One of the new and long awaited features in IIS 7 is support for FTPS or FTP over SSL.  By default all FTP data is transfered in clear text, including the user name and password.  From a security point of view you can see this is a bad thing.  FTPS to the rescue!  Before you begin you will need to download and install FTP for ...

Typically hotfixes are released on the second Tuesday of each month as you are all well aware.  Occasionally, I can personally only remember three including this one, there are out of band hotfixes released.  While we don’t normally post hotfix release notifications considering this is an out of band release I wanted to let you all know ...

Here at the LazyAdmin we have talked quite a bit about using BitLocker with Windows Vista. With the introduction of Server 2008 you can now also leverage Bitlocker with your 2008 servers. This is particularly attractive when deploying Read Only Domain Controllers (RODC) to remote locations where physical security is questionable. One BitLocker ...

We have talked about enabling BitLocker Active Directory integration in a previous post now we will take a look at prepping your domain to implement this integration.  To take advantage of the several of the more compelling feature such as RODCs and Windows 2008 domain controllers we first need to extend the AD schema in our current ...

One of the nice things with RODCs is the ability to control cached credentials.  You can also pre-populate passwords for specific users, like a branch office user, in case the branch office connection goes down but this can be a security concern if that server gets stolen.  Server 2008 has a nice way of handling this so you can sleep ...

The other day I posted the first half of this video with the server side setup of NAP.  This video will cover the client side setup and testing on both Windows Vista and Windows XP SP3. Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be sure to grab the lab build guide and demo scripts ...

Server 2008 is out and one of the very cool features is NAP or Network Access Protection.  This feature allow you to protect the internal network from threats.  There is a nice entry on Wikipedia explaining NAP but the TLA way is to show you the quick steps to get it done.  While I could write it out I figured video would be cool as ...

With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new.  One thing you might be playing around with is Network Access Protection.  There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client ...

There are quite a few organizations that have their infrastrucutre running on Windows yet the web presence runs on Apache.  This site once ran on Apache as well but I used my Windows CA to create an SSL certificate for the server.  Someone asked me how to do this and here is how! On the Linux server open up a terminal and run the ...

Every once in a while Microsoft does something that causes admins all over to sigh FINALLY, Access Based Enumeration (ABE) is one such feature. New to Windows Server 2003 is the ability to install a small add-on that delivers what Novell and *Nix admins have had forever; the ability to hide files or folders that the user has no rights to access. ...

Encrypted File System (EFS) is a feature built into Windows 2000, XP and 2003 that allows users to securely encrypt files and folders. You can increase this level of security in Windows XP and 2003 by implementing a more secure encryption algorithm. By default, Windows 2000, XP and Server 2003 use the DESX algorithm to encrypt data in EFS. Windows ...

Encrypted File System (EFS) is a secure way to encrypt files and folders on your workstation (or server). EFS is pretty much uncrackable due to the way files are encrypted. EFS encryption keys are generated on the fly to encrypt the file. The File Encryption Key (FEK) is encrypted along with the EFS public key and is combined with the file adding ...

Windows Server 2003 Service Pack 1 includes a new feature called the Security Configuration Wizard. With this wizard you can reduce the attack surface of Microsoft Windows 2003 SP1 servers. The wizard probes the user for information to determine the functional requirements of a server based on the roles it is performing. Anything that is not ...

Windows Server 2003 SP1 includes a new feature called Remote Access Quarantine. With RAQ you can specify a set of requirements that VPN clients must meet before they are given access to the network. If the client does not meet the requirements you set out, they will be denied access to the network. With network administrators scrambling to ensure ...

There is a flaw in Windows that allows the ever famous malicous hacker to view the contents of your Clipboard by directing you to a specially crafted website. To clear your Clipboard when IE launches create a webpage with the following code.You can upload it to a website and use it as your home page, or you can save it to your C:\ drive and point ...