How to: Software Restriction policies with AppLocker

We’ve already seen how to restrict software on Windows Server 2012 // R2 using GPOs. There’s another way available since Windows Server 2012, thanks to a feature called AppLocker.

We still use GPOsAppLocker is a subset of GPOs – to enforce software restriction but it’s easier and more powerful.

AppLocker can manage execution permissions of:

  • Executables: files with .exe extension
  • Windows installers: Windows installer packages with .msi and .msp extensions
  • Scripts: files with .ps1, .bat, .cmd, .cbs and .js extensions
  • Packaged Apps: Windows Store apps


Configuring Volume Shadow Copies (VSS) on Windows Server 2012 R2

Volume Shadows Copies (also known as Volume Snapshot Service or VSS) is a technology developed by Microsoft to take restorable snapshots of a volume.

On Windows Server 2012 // 2012 R2 it’s quite easy to set up and restore operations are pretty straightforward.

Note: Volume Shadow Copies allow to restore previous states of the entire volume, you can’t restore previous states of single files and/or folders. (more…)

How to configure static routes to route traffic through a specific gateway

Sometimes you may need to route traffic through a specific gateway only for destinations matching a group of IPs or a subnet.

Static routes are usually configured at the router level but you can also configure them locally, from the Windows command prompt.

The operation is quite easy, you won’t miss the GUI. In our example we are using Windows Server 2012 R2, but you can do the same with any version of Windows. (more…)

How to add a Backup Domain Controller to an existing Active Directory Domain

An Active Directory Domain with a unique Primary Domain Controller (PDC) is something that you should not rely on. A hardware failure can make your day a really bad one and, for this reason, Microsoft give us the possibility to add a (or more) Backup Domain Controller (BDC) to our domain.

The configuration is quite simple on Windows Server 2012 // R2, a much appreciated gift from Redmond.

How to deploy a Registry Key via Group Policy

System administrators often need to deploy one or more Registry Keys in business environment. Customized software or hardware need particolar configurations and companies usually have solutions tailored to their needs.

Whatever the reason is, a Group Policy is the best way to deploy a Registry Key in an Active Domain Directory Services.

The configuration is quite simple and quick.