In Windows Server 2016, Windows Firewall is enabled by default. This allows all outgoing traffic to any destination or port, but limits incoming traffic based on specific rules. We’ll cover how to configure Windows Firewall with Advanced Security by demonstrating how to open it through both the GUI and PowerShell, followed by a demonstration of how to create a custom firewall rule.
Category Archives: Windows - Page 6
Configure Windows Firewall with Advanced Security
Enable SMB Encryption on SMB Shares
By default data transferred over the network to an SMB share is in plain text, meaning that an attacker with access to the network can view the files being transferred. By enabling SMB encryption on SMB shares this can be prevented.
When creating an SMB share either with PowerShell or through the graphical user interface (GUI) we have the option to enable SMB encryption on the share. We’ll be showing you how to enable SMB encryption on an existing SMB file share in these examples using both PowerShell and the GUI in Windows Server 2016.
Configure Storage Reports in Windows Server 2016
We can configure storage reports with File Server Resource Manager (FSRM) in Windows Server 2016 to generate various useful reports. These reports allow us to get a high level overview of the file shares on the file server.
In this example we’ll show you how to configure storage reports in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Configure File Screens for File Server Resource Manager (FSRM)
We can configure file screens with File Server Resource Manager (FSRM) in Windows Server 2016 to restrict users from saving defined file types to the file share. For example, we can configure file screening to deny users from saving large video files on the file server.
In this example we’ll show you how to configure file screens in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Configure Quotas with File Server Resource Manager (FSRM)
We can configure quotas with File Server Resource Manager (FSRM) to warn or limit a user based on the total file size of all of the files that they own on the file server. This can be used to fairly share the available space between many users.
In this example we’ll show you how to configure quotas in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Install File Server Resource Manager (FSRM) Role in Windows Server 2016
Determine hardware and firmware requirements for secure boot and encryption key functionality
Confirming whether or not your hardware and firmware support secure boot and encryption keys doesn’t really have anything to do with Windows Server 2016, these features must be supported at lower levels than the operating system. This post will address Microsoft’s 70-744 exam objective “Determine hardware and firmware requirements for secure boot and encryption key functionality”.
Determine Requirements for Implementing Credential Guard in Windows Server 2016
Credential Guard is a new feature available in Windows 10 and Windows Server 2016 that uses virtualization based security to store NTLM and Kerberos secrets in an isolated process.
Without Credential Guard, these secrets are stored in the memory of user accessible processes, making them available to tools such as mimikatz with administrative privileges.
Credential Guard helps protect against this, we’ll be discussing the requirements for setting up Credential Guard here.
Deploy BitLocker without a Trusted Platform Module (TPM)
It is certainly ideal to configure BitLocker with TPM if possible, it may be the case that you do not have TPM available but still want to take advantage of BitLocker’s full disk encryption. While this is not possible by default, it is possible after the modification of some group policy settings, which we’ll cover here in order to allow you to deploy BitLocker without a trusted platform module.