Windows server 2012

All posts tagged Windows server 2012

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsary to install URLscan.

urlscan1

 

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

urlscan2

 

Click on Install. You are shown a review of components you selected to install. Click on I accept.

urlscan3

 

The components are installed and will show you a Finish screen. Click on Finish.

urlscan4

 

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

urlscan5

 

The installation is very quick. Once it finishes,click on “Finish”.

urlscan6

 

 

Now open IIS Manager. Click on ISAPI filters.

urlscan7

 

If everything went well, we should see a filter already set like below.

urlscan8

 

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan9

 

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

urlscan10

 

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

urlscan11

 

Now let’s again try to bannergrab using Idserve.  Restart the web server.

urlscan12

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

We can easily install a web server in Windows Server 2012 using Microsoft Web Platform Installer. The Microsoft Web Platform Installer (Web PI) is a simple tool that installs the latest components of the Microsoft Web Platform including IIS, PHP, MYSQL and many others. It can be downloaded for free from here. In this tut we will install IIS, PHP and MYSQL using this tool.

Download and install Web Platform installer 4.6. Click on it.

webpi1

 

Select the components you want to install. I have selected IIS, PHP and MYSQL.

webpi2

webpi3

 

webpi4

 

After selecting the applications you want to install, click on “Install”. If you have selected MYSQL, it will prompt for a password to be set for MYSQL. Enter the password and click on “Continue”.

webpi5

 

It will display a summary of components which will be installed. Click on “I Accept”.

webpi6

 

After system finishes installing all the components, click on “Finish”. After the installation is finished, open your browser and see whether IIS8 installation has been successful. If the display shows the version of IIS displayed as below, then our web server installation has been  successful.

webpi7

 

Now let’s test our php. Go to the root directory which is “%systemroot%/inetpub/root” in IIS and create a php file with the following script and save it as version.php ( in fact any name but with php extension. )

webpi8

 

Now go to address “http://localhost/version.php” from the browser.

webpi9

 

If it displays the version of the php installed, then our php installation has been successful. Hope this was helpful.

Apache is the most popular web server but Microsoft’s IIS  is fast gathering  pace. IIS 8  has introduced many popular features to the  Microsoft web server  to bring its competitive level on par with its counterparts. IIS 8 is only present in Windows Server 2012 and Windows 8. Today let’s see how to set up a web server in Windows Server 2012.

Open Server Manager, on the Local server click on “Add Roles and Features”.

wsws1

 

The Add Roles and Features wizard appears. with a default warnings page. Click on “Next”. 

wsws2

 

On the Installation type page, Select “Role based or Feature based selection” and click on “Next”.

wsws3

On the Server Selection page, Select the server on which you want to install the web server. Since I have only one server installed, I selected that. Click on Next.

wsws4

On the Server Roles page, select the role of “Web Server” and click on “Next”.

wsws5

 

On the Features page, click on “Next” since we don’t need any additional features to be installed for the web server.

wsws6

 

A web Server Role page opens which is somewhat like a summary  page. Click on “Next”.

wsws7

 

A Role Services page opens. Select the services you want to install for your web server. If you are not sure, continue with the default services by clicking on “Next”.

wsws8

 

On the Confirmation page, Click on “Install”.

wsws9

 

The installation will take a few minutes. After the installation is finished, Click on “Close”.

wsws10

To check if your web server is successfully installed, open Internet Explorer and type ‘localhost’. If you see the below IIS8 displayed, you have successfully installed a web server on your Windows Server 2012.

wsws11

 

Windows Server 2012 introduced a new configuration option called Minimal Server Interface. Minimal Server Interface is in simple words compromise between Server GUI Full Installation and Server Core installation. Minimal Server Interface installation reduces footprint of the server to some extent thus decreasing security hazards. In the same time it increases deployment scenarios.

Following tools are installed in Minimal Server Interface.

  • Server Manager
  • MMC
  • Some Control Panel Applets

The items which are not installed during Minimal Server Interface are

  • Start Screen
  • Desktop
  • Windows Explorer
  • Internet Explorer

Let’s see how to convert Server GUI full installation to Minimal Server Interface in Windows server 2012. If you want to convert Server GUI full  installation to Server Core installation, read here.

