A few months ago, I have audited a Remote Desktop Service Infrastructure with RDS Host and RemoteApp.
These are the settings I have configured via GPO:
- Settings for recovery RD and RemoteApp disconnected sessions:
- Settings to improve bandwidth and mapping for RD Clients:
- To improve the security of the RD Clients and Remoteapp experience I did the following:
This setting remove a prompt to connect with RemoteApp to a WebApp. I put the certificate thumbprint.
And with these configs I hide the Server Drives.
This is in the Remote Desktop console in the server configuration, not in GPO and is used to improve the security of the user credential validations.
When I do a desing of a Hyper-V environment, I used to check the hardware compatibility of the servers, SAN and connectivity the website http://www.windowsservercatalog.com/ although it’s good check also the vendor website.
With this and MAP Toolkit I can do a realistic design of a future Hyper-V environment.
To apply a security template for hardening in a Windows Server 2012 R2 you can create your own customized security template. In this blog post you can see how to do: https://mpgnotes.wordpress.com/2014/05/26/how-to-create-a-security-template-for-hardening/
One time done it, follow these steps:
- Copy costumized inf file to c:\windows\security\templates
- Open a powershell console and go to c:\windows\security\templates
- Execute the following command: Secedit /configure /db secedit.sdb /cfg SCM_Template.inf /overwrite /log SCM_Temp.log
- Push y key
It’s all 🙂
I’m doing an upgrade of a AD CS and this blog explains what to check and what means every section when your are checking all the PKI infrastructure. It help you to save time if you are the tipical consultant with a schedule very busy like me 😦
Yesterday i was migrating a Public DNS Service from MS Windows 2003 Server to MS Windows 2012 R2. Obviously these zones dns were not integrated in ADDS.
The strategy is easy:
In 2003 Server:
- Export from regedit the subkeys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones]
- Copy c:\windows\system32\dns
- Shutdown server.
In 2012 R2 Server:
- Configure same ip, mask, gateway and dns servers on the ethernet than 2003 Server.
- Stop DNS Service.
- Import the .reg file.
- Paste the *.dns files inside folder dns.
- Start DNS Service.
- Go to Properties of the DNS Server ad configure exactly as 2003 Server.
- Check all DNS Zones are ok.
- Check if replication from Master are working fine.