Download and install URLScan. Installation is straightforward. You do not need to consult any document.
Two main files (Urlscan.dll and Urlscan.ini) that we need for configuring URLScan is by default located in the folder C:\Windows\System32\Inersrv\urlscan\
By default after installation, URLScan will be configured as a global filter, ie in IIS on the top level. So the filter will be applied on all sites created in IIS.
The other way is to apply URLScan 3.1 filter on individual site level. In that way you can configure urlscan filter for individual sites.
For example you have 2 sites, site1 and site2 under IIS.
Open IIS and on the right hand side, open feature “ISAPI Filters”. You will see URLScan 3.1. Remove the filter.
Copy URLScan.ini and URLScan.dll from c:\windows\system32\inetsrv\urlscan\
Now right click site1 and select “browse” and paste URLScan.ini and URLScan.dll. Edit URLScan.ini according to your hardening requirements.
Now open ISAPI filter for site1 and add urlscan filter. Name : URLScan and path: path-to-site1 and move it to the top of the list. You can select ordered list and use up arrow to move urlscan to top pf list.
Similarly you can do it for site2.
You can edit URLScan.ini to point a log directory, so that any failed url’s will be registered.
open command prompt and use the command netstat -an.
To filter details for a particular ip , you may use the below syntax :
netstat -an | find ” 192.168.100.1″
Or to check for a specific port netstat -an | findstr “443”
Or to get more details like the process id which is using the port,
Netstat -bano | findstr “443”
Its preferred to set the advanced audit policy through command prompt/powershell other than GUI. It has to be noted that even after you apply the settings through command, in the gui it might not reflect. But that is not an issue. Thats as far as i know.
- Computer configuration-security settings-security options
- Set the policy “Audit:Force audit policy subcategory settings (windows vista or later) to override audit policy category settings” to “Enabled”.
To get full information of advanced audit policy on a server, use the command
- Auditpol.exe /get /category:*
In that you can see categories and sub categories listed with the status success/failure/not configured.
Few examples below :
- Auditpol.exe /set /subcategory:”credential validation” /success:enable /failure:enable
The below command will enable only success
- Auditpol.exe /set /subcategory:”credential validation” /success:enable
The below commmand will set credential validation to “no auditing”
- Auditpol.exe /set /subcategory:”credential validation” /success:disable /failure:disable
You can group all of them and save it as a power shell script or a bat h file and run it on required machines.
Please refer to the microsoft link for detailed info : https://technet.microsoft.com/en-us/library//dd408940(v=ws.10).aspx
Open command prompt with a user name that has access to remote server. If local and remote server are in workgroup, its easier if you have same account with password in both servers. Either you should log in with the account name on local pc and open a command promt or you can run as different user and open command prompt.
Qwinsta /server:servername or ipaddress
It will list you all the logged on sessions on the remote server. Now using the session id, we can log off the user from remote server.
Qwinsta /sessionid /servername or ipaddress
Unfortunately to move local user accounts from windows server, we cannot use USMT.
To move local user accounts and the groups associated with each user account.
Source : Windows server 2003 sp2
Destination : Windows Server 2012 R2
In 2012 server, install the feature ” windows server migration tools”
browse to c:\windows\system32\servermigrationtools\
Execute the below command
.\smigdeploy.exe /package /architecture x86 /os WS03 /path c:\deploy
Now copy the c:\deploy to 2003 server
In the 2003server, open command prompt, browse to c:\smt_ws03_x86 and execute the below command
Wait till it opens a powershell window.
In the powershell window, run the below command
export-smigserversetting -user all -group -path c:\win2k3users
Copy c:\win2k3users folder to 2012 server.
In 2012 Server
Open server manager – Tools – Windows Server Migration Tools – Windows Server Migration Tools – This will open a powershell window
Run the below command
Import-SmigServerSetting -User All -Group -Path c:\win2k3users –Verbose
Now all users are imported.
After import, all user accounts will be disabled.All the user accounts migrated will have no password associated. You can login without any password . Remember to enable password for all required accounts.
To find serial number of PC running on windows OS , just open powershell and run the below command