Tag: Windows Server 2012 R2

Hardening IIS Servers – some nifty tools

I was recently in need of the ability to harden an IIS server to remove things like the IIS and ASP.NET identifiers as well as enforce HTTPS, when I came across a great Powershell (go Powershell!) script that automates the whole process. You can download the script from https://github.com/drewhjelm/iis-hardening/blob/master/configure%20IIS%20security.ps1

*Test in a non-production environment first!*

There is only one prerequisite to deploy to IIS servers and that is URL Rewrite 2.0. After deploying URL Rewrite, run the Powershell Script (reboot will be required) and it will set the following settings:

  • Remove IIS and ASP.NET identification
  • Enforce HSTS (HTTP Strict Transport Security)
  • Enforce HTTPS (redirects all requests from HTTP to HTTPS)
  • Prevent framejacking
  • Disables insecure / weak ciphers
  • Configures SSL / TLS to meet PCI best practices

Another useful tool is Nartac Software IISCrypto. This tool focuses on crypto management of IIS in an easy to use interface as opposed to making all changes in the registry.

It’s time to transform the datacenter!

With just over 314 days until July 14th, 2015, it is time to transform the datacenter. If you are still running servers with Windows Server 2003, now is the time to migrate to Windows Server 2012 R2.

Myself and several other MVPs from across the country are hosting a roadshow event in a city near you and presenting on various topics including What’s New with Windows Server 2012 R2, what’s a hybrid cloud, how to upgrade and migrate from Windows Server 2003, and how you can enhance your investment in Server 2012 R2 with Microsoft Azure.

If you’re in one of the cities listed below, click the link to register for the event in your town and thank you in advance for joining us!

Cincinatti, OH – 9/20/2014Register Here 

Tampa, FL  – 9/22/2014Register Here

Chicago, IL – 9/22/2014Register Here

Bellevue, WA – 9/23/2014Register Here

Phoenix (Tempe), AZ – 9/24/2014Register Here

Denver, CO – 9/25/2014Register Here

Houston, TX – 9/26/2014Register Here

Detroit, MI – 9/27/2014Register Here

 

Office 365 / Azure Integration Update for Windows Server 2012 R2

If you’re a Windows Server 2012 R2 user and you use the Essentials Experience role (same features as the standalone SKU) in a multi domain controller (DC) environment, you may have noticed that the wizards for integrating with Office 365 and Windows Azure Active Directory are disabled. This is because they were designed to function in a single DC environment.

Today, Microsoft has corrected this behavior as part of update rollup 2975719. If you install this update rollup, you should now be able to use the wizards as intended.

More info: Update Rollup August 2014 | Office 365 Integration KB

Honored for 4th year in a row as a Microsoft Most Valuable Professional

I am very pleased to announce that Microsoft has chosen me to be a Microsoft Most Valuable Professional for the 4th year in a row. As many of you may know, I have been an MVP for Windows Home Server. However, with the discontinuation of Windows Home Server, I have been chosen to be an MVP for Windows Server for Small and Medium Business.

I am honored to have been chosen, and I look forward to all the amazing community work ahead in 2014.

Dear Tom,

Congratulations! We are pleased to present you with the 2014 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Windows Server for Small and Medium Business technical communities during the past year.

Microsoft releases Media Streaming Pack for Windows Server 2012 R2

As some of you may have noticed, Windows Server 2012 R2 Essentials no longer includes media streaming functionality out of the box. This feature existed in the non-R2 version, as well as previous versions, dating all the way back to Windows Home Server v1.

Instead of keeping this feature in the base product, Microsoft have released the Media Streaming Pack for Windows Server 2012 R2.

The Media Streaming Pack adds media streaming functionality to Windows Server 2012 R2 Essentials as well as those Standard and Datacenter servers running the Essentials Experience role.

The following features are included:

  • Streaming of media (photos, music and videos) to DLNA-compliant receivers
  • Smooth streaming to HTML5-compliant browsers through Remote Web Access and web service applications
  • Configuration through the Windows Server Essentials Dashboard

The Media Streaming pack is a free download from Microsoft and is available at http://www.microsoft.com/en-us/download/details.aspx?id=40837

How-to: Install Windows Server Update Services on Windows Server 2012 R2 Essentials

It’s here! As part of the general availability of Windows Server 2012 R2 Essentials, I’m releasing a new how-to guide. This guide is for installing Windows Server Update Services on Windows Server 2012 R2 Essentials. Windows Server Update Services is a valuable tool in any IT professional’s toolkit, and can be used to manage the distribution of updates to clients, be very useful in low-bandwidth environments where it is not a good idea to have 20 clients downloading the same files 20 times from the internet, and is a great way to get basic reporting about systems.

If you have feedback, either leave it in the comments or send me an e-mail (tom at tomontech dot com). NOTE: I can not provide individualized installation support, I simply don’t have the time.

WARNING: By viewing and / or downloading this guide, you assume all responsibility and liability in case anything goes wrong. You agree that I can not and will not be held responsible for any data loss or other issues resulting from the installation or use of Windows Server Update Services. This guide is intended to be a sample and is not representative of every scenario. Please consult with a qualified professional if you are unsure about any of the steps herein.

