I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1
*Test in a non-production environment first!*
There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:
- Remove IIS and ASP.NET identification
- Enforce HSTS (HTTP Strict Transport Security)
- Enforce HTTPS (redirects all requests from HTTP to HTTPS)
- Prevent framejacking
- Disables insecure / weak ciphers
- Configures SSL / TLS to meet PCI best practices
Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.
With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.
Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.
If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!
Cincinatti, OH – 9/20/2014 – Register Here
Tampa, FL – 9/22/2014 – Register Here
Chicago, IL – 9/22/2014 – Register Here
Bellevue, WA – 9/23/2014 – Register Here
Phoenix (Tempe), AZ – 9/24/2014 – Register Here
Denver, CO – 9/25/2014 – Register Here
Houston, TX – 9/26/2014 – Register Here
Detroit, MI – 9/27/2014 – Register Here
If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.
Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.
More info: Update Rollup August 2014 | Office 365 Integration KB
If you’ve been keeping up with Microsoft related news, you’ve probably heard that Microsoft announced new features in Windows Azure, announced Windows Server 2012 R2, System Center 2012 R2, and SQL Server 2014. For many of these products, they are here less than a year after their predecessors. This is a huge accomplishment for Microsoft.
According to a blog post published by Brad Anderson, Corporate Vice President for Windows Server and System Center, Microsoft is able to do this because they are building for the cloud first.
By building for the cloud first, Microsoft says that they are able to do couple things:
- Battle harden what is built. By deploying in Windows Azure first, Microsoft can ensure that they are delivering a solid product both in the cloud and on-premise.
- Unify the planning and delivery across multiple products. With this wave of releases, Microsoft has brought together Windows 8.1, Windows Server 2012 R2, System Center 2012 R2, Windows Azure, and Windows Intune.
What this means for you as a Microsoft customer is that scenarios are being designed for better integration end-to-end, using real world feedback from people like you and I, and validated in the Windows Azure cloud.
It’s an exciting and interesting time for both Microsoft and its customers. I’m encouraged by the products I’m seeing and the scenarios that are being unlocked.
Tonight Microsoft has made available the public preview release of Windows Server 2012 R2. With this release, Microsoft is laying out its vision for what it calls the Cloud OS.
The Cloud OS is the platform that Microsoft is building with the release of Windows Server 2012 R2, System Center 2012 R2, SQL Server 2014 and Windows Azure. The four key tenets of the Cloud OS are:
- Transform the Datacenter
- Enable modern business applications
- Empower people-centric IT
- Unlock insights on any data
New to Windows Server 2012 R2 are such features as:
- Storage Tiering within Storage Spaces
- Software-defined networking
- Virtual IP Address management
- Windows Powershell 4.0
- Windows Server Essentials Experience
To get started with the Windows Server 2012 R2 Preview, go to http://technet.microsoft.com/en-us/evalcenter/dn205286.aspx
Microsoft have released a series of guides to build Test Labs to check out various new features in Windows Server “8.” I’ve included a list below to some of the guides.
Test Lab Guide: Base Test Lab Guide for Windows Server “8” Beta – This Microsoft Test Lab Guide (TLG) provides you with step-by-step instructions to create the Windows Base Configuration test lab, using computers running Windows 8 Consumer Preview or Windows Server “8” Beta.
Test Lab Guide: Demonstrate High Availability Printing in Windows Server “8” Beta – This paper contains an introduction to Windows Server “8” Beta Printing and step-by-step instructions for extending the Test Lab Guide Base Configuration to demonstrate High Availability Printing.
One of the best things about the Microsoft Imagine Cup is the variety of competition categories that span all of Microsoft’s technologies. One such category is the IT Challenge.
The IT Challenge tests competitor’s skills and knowledge about everything IT. Competitors are given a case study on an organization and have to write a document telling the judges exactly how they would meet this organization’s needs. If they do well and move on to the final round, the competition heats up.
From the Microsoft Imagine Cup website:
“This lab will challenge you to build servers, server images, and configurations on a Hyper-V host server to prove your practical knowledge and experience with the technologies. You will be asked to setup, install, and demonstrate knowledge and expertise around Windows 2008 R2, Exchange 2010, Windows 7, Office 2010, System Center Configuration Manager 2007 R2, System Center Operations Manager 2007 R2, TMG 2010, SQL 2008 R2, Office Communications Server 2007 R2, etc. You will be given 24 hours to complete the hands-on lab challenge.”
One such competitor is Sinescu Ionut, a student at Alexandru Ioan Cuza University in Romania. Sinescu will be competing against five other students in what Sincescu calls “a one man show” of information technology excellence.
For more on Sinescu, feel free to check out his blog (in Romanian), or visit him on Facebook.