Category Archives: Exam Guides

Enable SMB Encryption on SMB Shares

Enable SMB Encryption on SMB Shares

By default data transferred over the network to an SMB share is in plain text, meaning that an attacker with access to the network can view the files being transferred. By enabling SMB encryption on SMB shares this can be prevented.

When creating an SMB share either with PowerShell or through the graphical user interface (GUI) we have the option to enable SMB encryption on the share. We’ll be showing you how to enable SMB encryption on an existing SMB file share in these examples using both PowerShell and the GUI in Windows Server 2016.

Read more »

Configure File Screens for File Server Resource Manager (FSRM)

Configure File Screens with File Server Resource Manager

We can configure file screens with File Server Resource Manager (FSRM) in Windows Server 2016 to restrict users from saving defined file types to the file share. For example, we can configure file screening to deny users from saving large video files on the file server.

In this example we’ll show you how to configure file screens in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.

Read more »

Configure Quotas with File Server Resource Manager (FSRM)

We can configure quotas with File Server Resource Manager (FSRM) to warn or limit a user based on the total file size of all of the files that they own on the file server. This can be used to fairly share the available space between many users.

In this example we’ll show you how to configure quotas in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.

Read more »

Determine hardware and firmware requirements for secure boot and encryption key functionality

Determine hardware and firmware requirements for secure boot and encryption key functionality

Confirming whether or not your hardware and firmware support secure boot and encryption keys doesn’t really have anything to do with Windows Server 2016, these features must be supported at lower levels than the operating system. This post will address Microsoft’s 70-744 exam objective “Determine hardware and firmware requirements for secure boot and encryption key functionality”.

Read more »

Determine Requirements for Implementing Credential Guard in Windows Server 2016

Determine Requirements for Implementing Credential Guard - Windows Server 2016

Credential Guard is a new feature available in Windows 10 and Windows Server 2016 that uses virtualization based security to store NTLM and Kerberos secrets in an isolated process.

Without Credential Guard, these secrets are stored in the memory of user accessible processes, making them available to tools such as mimikatz with administrative privileges.

Credential Guard helps protect against this, we’ll be discussing the requirements for setting up Credential Guard here.

Read more »

Deploy BitLocker without a Trusted Platform Module (TPM)

Deploy BitLocker without a Trusted Platform Module (TPM

It is certainly ideal to configure BitLocker with TPM if possible, it may be the case that you do not have TPM available but still want to take advantage of BitLocker’s full disk encryption. While this is not possible by default, it is possible after the modification of some group policy settings, which we’ll cover here in order to allow you to deploy BitLocker without a trusted platform module.

Read more »

Configure update approvals and deployments in WSUS

Configure WSUS Update Approvals And Deployments

In this post we’re going to take a look at both manual and automatic update approvals in Microsoft’s Windows Server Update Services (WSUS). Updates need to be first approved before they will be made available for download and installation by the client computers.

Read more »

Troubleshoot WSUS configuration and deployments

Troubleshoot WSUS configuration and deployments

This post will cover some basic methods to troubleshoot and fix common problems with Microsoft’s Windows Server Update Services (WSUS).

Read more »

Manage updates using WSUS in Windows Server 2016

Manage Updates Using WSUS

This post will show you how to manage updates using Windows Server Update Services (WSUS) in Windows Server 2016. This will include viewing available updates and approving the updates to predefined computer groups.

Read more »

Install and configure Windows Server Update Services (WSUS)

Install and configure Windows Server Update Services (WSUS)

In this post we will cover how to install and configure Windows Server Update Services (WSUS) in Microsoft’s Windows Server 2016.

WSUS can be used to automatically download Windows update files and store them locally. Other Windows servers in your network will then download the updates from the WSUS server rather than the Internet, saving you Internet bandwidth and speeding up the Windows update process.

With WSUS we can configure all of our servers to be automatically updated, ensuring that security updates are installed quickly from a central location. This will provide us with useful information such as reports advising which servers have or have not been patched with a specific update.

Read more »