We can configure file classification infrastructure (FCI) using File Server Resource Manager (FSRM) in Windows to classify different files based on various attributes. While files have the usual properties on them such as creation date and owner for example, we can use FCI to add our own custom properties to a file. This allows us to classify files in our environment automatically based on the contents of the file.
Category Archives: Windows - Page 4
Configure File Classification Infrastructure (FCI) Using FSRM
Deploy Configurations to Domain and Non-Domain Joined Servers with Security Compliance Manager (SCM)
We can deploy security baseline configurations to domain and non-domain joined servers with Security Compliance Manager (SCM). This is done by first exporting the security baseline as a GPO, and then importing it either as group policy or local policy depending on whether or not the client is a member of an active directory domain.
Configure File Management Tasks in Windows Server 2016
We can configure file management tasks with File Server Resource Manager (FSRM) in Windows Server 2016 to perform various tasks on the file server for us.
For example we can configure scheduled tasks to to complete specific actions, such as expire files older than a certain date automatically and archive them, or encrypt files that match a specific criteria. We can also run custom scripts on a specific set of files to perform arbitrary actions as required.
In this example we’ll show you how to configure file management tasks in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Read more »
Determine SMB 3.1.1 Protocol Security Scenarios and Implementations
Implement NTLM Blocking in Windows Server 2016
NT Lan Manager (NTLM) is a proprietary Microsoft security protocol for providing authentication in the Windows operating system. It’s quite old, and we can implement NTLM blocking to disable it, allowing us to increase overall security by instead moving to another protocol such as Kerberos. We’ll see how to do this in Windows Server 2016 using group policy in the examples here.
Enable Bitlocker to use Secure Boot for platform and BCD integrity validation
BitLocker and Secure Boot are important features for a secured Windows operating system to defend against boot and offline attacks. This post will show you how to enable BitLocker to use secure boot for platform and BCD integrity validation.
During the boot process BitLocker will check that the security sensitive boot configuration data (BCD) settings have not been changed since BitLocker was enabled, recovered, or resumed.
This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.
Import and Export Windows Firewall Settings in Windows Server 2016
Instead of manually configuring the same Windows Firewall rules on many different servers, we can import and export Windows firewall settings to transfer them between different servers.
We can also import the firewall rule policy file into a Group Policy Object (GPO) to apply it automatically throughout a whole domain.
Create, View, and Import Security Baselines with Security Compliance Manager (SCM)
Security baselines are used as templates to control the security settings that apply to the Windows operating system or piece of Microsoft software. We can create, view, and import security baselines with Security Compliance Manager (SCM), allowing us to quickly modify various security specific settings which is what we’ll cover here.
Install and Configure Security Compliance Manager (SCM)
Microsoft’s Security Compliance Manager (SCM) is used to access and automate Windows security baselines from a central location. We’ll show you how to install and configure Security Compliance Manager 4.0 which adds support for Windows 10 and Windows Server 2016.
SCM will allow you to plan, create, manage, analyze and customize security baselines for all Windows systems within your environment quickly and efficiently.
Implement AppLocker rules using Windows PowerShell
We can implement AppLocker rules using Windows PowerShell in addition to group policy. AppLocker PowerShell cmdlets are used to make, test and troubleshoot AppLocker policy, however the cmdlets are designed to complement the AppLocker user interface that is configured through either local or group policy.