Tag Archives: Microsoft - Page 4

Configure File Management Tasks in Windows Server 2016

Posted by on June 7, 2017 No comments
Configure File Management Tasks

We can configure file management tasks with File Server Resource Manager (FSRM) in Windows Server 2016 to perform various tasks on the file server for us.

For example we can configure scheduled tasks to to complete specific actions, such as expire files older than a certain date automatically and archive them, or encrypt files that match a specific criteria. We can also run custom scripts on a specific set of files to perform arbitrary actions as required.

In this example we’ll show you how to configure file management tasks in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Read more »

Determine SMB 3.1.1 Protocol Security Scenarios and Implementations

Posted by on June 2, 2017 No comments
Determine SMB 3.1.1 Protocol Security Scenarios and Implementations

SMB 3.1.1 was added with Windows Server 2016 and Windows 10 operating systems. This post will cover the SMB 3.1.1 protocol security features that have been introduced, outlining why you would want to use them.

Read more »

Implement NTLM Blocking in Windows Server 2016

Posted by on May 29, 2017 No comments
Implement NTLM Blocking

NT Lan Manager (NTLM) is a proprietary Microsoft security protocol for providing authentication in the Windows operating system. It’s quite old, and we can implement NTLM blocking to disable it, allowing us to increase overall security by instead moving to another protocol such as Kerberos. We’ll see how to do this in Windows Server 2016 using group policy in the examples here.

Read more »

Enable Bitlocker to use Secure Boot for platform and BCD integrity validation

Posted by on May 26, 2017 1 comment
Enable Bitlocker to use secure boot for platform and BCD integrity validation

BitLocker and Secure Boot are important features for a secured Windows operating system to defend against boot and offline attacks. This post will show you how to enable BitLocker to use secure boot for platform and BCD integrity validation.

During the boot process BitLocker will check that the security sensitive boot configuration data (BCD) settings have not been changed since BitLocker was enabled, recovered, or resumed.

This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.

Read more »

Import and Export Windows Firewall Settings in Windows Server 2016

Posted by on May 22, 2017 1 comment
Import and Export Windows Firewall Settings

Instead of manually configuring the same Windows Firewall rules on many different servers, we can import and export Windows firewall settings to transfer them between different servers.

We can also import the firewall rule policy file into a Group Policy Object (GPO) to apply it automatically throughout a whole domain.

Read more »

Create, View, and Import Security Baselines with Security Compliance Manager (SCM)

Posted by on May 12, 2017 2 comments
create, view, and import security baselines with Security Compliance Manager

Security baselines are used as templates to control the security settings that apply to the Windows operating system or piece of Microsoft software. We can create, view, and import security baselines with Security Compliance Manager (SCM), allowing us to quickly modify various security specific settings which is what we’ll cover here.

Read more »

Install and Configure Security Compliance Manager (SCM)

Posted by on May 8, 2017 No comments
Install and Configure Security Compliance Manager (SCM)

Microsoft’s Security Compliance Manager (SCM) is used to access and automate Windows security baselines from a central location. We’ll show you how to install and configure Security Compliance Manager 4.0 which adds support for Windows 10 and Windows Server 2016.

SCM will allow you to plan, create, manage, analyze and customize security baselines for all Windows systems within your environment quickly and efficiently.

Read more »

Implement AppLocker rules using Windows PowerShell

Posted by on May 5, 2017 1 comment
Implement AppLocker rules using Windows PowerShell

We can implement AppLocker rules using Windows PowerShell in addition to group policy. AppLocker PowerShell cmdlets are used to make, test and troubleshoot AppLocker policy, however the cmdlets are designed to complement the AppLocker user interface that is configured through either local or group policy.

Read more »

Implement AppLocker Rules in Windows Server 2016

Posted by on May 1, 2017 2 comments
Implement AppLocker Rules

We can implement AppLocker rules using group policy in a Windows domain to limit the execution of arbitrary executable files. AppLocker takes the approach of denying all executables from running unless they have specifically been whitelisted and allowed.

Read more »

Implement Control Flow Guard in Visual Studio 2015

Posted by on April 28, 2017 No comments
Implement Control Flow Guard (CFG)

Control Flow Guard (CFG) is used to help protect against memory corruption vulnerabilities in .NET software. We can implement Control Flow Guard in Visual Studio 2015 to help protect against these problems in Windows.

Read more »