quick and dirty run down on some of what was announced today at TechEd 2011.
- New May CTP of Windows Azure AppFabric with new messaging capabilities for publication and subscription. Available today.
- Coming in June, a CTP of AppFabric Application Manager and Developer Tools with enhancements to Visual Studio, new runtime capabilities for automatic deployment and application monitoring, and a new AppFabric Composition Model. Expected availability in June.
- Coming later this summer to SQL Azure, an enhancements to the web based management portal, better schema management, new service to manage SQL Azure databases through OData, and the integration of import and export features in the management portal. Features coming in a service update later this summer.
- Demoed System Center ‘Concero’ during keynote for managing private cloud resources and public cloud resources.
- System Center Orchestrator 2012 (Formerly Opalis) an IT process automation platform for orchestrating workflows across systems. Expected availability – Beta in June 2011
- Demoed System Center Connector for Visual Studio to quickly escalate issues to engineering teams for review and fixes if necessary. In beta today, final release date not yet known.
- Forefront Endpoint Protection 2012 announced today, built on System Center Configuration Manager, and designed to allow IT to use existing infrastructure to deploy and manage endpoints in their networks. In beta today, final release date not yet known.
Windows Phone 7:
- Lync 2010 for Windows Phone was shown off and will be available on the Windows Phone Marketplace around the time Mango is released.
- Out of box support in Mango for Office 365
- Conversation view, information rights management, pinnable email folders, complex password support and server side search for Outlook Mobile.
- All features coming with Windows Phone “Mango” around Holiday 2011
Office 2010 and SharePoint 2010:
- Service Pack 1 for both Office and Sharepoint 2010 will be released in June, with improved Internet Explorer 9 functionality, improvements to Office Web Apps, support for Google Chrome, and updates for other products in the Office 2010 family. Service Pack 1 will be released June 2011.
After following the very poor directions given to me about finding the shuttle to bring me to the hotel, and being lied to and ripped off for 20 bucks (yes, I’m bitter.), I made it to my hotel, the Marriott Marquis in Downtown Atlanta. Check in was fairly effortless, and I’ve got a very nice room on an upper floor of the hotel with a great view of the city. For the week, Microsoft has invested in custom room keys, sponsored by Windows Intune, with an attached map of the downtown area.
After getting settled in my room, I met up with Randy Guthrie, Academic Developer Evangelist and some Imagine Cup USA Finals winners as well as other invited students, and had a quick bite to eat while waiting for everyone to arrive. Once everyone arrived, we made the 15 minute walk over to the Georgia World Congress Center, and along the way passed by CNN Center, World of Coca-Cola, and the Phillips Arena. While at the GWCC, took a quick walking tour of where keynote would be, the exhibit hall, bloggers lounge, etc. After the tour was over, we went out to dinner and then made final arrangements for the morning.
On Day 1 we’ll see announcements from Jason Zander and Robert Wahbe and from what I’m hearing these announcements will be interesting.
Here are some photos from Day 0: