GPO Settings to improve performance, security and connections on a RDS Server


A few months ago, I have audited a Remote Desktop Service Infrastructure with RDS Host and RemoteApp.

These are the settings I have configured via GPO:

  • Settings for recovery RD and RemoteApp disconnected sessions:



  • Settings to improve bandwidth and mapping for RD Clients:



  • To improve the security of the RD Clients and Remoteapp experience I did the following:

This setting remove a prompt to connect with RemoteApp to a WebApp. I put the certificate thumbprint.


And with these configs I hide the Server Drives.notmapdrives

This is in the Remote Desktop console in the server configuration, not in GPO and is used to improve the security of the user credential validations.




Where to check hardware compatibility list with Hyper-V OS versions


When I do a desing of a Hyper-V environment, I used to check the hardware compatibility of the servers, SAN and connectivity the website although it’s good check also the vendor website.

With this and MAP Toolkit I can do a realistic design of a future Hyper-V environment.


Applying hardening to your windows server with secedit


To apply a security template for hardening in a Windows Server 2012 R2 you can create your own customized security template. In this blog post you can see how to do:

One time done it, follow these steps:

  • Copy costumized inf file to c:\windows\security\templates
  • Open a powershell console and go to c:\windows\security\templates
  • Execute the following command: Secedit /configure /db secedit.sdb /cfg SCM_Template.inf /overwrite /log SCM_Temp.log
  •  Push y key

It’s all 🙂


Interesting ADCS Quick Health Check Blog Post


I’m doing an upgrade of a AD CS and this blog explains what to check and what means every section when your are checking all the PKI infrastructure. It help you to save time if you are the tipical consultant with a schedule very busy like me 😦



How to migrate a secondary DNS server from 2003 to 2012 R2


Yesterday i was migrating a Public DNS Service from MS Windows 2003 Server to MS Windows 2012 R2. Obviously these zones dns were not integrated in ADDS.

The strategy is easy:

In 2003 Server:

  • Export from regedit the subkeys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones]
  • Copy c:\windows\system32\dns
  • Shutdown server.

In 2012 R2 Server:

  • Configure same ip, mask, gateway and dns servers on the ethernet than 2003 Server.
  • Stop DNS Service.
  • Import the .reg file.
  • Paste the *.dns files inside folder dns.
  • Start DNS Service.
  • Go to Properties of the DNS Server ad configure exactly as 2003 Server.
  • Check all DNS Zones are ok.
  • Check if replication from Master are working fine.

It´s all!