0

Joys of Server 2012 R2 TLS Defaults in June 2022

Server 2012 R2 SSLLabs Report

Windows Server 2012 R2 was a great platform and was very widly adopted.  Unlike it’s less popular step-sister, Server 2012.  At least the R2 product had a start button, rather than the start pixel….

However, it really does show its age when viewed under a modern security lens.  Unsurprisingly, things have changed from a security perspective over the last decade. Not all of the Server 2012 R2 defaul… Read the rest “Joys of Server 2012 R2 TLS Defaults in June 2022”

0

Move FSMO Roles Using PowerShell

PowerShell FSMO Role

Rather than kicking it old school and using the classic tools such as AD Users & Computers (dsa.msc) to move FSMO roles, PowerShell makes it nice and easy to get this done rapidly.

In this example we are moving the roles gracefully, but there is also the -Force option.

 

State Of The Nation

To start with, let's confirm where the FSMO roles currently reside:

Using PowerShell To Check FSMO Role Holders

Note that server DC-1.wingtiptoys.ca… Read the rest “Move FSMO Roles Using PowerShell”

1

How To Request Certificate Without Using IIS or Exchange–Updated 2022

Back in the year 2014 the post How To Request Certificate Without Using IIS or Exchange was released to help create TLS certificates. One of the main use cases was Active Directory Federation Services (AD FS) as in 2014 it was pretty much a requirement for enterprise migration to Office 365.  Password Hash Sync (PHS) and Pass Through Authentication (PTA) were still a twinkle in a developer’s eye….

I… Read the rest “How To Request Certificate Without Using IIS or Exchange–Updated 2022”

0

Remote Desktop Connection Manager Download (RDCMan) 2.90

RDCMan 2.90

Welcome to 2022 and a new release of Remote Desktop Connection Manager (RDCMan) version 2.90!

The Sysinternals blog lists the following changes to RDCMan which are well worth reviewing from a security standpoint.

Receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.

RDCMan Version 2.90

Below you can see the Security Settings tab with these… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.90”

0

Change Certificate Friendly Name To Unique Value

Imagine that you have two certificates installed, but for whatever reason the same friendly name was used for both of them.  You can certainly identity each of them by comparing the valid from/valid to dates or the thumbprint.  That adds just a little extra overhead that you may not want to deal with.

As an alternative, you can modify the friendly name  to a more suitable value.  This allows you to… Read the rest “Change Certificate Friendly Name To Unique Value”

1

IIS SMTP Virtual Server Component No Longer Supported

IIS SMTP Component Not Supported

Please consider this a quick PSA (Public Service Announcement) as it is still common that I run into environments with the IIS SMTP service still running and processing mail.

While the component has had a long and interesting life, it is now unsupported as it is tied to the support lifecycle of Windows Server 2003.

For more details and information please see:

How to: Install and Configure SMTP VirtuaRead the rest “IIS SMTP Virtual Server Component No Longer Supported”

0

Updating to RDCMan 2.8

RDCMan 2.7 Version

Now that we have a new version of Remote Desktop Connection Manager (RDCMan), I wanted to list out some of my initial thoughts and upgrade experience as I did encounter  a couple of minor bumps.  Please add a comment if you are running into issues as well please.

Like many other administrators, I heavily used RDCMan 2.2 and 2.7 over the last 11 years.  This was my primary tool for managing a wide r… Read the rest “Updating to RDCMan 2.8”

1

Remote Desktop Connection Manager Download (RDCMan) 2.81

Finally we have good news for all fans of the Remote Desktop Connection Manager (RDCMan) tool!    It has risen from the ashes, and is now part of Sysinternals.

Over the years RDCMan built up a strong user base as it was a simple but powerful utility to manage connections to multiple machines.  Sure, if you have three or four servers to manage you can get by with saved .rdp files or use the Universa… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.81”

0

Create Azure Az VM Using Existing UnManaged VHD

The days change, but sometimes the issues stay the same.  This is a redux of an existing post where there was an issue back in 2016 when I was not able to easily re-create a VM in a different Availability Set.  As you can see in Create Azure RM VM Using Existing VHD – 250 Hello (rmilne.ca)  PowerShell was used to re-create the VM as it allowed all of the resources to be specified.

The original VM was… Read the rest “Create Azure Az VM Using Existing UnManaged VHD”

1

Azure Firewall Rule Not Working – Orange Triangle

The below is from a customer situation where an Azure Network Security Group (NSG) firewall rule entry was not working as they expected.  This was was created to allow RDP connectivity for some of their test servers.

However they were not able to connect to the server, and were being blocked by the NSG.

Ideally we do not want to allow RDP to our Azure VMs are there are more secure methods such as cliRead the rest “Azure Firewall Rule Not Working – Orange Triangle”