Install and configure Windows Server Role
With Windows Server 2012 R2, it is necessary to install the Volume Activation Services role from the Server Manager console
Catégorie : WIndows Server
Install and configure Honolulu
What is Honolulu
Honolulu is a new way to manage servers. He consist in performing operations from a web interface instead of the different MMC consoles.
How Honolulu works
The Honolulu application works through a web browser. It is possible to manage servers Windows Server 2016, 2012 R2 and 2012. All of these servers are manage with an Honolulu gateway. It can be installed on a server running Windows Server 2016 or on a Windows 10 workstation. All operation is done through PowerShell and WMI over WinRM. It is possible to retrieve the source from the website below
Lire la suite de
Manage Universal APPS and Windows Servicing
SetupConfig.ini file
When creating a master Windows 10, it is common to remove part or all of universal apps Windows Update. During the update of 10 Windows Builds with WSUS or SCCM, previously deleted applications are installed again.
To avoid the problem, it is necessary to use the Setupconfig.ini file
Nano Server Image Builder
Nano Server Image Builder
With Windows Server 2016, Microsoft has implemented a new feature called Nano Server. Very light operating system, just a few mega bytes to make it work. This « mini operating system » allows to install roles such as HyperV, Server DNS, web server,…
He have no shell, no Internet explore so this images reduces the risk of attack as well as the number of patch to install. However creating a Nano Server image requires command line execution. To simplify this step Microsoft has made available tool Nano Server Image Builder that allows the creation of the image in a graphic way.
As a first step, it is necessary to download the Nano Server Image Builder tool. You can download it here.
Configure Subscriptions Events
Why set up a subscription ?
If you have computer in workgroup, it may be interesting to centralize events in the event logs. This allows to facilitate the analysis of different events log. The computer being in workgroup, we use authentication based on certificates. In order to secure exchange, we will proceed to the use of the HTTPS protocol.
Manage Workgroup Workstation
How to manage machines in a workgroup
If you have machines in a domain, it is easy to execute remote administration (through gpo, script,…). Regarding the positions in workgroup, the task turns out to be more complex. Indeed, the latter only contain their own GPOs and their account base.
Thus it is possible to use winrm to perform remote administration. In order to secure the communications betweens the two computers (or computer and server) it is possible to encrypt exchanges using the ssl Protocol.
Licensing Server 2016
Licensing Server 2016
Windows Server 2016 will consist of two editions as Windows Server 2012 and 2012 R2.
Standard Edition: Concerns them little or no virtualized environments
Datacenter editions: Used for private and hybrid cloud environments
Remote execution
Problem with remote execution
One of my customers wanted recently to run a remote administration using a local account. The firewall on the server was disabled and inactive UAC. However despite these operations, it was not possible for a local account (non-administrator) to perform the remote operation.
Lire la suite de
Manage local Account
Manage Local Account Password
An element that is rarely changed it’s the password of local accounts. It is common to put the same password for a local administrator on all workstations and servers. This has created an impact of a security breach.
It’s important to have a different password on each machine and server. Thus in case of a compromise of passwords, the other machines / servers are not impacted. However a regular change of password or managing a machine password can greatly complicate the daily administration.
Problem with Bitlocker
Problem Bitlocker
During a Bitlocker project at a customer I had a problem with the storage of bitlocker recovery key in Active Directory
After you set up group policy which configured the desktop and laptop client (store in AD the recovery key, use tpm,…), I launched the script which enabled BitLocker on the system partition or opther partition. The bitlocker has been actived and partition has crypted, however the recovery key was not stored in the Active Directory. After several tests, I realized that some partition encryption failed (error message when i try to initialize TPM chip) and this randomly.
The project consisted to encrypt partitions systems from a laptop computer to decrypt the partition using the TPM chip.