|
|
Front Page News
-
|
We’d like to introduce another author on Thelazyadmin.com. Brad Bird is an IT Professional of 12 years experience. Currently working as an independent consultant associated with Infront Consulting. Brad has more than 8 years under his belt specifically in Windows Networking Administration. Among his specialties are: Windows security, forensics, intrusion prevention and detection, Active Directory implementation, System Center Operations Manager and Data Protection Manager implementation...
|
-
|
One of the new and long awaited features in IIS 7 is support for FTPS or FTP over SSL. By default all FTP data is transfered in clear text, including the user name and password. From a security point of view you can see this is a bad thing. FTPS to the rescue! Before you begin you will need to download and install FTP for IIS7 and you can do so here: FTP for IIS 7 on Windows Server 2008 x86 FTP for IIS 7 on Windows Server 2008 x64 The first step is to create the certificate. You have two options,...
|
-
|
Typically hotfixes are released on the second Tuesday of each month as you are all well aware. Occasionally, I can personally only remember three including this one, there are out of band hotfixes released. While we don’t normally post hotfix release notifications considering this is an out of band release I wanted to let you all know about it. Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution (958644) http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx...
|
-
|
We’ve covered a creating a cluster and clustering a service and one other thing to configure in your cluster is failback policies. These control if, how and when a failed resource is brought back online on the preferred owner. As an example, say Node 1 in your file server cluster goes offline. The resource will failover to Node 2. But what happens when Node 1 comes back online? By default, nothing, and this is to prevent a resource from bouncing back and forth between nodes as Node 1 goes on and...
|
-
|
We’ve covered setting up a two node failover cluster in Windows Server 2008 and now that we have that running we can start to cluster some services and/or applications. In this example we’ll cluster File Services to create a highly available file share. To start we can simply right-click Services and Application under the cluster and choose Configure a Service or Application. From there we are presented with a list of services and applications that can be clustered. Simply choose the service or application...
|
-
|
If you have ever set up a Windows cluster in Windows 2003, 2000 or if you were brave enough NT4 you know it has always posed a number of challenges that usually required some specialized skills. Well in Windows Server 2008 that has changed thankfully and we can whip together a two node failover cluster in minutes! Before you get started you will need the following: 3 servers at minimum (1DC, 2 Nodes) Shared storage (iSCSI or FibreChannel) 3 Networks (Public, iSCSI, Heartbeat) With that...
|
-
|
In a recent article I wrote about the Standard User Analyzer, one of the tools available to mitigate app compat issues with UAC. Some applications require a little more work to get them working and for these situations you can use the Compatibility Administrator which part of the Application Compatibility Toolkit 5.0. Again it is a pretty straight-forward tool to use once you have collected the required information. Now before you begin you need to use tools like Process Monitor to determine what...
|
-
|
One of the biggest blockers to deployment in application compatibility. Whether it is a new OS and existing applications or new applications on an existing OS these are they kind of things that drive you nuts. There are many tools available now to help address these issues, one being the Standard User Analyzer. With Windows Vista one of the app compat issues that arises is due to User Account Control (UAC). With this you have two options, disable UAC (which is the worst thing you can do) or use SUA...
|
-
|
As with anything you should be backing up your Hyper-V machines. I think that just goes without saying. Backing up Hyper-V has gotten easier with the addition of VSS and Windows Server Backup (WSB). WSB is a new feature in Windows Server 2008 that replaces the old NTBackup from days gone by. It is not installed by default but can be easily added with the Add Features wizard in Server Manager. Once installed there is one last setting you must configure before backing up the Hyper-V virtual machines....
|
-
|
As with each edition of Windows Server, the 2008 release also includes some new additions. In order to take advantage of some of these new features you need to upgrade your Active Directory Forest and Domain functional levels. You can read about the Windows 2000/2003 domain and forest functional levels as a refresher if you like, but here we'll cover the 2008 versions. Windows 2008 Forest Functional Level The Windows 2008 Forest functional level does not provide any additional features to your Active...
|
-
|
In case you have been living under a rock for the past month you have most likely heard about the DNS cache exploit recently discovered by Dan Kaminsky . This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc.... It was so big in fact that all the major vendors worked together to get the patch issued on the same day. The flaw would allow an attacker to insert a malicious DNS record into the cache. As an end user...
|
-
|
Here at the LazyAdmin we have talked quite a bit about using BitLocker with Windows Vista . With the introduction of Server 2008 you can now also leverage Bitlocker with your 2008 servers. This is particularly attractive when deploying Read Only Domain Controllers (RODC) to remote locations where physical security is questionable. One BitLocker features is the ability to backup your Bitlocker encryption key to the Active Directory. In previous articles we have talked about enabling GPOs that can...
