What is the optimal way to configure IIS to block direct IP access to the server? Direct IP access is only used by malicious scanners that will troll the entire internet by ip looking for vulnerable servers.
I stood up a server only yesterday that is not used anywhere on the internet, and already have '/MyAdmin/scripts/setup.php' was not found in my error logs.
Given a server's only role is to be a webserver, and the server is only for hosting dedicated applications there is no kind of collocation / user manageable websites.
Is there really any purpose to applicationHost.config settings of overrideModeDefault="Deny"?
Would there be any reasons that replacing all Deny with Allow would be a bad idea?
On Windows Firewall under an individual rule the scope tab allows you to define which ips are subject to the rule. One of the built in options is "Local subnet".
How can you add an additional subnet to this for windows to understand it is a trusted network segment?
My question directly pertains to what windows (or domain) settings can be applied to add subnets directly to that predefined group "local subnet"
I can't seem to be able to have multiple administrators connect to Windows Server 2008 R2 Standard. Each time a different administrator logs in, it takes the current session away from the user and gives it to them and boots the original user from the server.
I've also tried connecting 1 instance normally and a 2nd with the /admin flag on remote desktop and that didn't matter either.
I have 2 Hyper-V servers one Windows Server 2008 and one Windows Server 2008 R2. I moved a VM from the 2008 box to the 2008 R2, with the 2008 on domain X and the 2008 R2 on domain y.
When the migration finished I was left with this batch of warning messages
Warning (11010) The Network location New Network Location (192.168.200.) associated with the virtual machine STAGING does not exist on host 2008R2.
Recommended Action Select a different host and then try operation again.
Warning (1237) The Virtual Network 2008 associated with the virtual machine STAGING does not exist on host 2008R2
VMM cannot enable or disable the MAC addresses spoofing or VM network optimization settings because the Virtual Network Adapter associated with virtual machine STAGING is not connected to a virtual network.
Recommended Action Connect the virtual network adapter to a virtual network, and then try the operation again.
Warning (10696) The host network adapter does not support the specified virtual network adapter configuration.
Recommended Action Select a host network adapter that supports this configuration.
The strange thing is I seem to have no actual networking issues in the sense I have no problem accessing the box over RDC directly or via HTTP.
What exactly do these messages want me to fix?
Is it possible to have a machine that is a Hyper-V server, be able to directly boot from cold start into the VM from the native hardware the machine runs on?
A non-virutalized server is available in addition to the described Hyper-V host.
All machines are running Windows Server 2008 R2 x64. The VM is Windows 7 Enterprise x64.
I can't figure out how to shrink a VHD using Microsoft System Center Virtual Machine Manager 2008 R2. Viewing the article Shrink your VHD size seems like this would be simple to do. However I don't see any of those check boxes that article shows.
The article does mention that all check points need deleted first, I have followed that information and deleted the check points.
Here's what I see 
Are *.domain.com wild card SSL certificates expected to or required to only be used by 1 IP?
Such that
site1.domain.com is on ServerX
and
site2.domain.com is on ServerY
where both servers have unique ip addresses. Is this valid to share the *.domain.com certificate across these servers?
Will the IIS Application Warm Up Module work on IIS 7.0?
If a web application called for itself to be setup with it's application pool to be configured in the applicationHost.config as:
<add name="AppPool" managedRuntimeVersion="v4.0" startMode="AlwaysRunning" />
Would the same result be achieved by just requesting a page from the server every minute? Or does setting startMode to this value have other implications also?
I have a Windows 7 Enterprise x64 machine both at work and at home for some reason the UAC dialog windows like to pop UNDER all of my windows instead of on top of everything, is this a bug? It's not consistent whether it will pop over or pop under.
I can't seem to find any way to connect to a remote IIS instance with my local INETMGR on my Windows 7 machine. It shows my settings for my local IIS and everything I've tried from clicking various places on the connections panel, changing the address in the address bar and checking the various menubar menus none seem to offer connect to another machine.
I'm head of the IT department at the small business I work for, however I am primarily a software architect and all of my system administration experience and knowledge is ancillary to software development. At some point this year or next we will be looking at upgrading our workstation environment to a uniform Windows 7 / Office 2010 environment as opposed to the hodge podge collection of various OEM licensed editions of software that are on each different machine.
It occurred to me that it is probably possible to forgo upgrading each workstation and instead have it be a dumb terminal to access a virutalization server and have their entire virtual workstation hosted on the server.
Now I know basically anything is possible but is this a feasible solution for a small business (25-50 work stations)? Assuming that this is feasible, what type of rough guidelines exist for calculating the required server resources needed for this.
How exactly do solutions handle a user accessing their VM, do they log on normally to their physical workstation and then use remote desktop to access their VM, or is it usually done with a client piece of software to negotiate this?