Login as Administrator. Open  “Powershell”. Type the command

“Uninstall-WindowsFeature Server-Gui-Shell -remove” and Press “Enter”.

guimsi1

 

After collecting some data, the system will start removing the Server-Gui-Shell.

guimsi2

After the removal of Server-gui-shell is finished, the system will ask us to restart the system.

guimsi3

 

Restart the system by typing “shutdown -r -t 0″. The system will reboot to Minimal server Interface which will look like below.

guimsi4

 

Hi Friends, Today we will see how to install and promote a domain controller in Windows server 2012. It has seen a change while installing a domain controller.The “dcpromo.exe” present in previous versions has been deprecated. We need to install domain controller from Server Manager only.Before we start installing the domain controller let’s change our server’s name to ‘Server‘ and IP address to “10.10.10.1″.

wdc1

wdc2

Now let’s go to Server Manager and start adding Active Directory Domain Services” role from Add Roles and Features.Click on “Add Roles and Features”.

wdc3

 

Before we begin,we are presented with basic information on IP addresses,Windows updates and configuring strong passwords.Click “Next”.

wdc4

 

Then we are prompted for the type of installation.Select Role Based or Feature based installation” and click Next”.

wdc5

 

Then we are prompted to select the destination server.Select the server we just named and click “Next”.

wdc6

 

Then we are asked to select the roles we want to install.Select Active Directory Domain Services and click “Next”.

wdc7

 

Then we get a pop-up to add features that are required for Active Directory domain services. These features are automatically selected.Click on Add Features”.

wdc8

 

We can see that Group Policy Management which is required for Active Directory Domain services has been automatically selected.

wdc9

 

Then we are given a brief description about Active Directory domain services and some basic things to note.Click Next”.

wdc10

 

Then we are shown the roles that will be installed on the server as a confirmation.Click on Install”.

wdc11

 

Then the installation starts.

wdc12

 

As the installation is finished,we get a message ‘Configuration required.Installation succeeded on server’. Click on Close”.

wdc13

 

We have successfully installed Active Directory Domain Services on our server.Now we need to promote the domain controller.In the previous versions of Windows server, it is here we used dcpromo.exe. In our Server Manager, we have a notification flag with a yellow triangle with an exclamation mark inside it.Click on it.

wdc14

 

Click on ‘Promote this server as domain controller’.

wdc15

We are prompted to choose the configuration of our domain controller. Choose Add a new forest and specify the root domain name as shunya.com. Click on Next”.

wdc16

 

We are asked to choose the domain controller options. Set the forest functional level and domain functional level as Windows Server 2012. Select DNS server.Since this is the root domain in the forest it is automatically Read only domain controller. Enter the DSRM password and click on Next”.

wdc17

 

 

Then DNS options screen appears. Click on Next”.

wdc18

 

Look at the NETBIOS name which is automatically assigned.It is shunya.

wdc19

 

The location where the AD DS database,log files and SYSVOL are shown. We can specify different locations if we choose to be. Click on Next”.

wdc20

 

Then we see a review of our selections.Click on Next”.

wdc21

 

Then we see a Windows Powershell script for AD DS deployment.

wdc22

 

Then we get a prerequsites check window.Click on Install”.

wdc23

 

After all the prerequisites are validated successfully,the server is successfully configured as a domain controller and the system is restarted.

wdc24

 

After the system restarts, we are asked to login into the shunya domain.

wdc25

 

Microsoft has always been recommending the Server Core Installation for its servers over the full server installation. As is well known, Server Core Installation which is the minimal install of the server version reduces the space for attack vector by hackers. It also reduces the usage of resources. But the Server Core Installation makes administration intimidating as it requires the administrators to be a powershell expert.
With Windows Server 2012, Microsoft has introduced a new feature that would allow switching from Server GUI to Server Core Installation and vice versa. This enables administrators to install and configure the server in GUI and then switch to Server Core installation. Although there are many ways to switch from Server GUI to Server Core installation, the easiest way to perform this switching is by simple powershell commands. I am gonna show you how. For this, I have installed Windows Server 2012 standard GUI installation in Vmware workstation.

2012sgsc1

Then open powershell and type the command

Remove-windowsfeature Server-gui-shell,Server-gui-mgmt-infra” and hit Enter.

2012sgsc2

The process of disabling the GUI starts and the display is as same as below.

2012sgsc3

After a short time, the process is completed and it prompts you for a restart.

Restart the machine by typing “shutdown –R –T 0″ and hit ENTER.

2012sgsc4

After the reboot, the system asks for administrator passwordon entering which it switches to Server Core Installation.

2012sgsc5

To enable back the GUI, enter into powershell by typing command “powershell.exe” in the cmd and hit ENTER. In powershell, type the same command as above replacing Remove with Install and hit ENTER.

Install-windowsfeature server-gui-shell,server-gui-mgmt-infra”

2012sgsc6

After completing the process, the system prompts for a reboot. Reboot the system by typing command “shutdown –r  –t 0″ and hit ENTER.

The system successfully  switches over to Standard GUI installation.

2012sgsc8

Note:

Although the Server Core Installation is the preferred deployment, it does not support all roles. The roles supported by the server core installation are,

  • Active Directory Domain Services
  • Active Directory Certificate Services
  • DHCP server.
  • DNS server.
  • AD LDS
  • Hyper-V
  • Streaming Media services
  • Print and Document Services
  • Web server
  • Windows update server
  • Active Directory Rights Management Server
  • Routing and Remote Access Server.