Thursday 30 May 2013

Certificate Services Installing CA

The preferred method

Microsoft best practice is to install a standalone root CA with an enterprise subordinate CA. The Standalone can then be isolated offline for enhanced security while the subordinate takes over issuing certificates.

The following videos gives a short demo of installing two CAs using server 2003 … it is a good starting point for his 2008 videos.

Microsoft CA 1 of 2 - Setup Standalone Root

Microsoft CA 2 of 2 - Enterprise Subordinate

The following video gives a short demo of CA autoenrollment using server 2003.

Microsoft CA - Autoenrollment Step-by-Step

In reality a single tier

While it is best practice to have two CAs … see above … in many instances you may only have one server at your disposal.

Single Tier PKI one CA that does all the issuing of certificates aimed at small business of up to 300.

Certificate Services 2008 R2 - Installing a Single Tier PKI

SSL in depth

Certificate Services 2008 1 of 4 - Installing a Microsoft CA

Certificate Services 2008 2 of 4 - Implementing a SSL Certificate

Certificate Services 2008 3 of 4 - Binding the SSL Certificate

Certificate Services 2008 4 of 4 - SSL Under the hood

 

Certificate Services 2008 1 of 2 - Autoenrollment (concept)

Certificate Services 2008 2 of 2 - Autoenrollment  Step By Step

No comments:
Labels: , ,

Windows CA 2008 and IE10 Error

When messing around with Certificate Services on Windows Server 2008 R2 and trying to connect to the CA’s certsrv folder in the browser I got the error:

“The Web Browser does not support the generation of certificate requests”

image

The problem is related to IE 10; if I switch to compatibility mode no problem.

image

TechNet: Windows PKI Blog

News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals.

No comments:
Labels: ,

Hyper-V VMs continually shutting down

I have an issue with my Virtual Machines (VMs) shutting down after a short period. It would appear to be related to the operating system expiring.

Happens with Windows Server 2008 VMs … Windows 7 VMs appears to be okay.

One solutions is rearming from the command prompt with

slmgr.vbs –rearm

The post I got the fix from mentioned that this would reoccur in about 5 days.

I suspect that the VMs will have to be rearmed every time they are reverted. A small annoyance in a test environment but in a production environment … where is your licence!!

No comments:
Labels:

Monday 20 May 2013

Using Certificates for IPsec Authentication

In a previous post IPsec Overview there is an example of securing Telnet with IPsec. This link to a TechNet Video takes the Telnet example further by using Certificates for IPsec Authentication.

TechNet Video: Using Certificates for IPsec Authentication

No comments:
Labels: , , , ,

IPsec Overview

Overview of IPsec

Useful overview of IPsec with example of setup using group policy.

I have included a link to the contributors YouTube site

IT Free Training MCITP 70-640

No comments:
Labels: , , ,

Sunday 19 May 2013

Basics of IPv6 for Vulcans

Found this useful to understand the basics of IPv6 even if the guy looks like a Vulcan. Busy watching the other two parts.

Part 1 of 3 IPv6 for CCNAs

Part 2 of 3 IPv6 for CCNAs
Part 3 of 3 IPv6 for CCNAs
No comments:
Labels: ,

Thursday 16 May 2013

Useful NetSH IPv6 commands

Here is a link to some useful commands for working with IPv6 from the command line using NetSH.

Useful Windows 7 IPv6 netsh commands

One I would add is to include a rule in Windows 7 Firewall to reply to ping requests ... useful when testing as Windows 7 does not reply to ping by default.

netsh advfirewall firewall add rule name="All ICMP V6" protocol=icmpv6:any,any dir=in action=allow

I was working on a Microsoft IPv6 lab and they would have appeared to have omitted this step before requesting you to ping the client.

No comments:
Labels:

Wednesday 15 May 2013

Free Introducing Windows Server 2012

6215_9780735675353x_5F00_0D9EB3CC

Microsoft: Introducing Windows Server 2012 PDF

Found this on theHyperadvisor

No comments:
Labels:

Messing about with NetSH AdvFirewall

Reset Firewall to Default

If you are going to mess about with your firewall the first thing you want to know is how to reset it to default

netsh advfirewall reset

Export/Import Settings

The second thing you should know is probably the last thing you would have though about. If you are going to mess around with an already successfully configured firewall then you may want to save the current settings and reimport them.

netsh advfirewall export "c:\wfconfig.wfw" 
netsh advfirewall import "c:\wfconfig.wfw"

It’s not a bad idea if you are messing about with NetSH in general to export the configuration. Not all “learning” is done with easily revertible test VMs … most of the important lesson we learn tend to be on live systems.

Firewall Off & On Test

If I switch the firewall off will this work … NO … better switch it back on then.

netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on

No comments:
Labels: , , , , ,

Useful WMIC Queries

WMI using the command line, WMIC is a utility that allows you to interact with WMI from a WMI-aware command-line shell.

Here are a couple of useful links

TechNet: Ask the Performance Team Blog

WMIC - The Windows secret weapon

No comments:
Labels: , , , ,

Tuesday 14 May 2013

Microsoft Windows DNSLint utility

DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues.

DNSLint has three functions that verify Domain Name System (DNS) records and generate an HTML report. The three functions are:

  • dnslint /d: This diagnoses potential causes of "lame delegation" and other related DNS problems.
  • dnslint /ql: This verifies a user-defined set of DNS records on multiple DNS servers.
  • dnslint /ad: This verifies DNS records specifically used for Active Directory replication.

