Category: Windows 7

Threats and Countermeasures Guide for Windows 7 and Server 2008 R2

Finally, Microsoft has released their Threats and Countermeasures guide for Windows 7 and Server 2008 R2. It is a very lengthy document going into gory details on hundreds of security settings, mostly covered by GPOs. It's a great resource for understanding WHY Microsoft recommends a certain setting, and understanding implications...

Windows Recovery Environment VMware Driver Injection

This post will show you how to configure Windows recovery environment VMware drivers. In a previous blog post here I described how to inject VMware pvscsi and VMNET3 mass storage drivers into your Windows Server 2008 or Windows 7 image. However, that did not cover injecting the same drivers into the...

Inject VMware drivers into Windows Install Discs

I like to perform unattended installations of my operating systems, like Windows Server 2008 R2 or Windows 7 using autounattend.xml so that requires that the image have the required drivers to recognize critical devices like mass storage hardware. One of the performance optimizations that I always include in our Windows...

How strong is your SSL? Sniff and find out!

Today a colleague of mine asked me if I really thought one could tell what cipher strength is used during SSL transactions. I said sure! Piece of cake if you know what to look for. Just like in the movie Matrix, if you stare at the cipher text long enough...

WMI GPO Filters for Operating System Types

As a standard practice in the environment I support we use WMI filtering on GPOs to ensure a GPO only gets applied to the right operating system type. This can prevent accidents such as applying a client GPO to a server, or a GPO for Server 2003 to a Server...

RMS Automatic Template Downloading on Windows 7

Recently the project I'm supporting is looking at RMS to provide information rights management (IRM) on some documents. Windows RMS provides two means to let users protect content. First, there is the ad hoc method that lets a user specify what protections they want to put on their content, and...

PowerShell command to change Windows Cipher Suite Order

While journying down the whole cipher suite road this weekend, I put together a little one liner that reconfigures the cipher suite order that Windows will try and use. As I mentioned in a previous blog, you can configure this via GPO. But, maybe you want to build in the...

Easily configure your Windows Cipher Suites!

After many hours of digging around the Windows registry and experimenting with various keys to enable TLS 1.2 on Windows Server 2008 R2 and Windows 7 (see my blog post here), I found this free tool that gives you one click access to configuring your Windows Cipher Suites. The Harden...

Enable TLS 1.2 Ciphers in IIS 7.5, Server 2008 R2, Windows 7

Some industries, like Government, require the use of certain cryptography algorithms. One of the great features of Windows Server 2008 R2 and Windows 7 is the support for TLS 1.2 ciphers. TLS 1.2 ciphers support AES-256 encryption with SHA-256 hashes. Unfortunately, Microsoft did not enable these protocols out of the box....

Page 1 of 2 1 2