Finally !!! Check out Project Honolulu

Over the years, IT administration has gone really complex. The number of tools just keep increasing. You end up having a whole bunch of different stuff to do different management.

Check out project Honolulu. Don’t ask me how this name came about. 🙂

It is now time to simplify our life. BTW, it can manage your WIndows Server regardless of where they are hosted. In your server room, data center, or even in Azure.

Check the announcement here. https://blogs.technet.microsoft.com/windowsserver/2017/09/14/sneak-peek-4-introducing-project-honolulu-our-new-windows-server-management-experience/

Project Honolulu

Hyper-Converged Cluster Manager solution in Project Honolulu

/Dennis

Advertisements

Security Guide for Windows Server 2016

If you guys are working with Windows Server 2016, you must also be interested in the Security Guide.

Microsoft released Windows Server 2016 Security Guide. Access it here:

 http://download.microsoft.com/download/5/8/5/585DF9E9-D3D6-410A-8B51-81C7FC9A727C/Windows_Server_2016_Security_Guide_EN_US.pdf

If you’re into the following roles; the guide is essential for you;

  • Security professional. Individuals in this role focus on how to provide security across computing platforms within an organization. Security professionals require a reliable reference guide that addresses the security needs of all segments of their organizations and also offers proven methods to implement security countermeasures. They identify security features and settings, and then provide recommendations on how their customers can most effectively use them in high risk environments.
  • IT operations and deployment staff. Individuals in all of these roles troubleshoot security issues as well as application installation, configuration, usability, and manageability issues. They monitor these types of issues to define measurable security improvements with minimal impact on critical business applications. Individuals in IT operations focus on integrating security and controlling change in the deployment process, and deployment personnel focus on administering security updates quickly.
  • Systems architect and planner. Individuals in this role drive the architecture efforts for computer systems in their organizations.
  • Consultant. Individuals in this role are aware of security scenarios that span all the business levels of an organization. IT consultants from both Microsoft Services and partners take advantage of knowledge transfer tools for enterprise customers and partners.

In addition to the resources listed in this guide, here are a number of additional resources to help you secure Windows Server environment:

Windows Server 2012–Virtualization (Hyper-V) Book Launched

Shared by one of my colleagues based in US. Smile

One of the Microsoft MVP wrote this book just it got launched recently.

Written by Aidan Finn, a long time Microsoft MVP has just released his latest book for Hyper-V, Windows Server 2012 Hyper-V Installation and Configuration Guide. Here’s the link:

http://www.amazon.com/Windows-Server-Hyper-V-Installation-Configuration/dp/1118486498

clip_image001

/Dennis

Using Group Policy to prevent FTP.EXE from running

Wow, its been some time i wrote something since i took on my new role. Thought i should pick up my “pen”, erm, rather keyboard and start striking again.

The main focal point of today’s entry in my tech diary, is spurned by a question, can i block ftp.exe program from running in Windows 7. As we all know, Windows 7 loads up with ftp.exe as a process installed. Try opening your command prompt and type “ftp”.

image

At this time, you open up the task manager, you’ll notice “ftp.exe” amongst the many processes you have.

image

FTP on its own isn’t a very secure protocol. Its been around for a very long time. Secure FTP is the preferred way of doing FTP these days. A good Admin will secure all sensitive protocol with IPSec, but that is out of scope at the moment for this short write up.

To prevent “FTP.EXE” from being loaded, there are several ways. One of the most primitive way is to delete the file. Yup, an easy but not enforceable, because someone can simply copy and put it back.

To completely prevent FTP.EXE from running, one should be exploring using enforcement via Group Policies. It is the most effective way of governance across the enterprise.

Here are the steps (Done locally on a Windows 7 client, you should do this via GPMC on the right domain policy):

  1. Edit the appropriate GPO and navigate to “Computer Configuration-> Windows Settings –> Security Settings –> Software Restriction Policies.
  2. Create a new Software Restriction Policy if it isn’t already created.
  3. in the Software Restriction Policy, click on Additional Rules.
  4. Right click Additional Rules and click on New Hash Rule
  5. To identify the binary running ftp.exe, click on Browse and locate “C:\Windows\System32\ftp.exe”.
  6. Under security level, select disallowed and click OK.

image

At this stage, your computer has been updated with the new GPO. However, it will not take effect till the next reboot or till you run the command “gpupdate /force”.

After which, try running FTP. You should be greeted with this message

image

You can use this technique to prevent banned software from running. On the flip side, you couldn’t also block all software from running except for selected few. Have fun.

/Dennis

Media Delivery with Windows Server 2008

I was sharing with SWUG just last week about delivering videos using Windows Server 2008. I was very surprised to learn that many do not know that Windows Server has the ability to deliver videos.

I have shared many examples of local deployment of Windows Server 2008 to host video files.

This short presentation (about 1 hr), i shared about using Windows Server 2008, loaded with Streaming Media Services and using IIS Smooth media streaming. The session included an overview and also how to setup. It look merely 15 mins to setup both up on the same server. 😉

Easy and fast. Of course, there are a lot more.

Anyway, i am sharing my deck of slides used during the session.

Feel free to see this video (Example of IIS 7 + Smooth Media Streaming): http://fab.pingdennis.com This is a demo site i use to show IIS7, so might be up or down. 🙂

/Dennis

SWUG – Active Directory Night

Singapore IT Pro User Group met up on the 10th June 2009.

The group leaders shared about Active Directory. If you were able to join us, we are happy to see you there. If you haven’t, in partnership with DPE in Microsoft Singapore, we have made recording of the session possible.

Details of the Event Synopsis can be found here: http://mstechevents.sg/ViewEvent.aspx?eventId=243

Recorded Video Session and PPT;

Session 1: Fundamentals of Active Directory (Design and Configuration)

SWUG – June 09 – Introduction to Active Directory

 

 

 

 

 

Session 2: Windows 2008 R2 Active Directory

SWUG – June 09 – Windows 2008 R2 Active Directory

 

 

 

 

 

/Dennis