Welcome to Part 3 of my SQL 2008 R2 installation and lockdown series. The script below must be run in SQL Studio and is step #2 in my series introduction. It turns on SQL auditing and pipes it to the Windows security event log, renames the SA account, and then...
Although Microsoft tries to ship most products 'secure by default', there is almost always more you can do to lockdown a service. SQL 2008 R2 is no different. As much as possible I like to automate processes so they are repeatable, less prone to errors, and save time. To that...
This is the final part of my SQL 2008 R2 Secure and Automate your Installations series. The first two scripts, covered here, and here perform an unattended installation of SQL 2008 R2 and then modify some key SQL parameters. The final script to make all of this work is below....
Note: For my updated version for SQL Server 2012, see my new article here.Many of you probably do frequent SQL 2008 R2 installation. Be it in a development environment, or deployment in production environments. For years Microsoft has given people the ability to perform unattended installations of SQL. Starting with...
As a standard practice in the environment I support we use WMI filtering on GPOs to ensure a GPO only gets applied to the right operating system type. This can prevent accidents such as applying a client GPO to a server, or a GPO for Server 2003 to a Server...
If your organization is looking at deploying VDI (Virtual Desktop Infrastructure), I highly recommend you check out the VDI Smackdown report by PQR. It has a very lengthy and highly detailed feature comparison matrix of leading VDI solutions such as Citrix XenDesktop 4.0 SP1, Microsoft Server 2008 R2 Remote Desktop...
Recently the project I'm supporting is looking at RMS to provide information rights management (IRM) on some documents. Windows RMS provides two means to let users protect content. First, there is the ad hoc method that lets a user specify what protections they want to put on their content, and...
While journying down the whole cipher suite road this weekend, I put together a little one liner that reconfigures the cipher suite order that Windows will try and use. As I mentioned in a previous blog, you can configure this via GPO. But, maybe you want to build in the...
After many hours of digging around the Windows registry and experimenting with various keys to enable TLS 1.2 on Windows Server 2008 R2 and Windows 7 (see my blog post here), I found this free tool that gives you one click access to configuring your Windows Cipher Suites. The Harden...
Some industries, like Government, require the use of certain cryptography algorithms. One of the great features of Windows Server 2008 R2 and Windows 7 is the support for TLS 1.2Â ciphers. TLS 1.2 ciphers support AES-256 encryption with SHA-256 hashes. Unfortunately, Microsoft did not enable these protocols out of the box....
In some industries end point security is a significant concern, so organizations have been moving away from a traditional fat client to thin clients, and even to zero clients. Traditionally thin clients have some security and maintenance issues of their own. If they run Window Embedded you still need to...
A couple of weeks ago Citrix released Provisioning Services 5.6, which is a component of their XenDesktop 4.0 suite. Provisioning services is supported on Windows Server 2008 and Windows Server 2008 R2, however it does not automatically add firewall rules. In fact, when you configure provisioning services it tells you...