WindowsServer

Server 2016 – How to display Defender GUI

With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.

Windows Defender GUI

Windows Defender GUI

Let’s see how to activate or disable the Windows Defender Graphical interface:

Continue reading

WindowsServer

Server 2012 – Customize Access Denied on shared folder

If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.

Access Denied Custom Message

Access Denied Custom Message

Access-Denied Assistance can be useful if you want to simplify the process to grant  folder permissions to users. Sometime, the user does not know the full path, neither rights needed.

With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.

Let’s see how to do that with Server 2012 R2.

Continue reading

WindowsServer

Server 2012 – Deny file extensions on shared folders

If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.

Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).

File Server Resource Manager FSRM

File Server Resource Manager FSRM

In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.

Continue reading

Windows 8.1

Security – Local Administrator Password Solution LAPS

Since Windows Server 2008, we can use Group Policy Preferences to set a password for Local Administrator on all workstations in an OU. In May 2014, Microsoft released a patch to remove this feature. KB2962486

In fact, the password was stored insecurely. It was crypted using a key which is now public MSDN. This is a security leak, password are sent in “clear” and several time by day, using GPO application. If KB2928120 is installed on your system, you can’t no more use GPO to define password for:

  • Drive Maps.
  • Local Users.
  • Scheduled Tasks.
  • Services.
  • Data Sources.

With the Security patch, Microsoft provided a Powershell script to change local password remotely.

Since few days, Microsoft released a new tool: Local Administrator Password Solution (LAPS). With this tool, computers are able to randomly change password for local administrator and store it in Active Directory attribute.

Continue reading