|
-
|
We have talked about enabling BitLocker Active Directory integration in a previous post now we will take a look at prepping your domain to implement this integration. To take advantage of the several of the more compelling feature such as RODCs and Windows 2008 domain controllers we first need to extend the AD schema in our current environment. These additions also allow you to add take advantage of feature in Windows Vista such as group policy client side extensions, and storing BitLocker keys in...
|
-
|
One of the nice things with RODCs is the ability to control cached credentials. You can also pre-populate passwords for specific users, like a branch office user, in case the branch office connection goes down but this can be a security concern if that server gets stolen. Server 2008 has a nice way of handling this so you can sleep easier. This last video will cover what to do when the RODC is stolen. Note: Double-click on the video to go full screen. If you want to give these demos a try yourself...
|
-
|
The next video in our Server Core series is going to cover making our demo server into a RODC or Read-Only Domain Controller . One pre-requisite for a RODC is an existing Windows 2008 based DC in the domain. You also need to run adprep /rodcprep before you can add the RODC. Other than that it is pretty straight-forward but without the DCPromo wizard can cause a challenge. Let's see how it is done! Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be...
|
-
|
In the next video in the Server Core series we look at the remote management options. There are a number of options, RDP (still just a CLI), remote MMC consoles, PowerShell, WinRM/RS Because Server 2008 follows the secure by default standards these are all turned off and need to be enabled, again from the command line. Have no fear this video will ease the configuration :) Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be sure to grab the lab build...
|
-
|
Last week I posted two videos on configuring the server and client side for DHCP Based Network Access Protection. Over the next two weeks I'll be posting another set of videos on configuring Server Core. The first video is going to cover the OOBE or out of box experience. Server Core is like any other server out of the box, you need to configure IP address, join a domain, and add roles but if you have seen Server Core you know it is all command line. This video will take you through those steps and...
|
-
|
The other day I posted the first half of this video with the server side setup of NAP. This video will cover the client side setup and testing on both Windows Vista and Windows XP SP3. Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be sure to grab the lab build guide and demo scripts here!...
|
-
|
Server 2008 is out and one of the very cool features is NAP or Network Access Protection. This feature allow you to protect the internal network from threats. There is a nice entry on Wikipedia explaining NAP but the TLA way is to show you the quick steps to get it done. While I could write it out I figured video would be cool as well and since I had the videos from the Canadian Heroes Happen {Here} events I got real lazy and am posting those :) Over the next while I'll get up the rest of the videos...
|
-
|
Hello everyone, and a special hello to new TLA readers from TechEd. For readers that could not attend TechEd, (wish you were here!) I presented at TechEd's Demo Idol! The session was on the virtues of being a Lazy Admin. In the session I mentioned some great Microsoft products that really help LazyAdmins stay Lazy Admins. I wanted to post the links to those products, resources: Infrastructure Optimization: http://technet.microsoft.com/en-us/infrastructure/default.aspx There is also a site dedicated...
|
-
|
For all those going to TechEd 2008 in Orlando, it's your chance to meet a "real" Lazy Admin. I'll be in the hands on labs section at TechEd helping out! Don't hesitate to come on up and chat about the site, articles, or anything else that interests you! I'll blog about the experience and any cool stuff I see for those who couldn't make it. Keep an eye on your RSS feeds....
|
-
|
Quick post to let all you Lazy Admins out there that Windows Search 4.0 has been released. There is a long list improvements. I have been using the preview release for the past month, and I definitly have noticed performance benefits on my laptop. For those who haven't tried Windows Search, it's a Lazy Admin's best friend. The only downside is the search is so good, I forget where everything actually is located in Windows. Grab it here: http://support.microsoft.com/?kbid=940157 From the Microsoft...
|
-
|
A few weeks ago I posted about some of the tools Microsoft provides to help establish the costs and saving that deploying Vista can bring. One of the issues that I have is how do we get the numbers to fill in those forms; well MS has you covered there too. This tool is really useful. With the MS Assessment and Planning Solution Accelerator you can scan the computers in your network for information such as which OS and Service pack they are running, and if they are good candidates to upgrade to Vista....
|
-
|
We have all muttered the words "Where is <fill in the blank> when you need it?" A lot of times that blank is filled with the name of a SysInternals utility like Process Explorer or TCPView. Well never utter those words again thanks to http://live.sysinternals.com :) Here you will find a list of all the SysInternals tools ready to download. Or if you don't want to download it to all your PCs just run the command from a command line to the remote server and run the tools that way :) It takes...
|
-
|
I posted a few weeks ago about some Vista Springboard. Continuing that series of posts, I wanted to talk about the first part of Springboard program which is: Discover. Now I'm sure many of you have already "Discovered" Vista, I thought I had too, but the great thing about the springboard site is it concentrates a great deal of information into nice digestible categories. So as most readers have probably already discovered the technical aspects of Vista, I wanted to highlight some of the great tools...
|
|
|
|