Windows 10 Modern Desktop PoC

windows-10-logo.png

 

onenote-icon-logo1 Overview  (Web view)

 

 

 

Windows 10 Modern Desktop PoC
Go to this Sway
Advertisements
Posted in elearning, Microsoft, windows 10 | Leave a comment

Microsoft Certified Trainer 2018-2019

http://mct.robertgabos.com

mct-badge-2018-2019
Microsoft Certified Trainer 2018-2019
Go to this Sway

 

Posted in IT-CERTS, Microsoft | Leave a comment

Active Directory Replication Troubleshooting Tools

Posted in Active Directory, elearning, Microsoft, Windows Server | Leave a comment

IIS Security SSL TLS Windows OS schannel protocol settings

Here is a collection of IIS Security related documents related to the SSL TLS updates in Windows.

The settings below will enforce TLS 1.1 and 1.2 for Windows Server 2008 SP2 all the way till Win10 and Server 2016

It will change the default behaviour for versions older then Windows 10.

The new changes are presented in this chart.

Windows OS

SSLv2

SSLv3

TLS 1.0

TLS 1.1

TLS 1.2

Windows Server 2008

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 7 (WS2008 R2)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 8 (WS2012)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 8.1 (WS2012 R2)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 10

Disabled

Disabled

Disabled

Enabled

Enabled

Windows Server 2016

Not Supported

Disabled

Disabled

Enabled

Enabled

The PowerShell cmdlet to use in this case for working with the Registry keys is New-ItemProperty

# enable TLS 1.2 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# enable TLS 1.1 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# disable TLS 1.0 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” -name “Enabled” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” -name “Enabled” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# disable SSL 3.0

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server” -name Enabled -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client” -name Enabled -value 0 -PropertyType “DWord”

# disable SSL 2.0

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” -name Enabled -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client” -name Enabled -value 0 -PropertyType “DWord”

Before enforcing the settings via the Registry keys, the default settings are shown in these tables.

Windows OS

SSLv2

SSLv3

TLS 1.0

TLS 1.1

TLS 1.2

Windows Vista

Enabled

Enabled

Default

Not Supported

Not Supported

Windows Server 2008

Enabled

Enabled

Default

Disabled

Disabled

Windows 7 (WS2008 R2)

Enabled

Enabled

Default

Disabled

Disabled

Windows 8 (WS2012)

Disabled

Enabled

Enabled

Enabled

Default

Windows 8.1 (WS2012 R2)

Disabled

Enabled

Enabled

Enabled

Default

Windows 10

Disabled

Enabled

Enabled

Enabled

Default

Windows Server 2016

Not Supported

Disabled

Enabled

Enabled

Default

TLS 1.0 Client TLS 1.0 Server TLS 1.1 Client TLS 1.1 Server TLS 1.2 Client TLS 1.2 Server
Windows Vista/Windows Server 2008 Enabled Enabled Not supported Not supported Not supported Not supported
Windows Server 2008 with Service Pack 2 (SP2) Enabled Enabled Disabled Disabled Disabled Disabled
Windows 7/Windows Server 2008 R2 Enabled Enabled Disabled Disabled Disabled Disabled
Windows 8/Windows Server 2012 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 8.1/Windows Server 2012 R2 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1507 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1511 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1607/Windows Server 2016 Standard Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1703 Enabled Enabled Enabled Enabled Enabled Enabled
Windows OS PCT 1.0 SSL2 Client SSL2 Server SSL3 Client SSL3 Server
Windows Vista/Windows Server 2008 Not supported Disabled Enabled Enabled Enabled
Windows Server 2008 with SP2 Not supported Disabled Enabled Enabled Enabled
Windows 7/Windows Server 2008 R2 Not supported Disabled Enabled Enabled Enabled
Windows 8/Windows Server 2012 Not supported Disabled Disabled Enabled Enabled
Windows 8.1/Windows Server 2012 R2 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1507 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1511 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1607/Windows Server 2016 Standard Not supported Not supported Not supported Disabled Disabled
Windows 10, version 1703 Not supported Not supported Not supported Disabled Disabled

For older versions of Windows these updates need to be installed.

