This post will help you determine usage scenarios for encrypting file system (EFS) in Windows Server 2016 as per the 70-744 objectives. We’ll cover how you can use EFS to encrypt files in Windows.
Tag Archives: Microsoft - Page 5
Determine usage scenarios for Encrypting File System (EFS)
Posted by Jarrod Farncomb
on April 24, 2017
1 comment
Configure Windows Defender scans using Windows PowerShell
Posted by Jarrod Farncomb
on April 21, 2017
No comments
We can configure Windows Defender scans using Windows PowerShell as an alternative to configuring them through the graphical user interface. This allows us to integrate Windows Defender features into PowerShell scripts, and configure settings that are not available through the graphical user interface.
Configure Windows Defender using Group Policy
Posted by Jarrod Farncomb
on April 17, 2017
No comments
While Windows Defender can be configured at a high level through the graphical user interface, we can instead configure Windows Defender using group policy which gives us more control and allows us to roll out the settings to the whole domain from a central location.
Disable SMB Version 1.0 in Windows 10
Posted by Jarrod Farncomb
on April 16, 2017
11 comments
By default SMB version 1.0 is enabled in Windows 10. As this was last needed in Windows XP and Windows Server 2003 it’s quite old, newer versions of SMB are more secure and have additional features. If you no longer need to support these older versions of SMB file shares, it’s a good idea to disable SMB version 1.0, or even remove it completely, as a number of recent vulnerabilities specifically affect SMB version 1.
Disable SMB Version 1.0 in Windows Server 2016
Posted by Jarrod Farncomb
on April 15, 2017
5 comments
By default SMB version 1.0 is enabled in Windows Server 2016. As this was last needed in Windows XP and Windows Server 2003 it’s quite old, newer versions of SMB are more secure and have additional features. If you no longer need to support these older versions of SMB file shares, it’s a good idea to disable SMB version 1.0, or even remove it completely, as a number of recent vulnerabilities specifically affect SMB version 1.
Integrate Windows Defender with WSUS and Windows Update
Posted by Jarrod Farncomb
on April 14, 2017
1 comment
It’s important for Windows Defender to stay up to date so that new known variants of malware can be detected. This can be achieved if we integrate Windows Defender with WSUS and Windows update, which we’ll show you how to do here in Windows Server 2016.
Implement Antimalware Solution with Windows Defender
Posted by Jarrod Farncomb
on April 10, 2017
No comments
This post will cover the 70-744 exam objective “implement antimalware solution with Windows Defender”, we’ll show you how to work with Windows Defender in Windows Server 2016.
By default Windows Server 2016 comes with Windows Defender installed and running. This is an improvement over Windows Server 2012, which had nothing by default although with some work you could install Windows Defender manually, however this solution was of course not officially supported.
Configure BitLocker Group Policy Settings
Posted by Jarrod Farncomb
on April 3, 2017
4 comments
In this post we’ll show you how to configure BitLocker group policy settings. When you enable BitLocker Drive Encryption a number of default settings will be used, such as the strength of the encryption. We can customize these using Group Policy in an Active Directory based domain, allowing us to control the BitLocker settings that get rolled out to all machines in the domain.
Configure Windows Firewall with Advanced Security
Posted by Jarrod Farncomb
on March 27, 2017
5 comments
In Windows Server 2016, Windows Firewall is enabled by default. This allows all outgoing traffic to any destination or port, but limits incoming traffic based on specific rules. We’ll cover how to configure Windows Firewall with Advanced Security by demonstrating how to open it through both the GUI and PowerShell, followed by a demonstration of how to create a custom firewall rule.
Enable SMB Encryption on SMB Shares
Posted by Jarrod Farncomb
on March 24, 2017
No comments
By default data transferred over the network to an SMB share is in plain text, meaning that an attacker with access to the network can view the files being transferred. By enabling SMB encryption on SMB shares this can be prevented.
When creating an SMB share either with PowerShell or through the graphical user interface (GUI) we have the option to enable SMB encryption on the share. We’ll be showing you how to enable SMB encryption on an existing SMB file share in these examples using both PowerShell and the GUI in Windows Server 2016.