Microsoft Windows DNSLint utility

No comments:
Labels: ,

Sunday 12 May 2013

Windows 8 PowerShell Shutdown Tile

TechNet link to a PowerShell module to create Shutdown, Restart and Logoff tiles for your Windows 8 Start screen.

Create a Shutdown/Restart/Logoff Windows 8 Tile for the Start menu (PowerShell)

No comments:
Labels:

Windows 8 Desktop Shutdown Shortcut

I don’t share a lot of peoples dislike of Windows 8 … want to shutdown … then create a Shutdown shortcut on the desktop

shutdown /s /t 0

That would be Zero not and Oh!!!

No comments:
Labels:

Windows 8 Classic Shell, Shutdown & Annoyances

While I don’t share a lot of peoples immediate hatred of Windows 8, having been through a few new versions of Windows, there are a few annoyances.

Do you want the start button download this.

http://www.classicshell.net/

The other immediate annoyance I had was Metro Applications taking up the whole screen switch to Google Chrome.

If you don’t like a Metro App hogging the whole screen change the file association to a third party app.

No comments:
Labels:

Thursday 9 May 2013

Windows Server 2012 Local Users and Groups

If you are from a Windows Server 2008 background you are may be looking for access to Local Users and Groups in Windows Server 2012.

On the Start screen type Computer

image

Select Computer Manager

image

You will find yourself back in familiar territory.

2 comments:
Labels:

Hyper-V Using Differencing Disks

One way to optimize disk space and reduce the number of times that you have to install and update a released operating system is to create parent child configurations using differencing disks in Hyper-V.

For example, if you need to install a test lab that will employ three Windows Server 2008 R2 installations: one configured as a domain controller, another configured as an Exchange Server, and a third configured as a SQL Server, you could use a Parent-Child Differencing disk configuration to save the time of installing and updating the Windows Server 2008 R2 installation for all three of those virtual machines.

TechNet: Hyper-V Virtual Machine (VM) Parent-Child Configuration Using Differencing Disks

No comments:

Monday 6 May 2013

Windows Denial of Service by IPv6 RA Packets

Any version of Windows with IPv6 installed and running is vulnerable to a DoS attack by sending thousands of Router Assignment (RA) packets.

 Skid

To prevent a “Script Kiddies” attack have a look at this link.

Overclocked Techies: Windows Denial of Service by IPv6 RA Packets

http://samsclass.info/ipv6/proj/flood-router6a.htm

No comments:
Labels: , , ,

Sunday 5 May 2013

Microsoft Evaluation VHD Administrator Password

Recently decided to use the evaluation VHD of 2008 R2 I downloaded from Microsoft .. but what was the password.

Goggled the file name …

“windows server 2008 r2 enterprise evaluation (full edition)”

… and found the password was Pass@word1.

It was then I remembered the problems I had with that password in the past.

The VM was created using the US local & keyboard settings if you are using a UK keyboard you have to type

Pass”word1

2 comments:
Labels: , ,

Saturday 4 May 2013

Manage Hyper-V 2012 on Core from Windows 8

Unlike Window 7 and Hyper-V on 2008 R2 there is no need to download additional tools to administer Hyper-V from Windows 8 as they are a feature of Windows 8.

This is the Client Side Configuration there are plenty of postings relating to server side configuration. Both machines are in same workgroup.

Install Hyper-V Management Tools on Windows 8

Search for Control Panel

Select Control Panel then Programs

Under Programs and Features Heading select Turn Windows Feature On or Off

Tick Hyper-V Management Tools and both sub options

image

Start Component Services

Search "DCOMCNFG"

right click and "Run as administrator"

image

Select Console Root, Component Services, Computers, My Computer
Right click My Computer and select properties

Select "COM Security"
Select "Edit Limits" for Access Permissions

image
Allow remote access by setting the checkmark for the "ANONYMOUS LOGON"

image

No comments:
Labels: , , , ,

Windows 2012 Local Users and Groups

Another how do I find it with Windows 2012; Local Users and Groups.

search for lusrmgr.msc

No comments:
Labels: ,

Windows 2012 Core Disk Performance Missing

If you open Task Manager and go to the Performance tab Disk performance is missing.

Did a quick web search and someone remembered with NT 4.0 you had to enable this with …

diskperf –y

… and it works with Windows Server 2012 Core.

image

That takes me back.

No comments:
Labels: , ,

Friday 3 May 2013

TechNet: Test Lab Guides

Test Lab Guides (TLGs) allow you to get valuable hands-on experience with new products and technologies using a pre-defined and tested methodology that results in a working configuration. When you use a TLG to create a test lab, instructions define what servers to create, how to configure the operating systems and system services, and how to install and configure any additional products or technologies.

A challenge in creating useful TLGs is to enable their reusability and extensibility. Because creating a test lab can represent a significant investment of time and resources, your ability to reuse and extend the work required to create test labs is important.

TechNet: Test Lab Guides

No comments:
Labels: , , , , , , , , , , , , , , , , ,

Thursday 2 May 2013

DirectAccess Deployment Guide

This link describes deployment of DirectAccess in Windows Server 2008 R2.

Discusses such things as Corporate Connectivity Detection.

DirectAccess Deployment Guide

No comments:
Labels: ,
Subscribe to: Posts (Atom)