Techibee.com

I inspired from my previous post,  and decide to do some network interface related operations from command line as they helps me when managing Windows 2008 Core Operating system. Another command that I am going to provide now is to disable network connection from command line.

netsh interface set interface name=”Local Area Connection 1″ admin=DISABLED

In about command, “Local Area Connection 1″ is the name of the connection that you want to disable. You can change the value of “Admin” to “Enable” to enable back the network connection. Similarly, if you want to rename the network connection, you can use newname parameter. Below is the command.

netsh interface set interface name=”Local Area Connection 1″ newname=”My NIC1″

Above command renames “Local Area Connection 1″ network to “My NIC1″.

Hope this helps…

When you are working on Windows 2008 core, you get requirement to disable firewall functionality to allow all programs communication. The default firewall settings blocks most of the ports(including remote management) and administrator has to explicitly open them on need basis. The default Core console allows you to perform only few network operations like listing and assigning IP address, but if you want to perform advanced operations like disabling firewall functionality in all profiles(see my post http://techibee.com/windows-2008/what-is-domain-public-and-private-profiles-in-windows-2008-firewall/478 for different profiles in 2008 firewall), you need to rely on some command line options.

Netsh is one of the very useful command line utilities in windows environment. Now in this post, I will show you how to disable firewall profiles(Private, public, domain) on a windows 2008 Core. You need this command in Server Core environment because, you cannot manage firewall remotely as there is a provision and you can not manage it from local host as core supports no GUI. Only option is command line utility.

Now, let us see how we can disable firewall functionality from all profiles

netsh advfirewall set allprofiles state off

If you want to turn off the firewall for individual  profiles use the below commands

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh advfirewall set publicprofile state off

You can turn on firewall back by simply replacing “off” with “on” in above commands.

Netsh utility allows us to perform more set of operations on different components of operating system. You can explore the help(netsh /?) to lean about it further.

You can also download a NetSH Technical reference guide from MS website. Refer to http://techibee.com/general/download-netsh-technical-reference-for-windows-2008windows-7/494 for more details.

Hope this helps.

Microsoft has released a tool which helps you in blocking the installation of Windows 7/Windows 2008 R2 Service Pack 1 through windows Updates. You can download it from here.

This download contains three files.

1. SPBlockingTool.exe — A microsoft executable

2. SPReg.bat  –  A batch script

3. NoSPUpdate.ADM — A ADM file to use with GPOs

The installation of service pack 1 through Windows Update can be stopped with one of the above above given tools. If you plan to use the executable, you need to pass /B switch to it to block the installation and /U switch to unblock the installation. Similar functionality can be achieved with BAT script also. It helps you to run against remote system as well. Third approach is using the ADM file in your Group Policies. This GPO procedure is very straight forward and like using any other ADM file.

Irrespective of approach you use, it creates a key value name “DoNotAllowSP” and sets it to “1” under HKLMSoftwarePoliciesMicrosoftWindowsWindowsUpdate registry key to block the installation. It deletes this newly created key when you instruct it to unblock the installation restriction.

Hope this helps you.

Since windows core provides a CLI based interface, it necessitates learning command line stuff for system administrators. Though most of the tasks can be performed remotely, tasks related to network has to be done from the Core console itself. Here in this post, I will provide you two simple commands to enable and disable network connections from Windows 2008 Core console.

First let’s see the list of network adapters available in the server.

Netsh interface ipv4 show interface

Now disable the connection with name “Local Area Connection 2″

netsh interface set interface “Local Area Connection 2″ DISABLE

Similarly, to enable a connection back, just replace DISABLE with ENABLE in above command.

I recommend doing these operations from server console(or ILO/DRAC) directly as this can cause network interruptions and running these commands can take your server out of network. Cross verify the commands and run them with caution.

Windows Firewall is one of the components which is enhanced greatly from windows XP to windows 7. In windows 7 it acts as two way firewall(Inbound/Outbound) with many advanced security features. This is also called as “Windows Firewall with Advanced security” in Window s7.

The more features, the more details you need it for troubleshooting issues. Since this version of firewall acts as a bi-directional one, you need good amount logging to troubleshoot network connection level issues on windows 7 and windows 2008 R2.