What types of software available for administering and monitoring these VM's, can this functionality be achieved out of box with Microsoft Server 2008? I'm mostly interested in these questions relating to Server 2008 with Hyper-V but fell free to offer insight with VMware's product line up, especially if there's any compelling reasons to choose them over Hyper-V in a Microsoft shop.
Edit: Just to add some more information on implementation goals would be to upgrade our platform from a Win2k3 / XP environment to a full Windows 2008 / Win7 platform without having to perform any of that associated work with our each differently configured workstation.
Also could anyone offer any realistic guidelines for how big of hardware is needed to support 25-50 workstations virtually? The majority the workstations do nothing except Office, Outlook and web. The only high demand workstations are the development workstations which would keep everything local.
What would be some of the best options for implementing TrueCrypt on all external devices so if any are lost or stolen that the data is not readable to another person but could be managed in a way that users wouldn't accidentally forget their entire hard hard drive by losing an encryption key?
Each machine and user doesn't necessarily need to be encrypted from each other, however if that would be manageable obviously the more security is better always.
This would be for a Windows domain that is primarily Windows XP / Server 2003. However there are future plans to migrate to Windows 7 and Server 2008.
How would you script the install for Active Directory?
What are the best practices to configure a mail server to have your mail recognized as legitimate non spam messages? Is it to use Domain Keys, Sender ID, Sender Policy Framework, some or all 3 of these together?
Is there a way I can set a global policy to turn off advanced text services so I can stop having to click this checkbox 8 million times?
Client base is all Windows XP and the domain controller is Windows Server 2003.
What is PERC6i? I understand that it's a type of hard drive or raid controller, what makes it special or is it just a brandname controller?
Continuing on with my series of beginning system administration questions currently this is what I have to work with:
Dual processor 3 GHz Xeon 64-bit single core, 4 GB RAM server
Single processor dual-core 3 GHz Xeon 64-bit, 1 GB RAM server
As my role is truly software development with system administration being a sub-role, as I was adding these services I really started to realize how cramped the primary server was becoming. Especially when I found out that Team Foundation Server won't even allow itself to be installed on a Domain Controller.
At this point I really started to look into Hyper-V and virtualization. However, I'm not really sure which way would be the best to allocate the machines if I go down the virutalization route. Should I upgrade the RAM on both servers and virtualize everything?
If I go that route does it become that much of an issue for cold starts for the Domain Controllers to be virtual?
If I make one of the virtual machines handle VPN as well, does that increase the security risk to the domain since the machine would house other virtual machines also? Along this question also, what is deemed acceptable to have installed for a network on an externally facing server?
Finally what level of separation becomes more overhead than beneficial? Would it be worthwhile to have each main server role in its own VM?
This is a follow up to my last post: Sysadmin: Where to Start? on a more specific point.
As I stated I was recently hired at a company to lead software development and as a smaller portion of that role handle the IT side of my company. Currently software is rather randomly situated around machines as the majority of it was just all purchased as installed software on our Dell machines.
Beyond that the only type of cataloging of it includes an excel file with machine service tags / windows keys and maybe office keys. Install disks / licensing information may have a users first name written on it but that's the most on the physical disks.
What type of better solutions for managing this are there available? Obviously the most basic start would be to truly ID the machines, disks and users to atleast have a much stronger tracking catalog which I will most likely write up as a small intranet web app.
One of things I'd really like to have available to me soon would be a ready made system image of the work stations that I can roll it out quickly instead of having to manually reinstall everything if a machine becomes corrupted however I have no idea how I would deal with licensing since if the keys were embedded into the image every machine would share the same key and fail activation I assume?
Currently the main software I have available to me is Windows Server 2003 Standard setup with Active Directory / Domain account usage.
Hopefully this won't get closed as too vague or too duplicative but here goes anyway...
I recently started work with a small company (25~ people). First up front is I am a developer and brought in to really start providing them with strategic business applications / website development. Obviously being the first nonfreelance developer to be included with this company I am also given the generic IT/sysadmin roles also.
Currently there are only 2 servers in the office 1 being a file server / dns server / domain controller and the 2nd being a VPN server. Our website and databases are hosted by 3rd parties. Eventually on my list will be moving to a dedicated server since it seems that it wouldn't be worth the cost of routing to have any big bandwidth to this building (besides there no real server room in our offices anyway.) Also on the list will be the addition of a couple more servers to provide development, testing and staging environments as the software evolves that it's needed.
There is already atleast the basis of disaster recovery implemented with automated backups and a DAT storage system for archiving backups. All of the desktop machines are wired into the primary server with active directory however all machines still use local storage and various random software across the machines.
I assume the best starting point is to work on creating network profiles so in the event of a client machine failure there is no data loss. My other thoughts are on creating a system image that has WinXP Sp3, Office, etc all sliced and fully upgraded in it so machine provisioning can be done much easier. I'm not sure how licensing/CD keys come into play with that route though.
What type of tools or knowledge sources would offer me alot of aid in these directions or what other ideas do you all have?