To view the guide, click here, or view the embedded version below. To download a PDF copy of this guide, click here.

//www.scribd.com/embeds/177586048/content?start_page=1&view_mode=scroll&access_key=key-1s8n6ss0lrri27hsxa8o&show_recommendations=true

Configuring Group Policy for Windows Server Update Services on Windows Server 2012 R2 Essentials

This post is intended to be a supplement for the Installing WSUS on Windows Server 2012 R2 Essentials guide.

To configure your client workstations to connect to WSUS, it is highly recommended to use Group Policy. Below I have included examples of Group Policy settings and the necessary WMI filters that can be used as a baseline policy in any environment.

The Default Windows Update Settings policy is intended to the base / default policy that is applied to all systems in the domain.

The Windows Update Settings – Servers policy is intended to supplement the default settings and apply server specific installation settings to server OSes. This policy requires the Servers WMI filter.

The Windows Update Settings – Workstations policy is intended to supplement the default settings and apply workstation specific installation settings to workstation OSes. This policy requires the workstations WMI filter.

WMI Filters

The following filters will work with Windows 7, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Namespace (case-sensitive) WMI Filter
Servers (applies to domain controllers and member servers) rootCIMV2 select * from Win32_OperatingSystem where (Version >= “6.1%”) and ProductType = “2” or ProductType = “3”
Workstations rootCIMV2 select * from Win32_OperatingSystem where (Version >= “6.1%”) and ProductType=”1″

Quick Tip: Windows Server 2012 Internal Database Connection String

Today’s quick tip is for Windows Server 2012 and 2012 R2. If you’re attempting to use SQL Server Management Studio to manage the Windows Internal Database instance, the connection string has been changed.

To connect to Windows Internal Database on Windows Server 2012 and 2012 R2, you will need to use the following.

\.pipeMICROSOFT##WIDtsqlquery

SQL 2012 Connect to Server

Windows Server 2012 R2 is now available to MSDN / Technet Subscribers

Today, Microsoft has released the RTM Windows Server 2012 R2 bits to MSDN and TechNet subscribers.

Microsoft has said that they will be continuing to improve the product between now and General Availability in October.

Windows Server 2012 R2 brings a ton of awesome new features from refinements in Server 2012 R2 Essentials, to the Windows Server Essentials experience, improved support for BYOD with Work Folders and Active Directory, Storage Tiering in Storage Spaces, and many other awesome features.

To learn more about What’s New in Windows Server 2012 R2, I suggest visiting the TechNet Library, and reading Brad Anderson’s blog about the new features.

For the build curious amongst us, the build string for Windows 8.1 RTM is 9600.winblue_rtm.130821-1623. The SHA1 hashes for the ISO have been posted below along with steps to check the integrity of the downloaded ISO.

Hashes for today’s release:

en_windows_server_2012_r2_x64_dvd_2707946.iso
SHA1: B6F063436056510357CB19CB77DB781ED9C11DF3

en_windows_server_2012_r2_essentials_x64_dvd_2707177.iso
SHA1: 8A4CB96563DDA4F1BF637E57A992F3255D56B6F8

To run MSCDCRC against an ISO file that you have downloaded follow these steps.

  1. 1. Download MSCDCRC to the same folder that you downloaded the ISO to. (Click here to download MSCDCRC)
  2. 2. Open a Command Prompt window and navigate to the folder from Step 1
  3. 3. Type “MSCDCRC InstallDVD.iso” (without quotes)
  4. 4. The integrity check will take a few moments to complete. After the check is complete compare the CRC and SHA hashes to the hashes posted above

Windows 8.1 now available to MSDN and Technet Subscribers

Win8Blue_WebToday, in a change of heart, Microsoft has released the RTM Windows 8.1 bits to MSDN and TechNet subscribers.

In a blog post published by Steve Guggenheimer, Microsoft notes that they are working through how to best support developers and IT pros as they align to a faster release cadence.

In my opinion, it would have been much better to release the bits to developers and IT pros back around the original RTM timeframe, but this is better than nothing.

For the build curious amongst us, the build string for Windows 8.1 RTM is 9600.winblue_rtm.130821-1623. The SHA1 hashes for the ISO have been posted below along with steps to check the integrity of the downloaded ISO.

Hashes for today’s release:

en_windows_8_1_x86_dvd_2707392.iso
SHA1: 802CFCD3A411D99C097EA7E747F0B6697F9BDAC4

en_windows_8_1_x64_dvd_2707217.iso
SHA1: BC2F7FF5C91C9F0F8676E39E703085C65072139B

To run MSCDCRC against an ISO file that you have downloaded follow these steps.

  1. 1. Download MSCDCRC to the same folder that you downloaded the ISO to. (Click here to download MSCDCRC)
  2. 2. Open a Command Prompt window and navigate to the folder from Step 1
  3. 3. Type “MSCDCRC InstallDVD.iso” (without quotes)
  4. 4. The integrity check will take a few moments to complete. After the check is complete compare the CRC and SHA hashes to the hashes posted above
  5. 5. If the hashes match then you have successfully downloaded the ISO