This article talks about how to enable this logging, location of log files, and few more options avaiLalble in logging.

Enabling Logging in Windows 7/Windows 2008 firewall.

It is pretty easy. If you want to enable on a single computer, just go to Start -> RUN -> and type  wf.msc , this opens up “Windows Firewall with Advanced Security”.

Now Right click on “Windows Firewall With Advanced Security on Local Computer” and go to properties which opens below page.

Select “Customize” option under logging.

There browse for log files location where you want to place the logs and also choose the size limit for log files.

Your Logging will not start until you select “YES” for one of the following options. 1) Log dropped packets 2) Log Successful connections.

Click OK twice to complete your configuration.

This completes the configuration.

In my next post I will talk about how to analyze these logs files. Hope this information helps you.

Here is the download link. This MSI contains the all the ADMX and ADML files that are applicable to windows 7 and windows 2008 R2 computers.

Download

Microsoft has announced Service Pack 1(SP1) beta for Windows 7 and Windows 2008 R2.

Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback, and is easy for organizations to deploy a single set of updates.

Windows 7 and Windows Server 2008 R2 SP1 Beta will help you:

• Keep your PCs supported and up-to-date
• Get ongoing updates to the Windows 7 platform
• Easily deploy cumulative updates at a single time
• Meet your users’ demands for greater business mobility
• Provide a comprehensive set of virtualization innovations
• Provide an easier Service Pack deployment model for better IT efficiency

To download SP1, first your should register yourself at this LINK and after successful registration it will display the options to update your computer either via Windows update or ISO. The ISO contains the SP1 for both 32 and 64 bit architectures of Windows 7 and 64-bit version for windows 2008 R2.

Source : TechNet

Today, let’s understand the purpose of profiles in new era windows operating systems.

Windows 2008, Vista, 2008 R2, and Windows 7 uses “Windows firewall with Advanced security” component for enhanced security. It is a two way firewall with stateful inspection capabilities. In addition to that, it has three profiles for firewall namely, Domain, public, and private. Each profile will have a different set of rules configured.

Interesting thing here is, when your computer is connected to network, NLA APIs determines what type of network it is and based on the decision, it enables the respective profile. For example, if NLA identifies that domain controllers to which the computer account is joined is reachable, then NLA marks the connection as domain profile and assigns domain profile. Generally domain profile won’t be having too many firewall restrictions as the connected network is a authenticated one. If the NLA marks the connection as public, then obviously more security is needed and a public profile will be applied which generally will have more restrictions.

Definition of profiles in Microsoft words:

Domain. Windows automatically identifies networks on which it can authenticate access to the domain controller for the domain to which the computer is joined in this category. No other networks can be placed in this category.

Public. Other than domain networks, all networks are initially categorized as public. Networks that represent direct connections to the Internet or are in public places, such as airports and coffee shops should be left public.

Private. A network will only be categorized as private if a user or application identifies the network as private. Only networks located behind a NAT device (preferably a hardware firewall) should be identified as private networks. Users will likely want to identify home or small business networks as private.

More information about this can be obtained from Technet.

Disabling IE ESC(Internet Explorer Enhanced Security Configuration) is one of the fist thing I do whenever I built a Windows 2003 machine. It will be little bit frustrating when you work on any web apps from a windows 2003 computer. Always you need to click on either close or add to safe list to browse through a site. I am not much bothered about it because mostly I use IE from server for accessing intranet applications which are safe in all ways for me.

Now in this Windows 2008 era, I am facing the same old problem again, and it took some time to figure out where the option for disabling IE ESC.  Procedure is very simple compared to Windows 2003 provided you figure out where is the option to do it

Follow the below steps for disabling IE ESC:

• Logon to the windows 2008 with admin account.
• Open server Manger from administrator tools via start, programs
• In server manger MMC, select the root(sever manager(yourmachine)) in left navigation pane and look at the Security Information section.
• You will see a option to configure IE ESC in security section.

• Click on it and it will give options to disable/enable for administrators/users.

• Make your choice and click OK

You are done with your task.

Microsoft has released a document on functional Changes in Windows 2008 R2 Operating System. Use the below link to download that.

Download