Hardening IIS Servers – some nifty tools

I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1

*Test in a non-production environment first!*

There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:

  • Remove IIS and ASP.NET identification
  • Enforce HSTS (HTTP Strict Transport Security)
  • Enforce HTTPS (redirects all requests from HTTP to HTTPS)
  • Prevent framejacking
  • Disables insecure / weak ciphers
  • Configures SSL / TLS to meet PCI best practices

Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.

It’s time to transform the datacenter!

With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.

Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.

If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!

Cincinatti, OH – 9/20/2014Register Here 

Tampa, FL  – 9/22/2014Register Here

Chicago, IL – 9/22/2014Register Here

Bellevue, WA – 9/23/2014Register Here

Phoenix (Tempe), AZ – 9/24/2014Register Here

Denver, CO – 9/25/2014Register Here

Houston, TX – 9/26/2014Register Here

Detroit, MI – 9/27/2014Register Here

 

Office 365 / Azure Integration Update for Windows Server 2012 R2

If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.

Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.

More info: Update Rollup August 2014 | Office 365 Integration KB

Windows Server and System Center: Designed with You in Mind

If you’ve been keeping up with Microsoft related news, you’ve probably heard that Microsoft announced new features in Windows Azure, announced Windows Server 2012 R2, System Center 2012 R2, and SQL Server 2014. For many of these products, they are here less than a year after their predecessors. This is a huge accomplishment for Microsoft.

According to a blog post published by Brad Anderson, Corporate Vice President for Windows Server and System Center, Microsoft is able to do this because they are building for the cloud first.

By building for the cloud first, Microsoft says that they are able to do couple things:

  • Battle harden what is built. By deploying in Windows Azure first, Microsoft can ensure that they are delivering a solid product both in the cloud and on-premise.
  • Unify the planning and delivery across multiple products. With this wave of releases, Microsoft has brought together Windows 8.1, Windows Server 2012 R2, System Center 2012 R2, Windows Azure, and Windows Intune.

What this means for you as a Microsoft customer is that scenarios are being designed for better integration end-to-end, using real world feedback from people like you and I, and validated in the Windows Azure cloud.

It’s an exciting and interesting time for both Microsoft and its customers. I’m encouraged by the products I’m seeing and the scenarios that are being unlocked.

Windows Server 2012 R2 Preview Now Available

Tonight Microsoft has made available the public preview release of Windows Server 2012 R2. With this release, Microsoft is laying out its vision for what it calls the Cloud OS.

The Cloud OS is the platform that Microsoft is building with the release of Windows Server 2012 R2, System Center 2012 R2, SQL Server 2014 and Windows Azure. The four key tenets of the Cloud OS are:

      • Transform the Datacenter
      • Enable modern business applications
      • Empower people-centric IT
      • Unlock insights on any data

New to Windows Server 2012 R2 are such features as:

        • Storage Tiering within Storage Spaces
        • Software-defined networking
        • Virtual IP Address management
        • Windows Powershell 4.0
        • Windows Server Essentials Experience

To get started with the Windows Server 2012 R2 Preview, go to http://technet.microsoft.com/en-us/evalcenter/dn205286.aspx

Test Lab Guides for Windows Server “8” Beta

Microsoft have released a series of guides to build Test Labs to check out various new features in Windows Server “8.” I’ve included a list below to some of the guides.

Test Lab Guide: Base Test Lab Guide for Windows Server “8” Beta – This Microsoft Test Lab Guide (TLG) provides you with step-by-step instructions to create the Windows Base Configuration test lab, using computers running Windows 8 Consumer Preview or Windows Server “8” Beta.

Test Lab Guide: Demonstrate High Availability Printing in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Printing and step-by-step instructions for extending the Test Lab Guide Base Configuration to demonstrate High Availability Printing.