For Windows 7, Windows Server 2008 R2
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

For Windows Server 2008 SP2
https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

Update install files for Win2008SP2
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019276

Update install files for Win7 and 2008R2
http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3140245

A good best practice article from the Exchange server team shows examples of TLS settings, https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

Also a big change for Office 365 later this year will be related to TLS 1.2

Preparing for the mandatory use of TLS 1.2 in Office 365
https://support.microsoft.com/en-ca/help/4057306/preparing-for-tls-1-2-in-office-365

For logging this exact information in IIS servers. The best way I found so far is via this new option using the Custom logging field.

https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/

New IIS functionality to help identify weak TLS usage
https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

** As a best practice it has been suggested to disable SSL 3.0 on client systems first, to gauge usage and report compatibility problems before making the same changes on the servers.

Using Internet Explorer, there are Group Policy settings available to push these type of security compliance settings out to clients.

Tools that can be used to built templates are Microsoft Security Compliance Manager and the Security Compliance Toolkit

  • Microsoft KB reference articles

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
https://support.microsoft.com/en-ca/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

Protocols in TLS/SSL (Schannel SSP)
https://msdn.microsoft.com/library/windows/desktop/mt808159.aspx

Transport Layer Security (TLS) registry settings
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

TLS/SSL Settings
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)

TLS 1.2 support at Microsoft
https://cloudblogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/

Exchange TLS & SSL Best Practices
https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

  • Related Online Resources

IIS Cipher Suites and TLS Configuration
https://gist.github.com/jasonnemesis/ecd2071ec97d7ef4b4f5435633ff2671#file-iis_cipher_suites_and_tls_config-md

Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2
https://gist.github.com/matejskubic/10268126

 Latest content available on OneNote


Posted in Windows Server, Microsoft | Tagged , , , , , , , , , | Leave a comment

Windows Server 2016 Upgrades Migrations Enterprise Modernization

WinServer2016-logo1

This is a large collection of resources and materials related to Windows Server 2016 upgrades and migrations.

  • Join the Windows Server Summit
  • Join us on Tuesday, June 26, 2018 for a virtual experience to learn tips and tricks for modernizing your infrastructure and applications—regardless of whether you’re running Windows Server on-premises or in the cloud.
    • Enterprise Modernization
  • Cloud Infrastructure and Management Practice Accelerators – Modernization and Migration
  • https://www.microsoftpartnerserverandcloud.com/Pages/CloudInfrastructureandManagementPracticeAccelerators5.aspx
  • Modernization and Migration
  • Enterprise Modernization is a collection of guides to help accelerate Cloud Adoption, though assessment and migration of servers to Microsoft Azure, as well as moving workloads from Windows Server 2003 to a Modern Windows Platform. In addition, this material can be used to protect workloads using Azure Site Recovery (ASR).
  • Business events that trigger opportunities to modernize are:
  • Key Highlights: Guidance for modernization, migration and protection of workloads.
  • Audience: Partner Consultants and Technical Decision Makers.
  • When to use: During consulting practice to modernize, migrate and protect workloads.
  • Outcome: Migration and protection acceleration with prescriptive guidance.
  • The following IP guides are available:
  • Download and get familiar with the engagement guidance, tools, and collateral:
  • Enterprise Modernization – BDM Customer Deck
  • Use this deck to drive meaningful discussion, with a BDM audience, around Enterprise Modernization, and create demand for the Enterprise Modernization solution with the customer ultimately attending the Cloud Adoption Framework workshop.
  • Enterprise Modernization – TDM Customer Deck
  • Use this deck to drive meaningful discussion, with a TDM audience, around Enterprise Modernization, and create demand for the Enterprise Modernization solution with the customer ultimately attending the Cloud Adoption Framework workshop.
  • Cloud Adoption Framework
  • The Cloud Adoption Framework Workshop is designed to be ideal for pre-sales engagements where customer cloud opportunities need to be uncovered and adoption accelerated. Through a co-creation style workshop, we jointly develop the customer’s cloud adoption goals, desired outcomes and create an adoption plan. This ideation exercise, accomplished in a co-creation fashion, provides the customer with ownership of the output and clearly positions Microsoft as a strategic partner.
  • Download and get familiar with the Technical Product Delivery collaterals:
  • ASM to ARM Scenario Guides
  • Guides for migration from ASM to ARM scenario.
  • Migration and BCDR Scenario Guides
  • Guide for migrating and protecting Active Directory.
  • Modernization Delivery Process Workflows
  • Process workflows that help decision making.
  • Microsoft Application and Planning (MAP) Toolkit
  • Can be used to inventory IT environments for various platform migrations—including Windows 8.1, Windows 7, Windows 10, Office 2013, Office 2010, Office 365, Windows Server 2012 and Windows 2012 R2, SQL Server 2014, SQL Server 2016.
    • Technical Journeys
  • Start your technical journey
  • Get personalized technical guidance that will help your team grow your business capabilities.
  • Application innovation
  • Get everything you need to develop, maintain, and market the intelligent applications customers want.
  • Get started
  • Cloud infrastructure and management
  • Develop the hybrid cloud capabilities you need to innovate faster and with optimal control and security.
  • Find out more
  • Cloud voice
  • Explore intelligent communications with Skype’s back-end infrastructure supporting enterprise-grade voice, video, and meetings.
  • See details
  • Collaboration
  • Learn how adding a collaboration practice can boost your customers’ productivity––and your bottom line.
  • Start collaborating
  • Business applications
  • Transform your customers’ businesses––and accelerate your own––with help from Microsoft.
  • Start transforming
  • Data and AI
  • Help companies reimagine business processes, make decisions faster, and personalize customer experiences.
  • Start now
  • Modern desktop
  • Microsoft 365 is empowering partners to modernize their customers’ environments.
  • Learn more

