$cmd=“xcopy c:1.txt c:temp1.txt /A”
$process = [WMIClass]“\$serverROOTcimv2:Win32_Process”
#$process.psbase.Scope.Options.Impersonation = [System.Management.ImpersonationLevel]::Impersonate
#$process.psbase.Scope.Options.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy
# get process id and returnValue
This article contains tips, tricks and steps to use Security Configuration wizard (SCW) included in Windows Server 2008. I was recently working on locking down Windows Server 2008 with IIS. By default, Windows Server 2008 is more locked down than any previous Microsoft server OS. (PS: So is IIS). I wasn’t sure where to begin. I have used SCW in previous operating systems; I figured that would be a good place to start. I quickly discovered Microsoft has done an excellent job with SCW, it’s easy to use, creates xml files that can be edited for later use and / or turned into a GPO (Group Policy Object). Probably the most flexible thing I discovered you can run SCW, save your settings and not apply the policy. The GPO option really captured my attention! You may wonder why the GPO option is so awesome? You can setup your custom policy and then apply to OU’s containing targeted machines, such as internet-facing servers. This technique provides a consistent policy across all your machines. My post isn’t meant to cover group policy, for more information check out this article.To get started, I created a model machine which included all the necessary IIS modules. I executed the steps below, then used scwcmd (command line version of SCW) to ‘transform’ the XML file to a GPO. One thing to be aware the user account that executes scwcmd needs to have permissions to create GPO’s, which are stored on an Active Directory (AD) domain controller. I HIGHLY recommend doing this in a controlled / test environment before implementing in production. Also, if you are not in control of your AD environment, get with your AD tech’s to have them grant permissions.
A few tips I recommend, you perform this in a isolated environment using a virtual machine. You can use Virtual PC, VMware Server or Hyper-V. When I applied the policy, the Terminal Services service was disabled preventing me from accessing the machine remotely. The first time I ran the process, “I said, what the heck”, I’ll apply the policy. Luckily the machine was a VMware VM. 🙂 Other settings that were captured were firewall rules. Things like the Server service (which was recently exploited and a patch was released) and blocking normal Microsoft ports (135,137,138,139,445). For internet facing servers, I would think there aren’t too many reasons to have these ports open. If you do need the ports open, you can set your Windows Firewall rules to only allow certain machines, for example your NAS / SAN connections where the content files reside. In conclusion, Microsoft has provided a tool to help lockdown Windows Server 2008. I hope you find this article useful. Here are more articles that discuss using SCW.
Here are the steps to run SCW.
Microsoft MVP – IIS
Nazim from the IIS team has posted a detailed read on the Token Kidnapping in Windows.
It’s definitely worth reading if you are responsible for locking down machines.
I’ve been recently trying to get more in-depth regarding Powershell and the IIS provider. Here are some articles along with the download link.
‘Over 10 articles on Powershell and the IIS Provider.
‘Powershell Provider CTP 2
“Accept it, Powershell is the WAY of the command line future for Windows, accept it and go forward!”
I received an announcement from Softpedia.com. IISLogs is certified to not have any adware and passed their strict security tests. We are excited to receive this recognition.
“IISLogs, one of your products, has been added to Softpedia’s database of software programs for the Windows operating system. It is featured with adescription text, screenshots, download links and technical details on this page:
IISLogs” has been tested in the Softpedia labs using several industry-leading security solutions and found to be completely clean of adware/spyware components. We are impressed with the quality of your product and encourage you to keep these high standards in the future. To assure our visitors that IISLogs is clean, we have ted it with the “100% CLEAN” Softpedia award. To let your users know about this certification, you may display this award on your website, on software boxes or inside your product.
More information about your product’s certification and the award is available on this page:
More information about IISLogs is at www.iislogs.com
Microsoft MVP – IIS.
This is one of the more interesting projects I’ve seen come out of the IIS team in a while. Here is more information.