Test Lab Guide: Demonstrate Remote Desktop Services in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Remote Desktop Services Desktop Virtualization and step-by-step instructions for extending the Windows Server “8” Beta Test Lab Guide Base Configuration to demonstrate Remote Desktop Services Desktop Virtualization.

Test Lab Guide: Demonstrate ADDS Simplified Administration in Windows Server “8” Beta – This Microsoft Test Lab Guide (TLG) introduces Active Directory Domain Services Simplified Administration and provides step-by-step demonstration of new AD DS Administration features in Windows Server “8” Beta.

Test Lab Guide: Demonstrate DirectAccess Single Server Setup with Mixed IPv4 and IPv6 in Windows Server “8” Beta – This paper contains an introduction to Unified Remote Access and step-by-step instructions for extending the Windows Server “8” Beta Base Configuration test lab to demonstrate DirectAccess deployment in a single server deployment with a mixed environment of IPv4 and IPv6
Test Lab Guide: Demonstrate DirectAccess Simplified Setup in an IPv4-only Test Environment in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Remote Access and step-by-step instructions for extending the Windows Server “8” Beta Base Configuration test labto demonstrate Remote Access deployment using the Getting Started Wizard.
Test Lab Guide: Demonstrate Remote Desktop Services Desktop Virtualization in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Remote Desktop Services Desktop Virtualization and step-by-step instructions for extending the Windows Server “8” Beta Test Lab Guide Base Configuration to demonstrate Remote Desktop Services Desktop Virtualization
Test Lab Guide: Demonstrating DHCP Failover in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta DHCP Failover, and step-by-step instructions for extending the Windows Server “8” Beta Base Configuration test labto demonstrate DHCP Failover setup.
Test Lab Guide: Demonstrate Virtualized Domain Controller (VDC) in Windows Server “8” Beta – This Microsoft Test Lab Guide (TLG) introduces Active Directory Domain Services Virtualized Domain Controllers and provides step-by-step demonstration of this new feature in Windows Server “8” Beta.
Test Lab Guide: Demonstrate Windows Server “8” Beta Print and Document Services – Introduction to Windows Server “8” Beta Printing
Test Lab Guide: Deploying RD Licensing – Use this test lab guide to install Remote Desktop Services client access licenses (RDS CALs) for Windows Server “8” Beta.
Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta IP Address Management (IPAM), and step-by-step instructions for extending the Windows Server “8” Beta Base Configuration test lab to demonstrate IPAM setup.
Test Lab Guide: Demonstrate DNS Security Extensions (DNSSEC) in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta DNSSEC and step-by-step instructions for extending the Windows Server “8” Beta Base Configuration test lab to demonstrate DNSSEC operation.

Imagine Cup 2011–IT Challenge–Sinescu Ionut (Romania)

Ionut SinescuOne of the best things about the Microsoft Imagine Cup is the variety of competition categories that span all of Microsoft’s technologies. One such category is the IT Challenge.

The IT Challenge tests competitor’s skills and knowledge about everything IT. Competitors are given a case study on an organization and have to write a document telling the judges exactly how they would meet this organization’s needs. If they do well and move on to the final round, the competition heats up.

From the Microsoft Imagine Cup website:

“This lab will challenge you to build servers, server images, and configurations on a Hyper-V host server to prove your practical knowledge and experience with the technologies.  You will be asked to setup, install, and demonstrate knowledge and expertise around Windows 2008 R2, Exchange 2010, Windows 7, Office 2010, System Center Configuration Manager 2007 R2, System Center Operations Manager 2007 R2, TMG 2010, SQL 2008 R2, Office Communications Server 2007 R2, etc. You will be given 24 hours to complete the hands-on lab challenge.” 

One such competitor is Sinescu Ionut, a student at Alexandru Ioan Cuza University in Romania. Sinescu will be competing against five other students in what Sincescu calls “a one man show” of information technology excellence.

For more on Sinescu, feel free to check out his blog (in Romanian), or visit him on Facebook.