 

Latest online version of this document linked below

Posted in elearning, Microsoft, Windows Server | Leave a comment

Office 365 Dev Program 1 year FREE and extra Microsoft FastTrack sandbox tenant

Here is a screenshot guide for how to setup a free Office 365 dev subscription for 1 year.

Also, instructions for using the dev tenant to access Sandbox and Training documents from Microsoft FastTrack.

The 3-important links to start the process.

· http://dev.office.com/devprogram

· https://aka.ms/o365devprogramsetup

· https://aka.ms/o365devprogramdevenvironment

· Signup and JOIN

clip_image002

clip_image004

· Set up subscription

clip_image006

clip_image008

· Setup subscription

clip_image010

clip_image012

· Check for Office 365 Welcome email

clip_image014

· Assign Products & Office 365 license to the logged on user

clip_image016

· Open the Admin Center and open Active Users

clip_image018

· Select the user and add Product licenses

clip_image020

· Verify that the Office 365 home page portal shows all new Apps

clip_image022

After the Office 365 developer account is licensed and Outlook emails work, go to the Microsoft FastTrack website.

https://fasttrack.microsoft.com

· Sign In to FastTrack

clip_image024

· Accept the login access permissions

clip_image025

· Register the name and email of the Office 365 developer account

clip_image027

· Welcome to FastTrack

clip_image029

· Start a new plan

clip_image031

· Create A Success Plan

clip_image033

· Plan Scope

clip_image035

· Timelines

clip_image037

· Contacts

clip_image039

· Manage Contacts

clip_image041

· Assign Contact

clip_image043

· Save & Finish

clip_image044

clip_image046

· Training Resources (optional resources)

clip_image048

· Dashboard and Getting Started

clip_image050

· Get Sandbox

clip_image052

· Check email for Username & Password

clip_image054

· Sandbox Contoso Home Page on SharePoint Online

clip_image056

 

  • Additional resources and references

· Join the Office 365 Developer Program
https://docs.microsoft.com/en-us/office/developer-program/office-365-developer-program

· Set up an Office 365 developer subscription
https://docs.microsoft.com/en-us/office/developer-program/office-365-developer-program-get-started

· The FastTrack Process
https://technet.microsoft.com/en-us/library/mt651703.aspx

· O365 ​Engagement – Office 365 FastTrack Planning
https://planningservices.partners.extranet.microsoft.com/en/O365/Pages/Office-365-Planning.aspx

· FastTrack Guides

FastTrack User Guide

FastTrack Customer Documentation

Customer Quick Reference

Posted in elearning, Microsoft, Office 365 | Leave a comment

Microsoft Azure Exam Training

ms-openedx

Overview  (Web view)

AZURE

Configuring and Operating Azure Stack ( exam 70-537 )

Microsoft Azure Identity

Azure Security and Compliance

Automating Azure Workloads

Microsoft Azure Virtual Machines

 

 

Exam Ref 70-535 Architecting Microsoft Azure Solutions

 

 

https://www.lynda.com/player/embed/684103?fs=3&w=560&h=315&ps=paused&utm_medium=referral&utm_source=embed+video&utm_campaign=ldc-website&utm_content=vid-684103Exam 70-535: Architecting Microsoft Azure Solutions First Look by Sharon Bennett

 

 

 

MORE @

Azure Cloud Solutions (blog post)

Posted in Azure, elearning, Microsoft, Microsoft Virtual Academy | Leave a comment