When you get started with Amazon Web Services (AWS) one thing to do early is secure access to the web console. Rather than manage another set of user accounts you can reuse your corporate directory (Microsoft Active Directory) to login to the AWS console. You use AD Federation Services to do this. Also, if you keep your ADFS server internal, then your AWS console is not accessible from the public Internet.
Update to previous post on older BES version ( “Test intranet access from Blackberry and other mobile platforms”). For BES12 create a krb5.conf file and upload to the “Single-sign on” profile (obv. switch mycompany.com to your own FQDN. And specify the FQDNs for one or more domain controllers. This has been case sensitive in the past.)``` [libdefaults] default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 des3-cbc-sha rc4-hmac default_realm = MYCOMPANY.COM [realms] MYCOMPANY.COM = { kdc = tcp/DC1.
My head in the clouds as usual. Today I passed the AWS Certified Solutions Architect - Associate exam. I used Ryan Kroonenburn’s course on Udemy to skill up. I recommend it: Udemy - AWS Certified Solutions Architect associate by Ryan Kroonenburn
Update: Ryan quit Udemy’s platform and setup his own by founding https://www.ACloudGuru.com
Came across this amazing body of work. These guys (a group of System Centre consultants) spent 100 days on automation tools across Windows and Linux and also AWS and Azure cloud services.
PowerShell DSC – from Basic to Advanced Cross-Platform Management and DevOps with DSC and Chef Package Deployment Azure PaaS (Cloud Services, Websites and SQL) for IT Pros Source Control and Unit Testing Integration and Automation for IT Pros (TFS, VSO and GIT) System Center and DevOps Amazon EC2 and PowerShell Well written, concise, high level overviews to wet your appetite.
Some PowerShell to configure Nic Teaming on Windows Server 2012. Note: pick teaming mode and load balancing algorithm to suit your networking environment. The config below is for two NICs going to independent switches in active-passive mode (no LACP). Also note that the order Windows discovers and labels NICs may not match your hardware vendor’s labelling at the back of the server.
# Check current state of NICs and do teaming if (get-netLbfoTeam) {write-host "Nic Team already exists"} else { write-host "Renaming NICs" #Rename Ethernet & Ethernet2 to Nic1 & Nic2 etc $nicIndex=1 get-netAdapter | ForEach-Object { $\_ | Rename-NetAdapter -NewName "Nic$nicIndex" ; $nicIndex++} #Create team for Nic1,2 write-host "Teaming Nic1 and Nic2" $team = new-netlbfoteam -name NicTeam -teammembers Nic1,Nic2 -TeamingMode **SwitchIndependent** -loadBalancingAlgorithm **TransportPorts** -Confirm:$false #Configure NIC2 as standby write-host "Configuring Nic2 as standby" Set-NetLbfoTeamMember -Name "Nic2" -AdministrativeMode Standby # loop until this NIC team is up while ($team.
Hide Select a location for the network When you deploy Windows 7 you get a prompt: “Select a location for the network”. Laptop users also see this when they connect to a new network or WIFI service. You must pick the local network type. This helps Windows firewall decide if the local network is trusted (Private) or untrusted (Public). Rather than leave this as a manual choice for PC deployment staff and laptop users, you can automate this.
You don’t need your machines talking to each other via NetBIOS over TCP/IP.
Turn this off to cut down on network chatter and reduce your attack surface. The following PowerShell is useful as step during OS deployment (one-off config), or as a Group Policy startup script (every boot). # disable NetBIOS over TCP/IP on new adapter (legacy protocol not required) $NETBIOS_DISABLED=2 Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" | ForEach-Object { $_.
TL;DR Make RDP better on Win7. Enable UDP support with this update.
Add support for RDP 8.1 to Windows 7. Both an updated RDP client (useful when connecting to Windows Server 2012) and updates for the terminal server service. http://blogs.msdn.com/b/rds/archive/2013/11/12/remote-desktop-protocol-8-1-update-for-windows-7-sp1-released-to-web.aspx There are quite a few hotfix prerequisites that took a while to install. I found it quicker to extract the cab files from within the MSU hotfix files (used 7zip) and install using dism.
If you have proxy servers between your staff and the public internet, and you’re configuring the proxy server name/IP and port in web browsers then
CUT THAT OUT RIGHT NOW!
Your web browsers can find your proxy servers automatically (with a little help….)
What is Web Proxy Autodiscovery Protocol (WPAD)? The Web Proxy Autodiscovery Protocol (WPAD) is a method used by web clients (IE, Firefox, Chrome, Winodws) to locate an internet proxy automatically.
In the bad old days Windows would install in user friendly, super accessible mode. You’d then run scripts to lock it down, improving security permissions on registry keys, files and folders, reg tweaks, and potentially break stuff too. There were lots of security guides around. I’d use these NSA guides and tips from McGraw Hill’s Hacking Exposed. Now days Windows comes secure out of the box and you install roles before it’ll do anything.
