How to: Software Restriction policies with AppLocker

We’ve already seen how to restrict software on Windows Server 2012 // R2 using GPOs. There’s another way available since Windows Server 2012, thanks to a feature called AppLocker.

We still use GPOsAppLocker is a subset of GPOs – to enforce software restriction but it’s easier and more powerful.

AppLocker can manage execution permissions of:

  • Executables: files with .exe extension
  • Windows installers: Windows installer packages with .msi and .msp extensions
  • Scripts: files with .ps1, .bat, .cmd, .cbs and .js extensions
  • Packaged Apps: Windows Store apps

(more…)

How to configure static routes to route traffic through a specific gateway

Sometimes you may need to route traffic through a specific gateway only for destinations matching a group of IPs or a subnet.

Static routes are usually configured at the router level but you can also configure them locally, from the Windows command prompt.

The operation is quite easy, you won’t miss the GUI. In our example we are using Windows Server 2012 R2, but you can do the same with any version of Windows. (more…)

How to add a Backup Domain Controller to an existing Active Directory Domain

An Active Directory Domain with a unique Primary Domain Controller (PDC) is something that you should not rely on. A hardware failure can make your day a really bad one and, for this reason, Microsoft give us the possibility to add a (or more) Backup Domain Controller (BDC) to our domain.

The configuration is quite simple on Windows Server 2012 // R2, a much appreciated gift from Redmond.
(more…)

How DNS works

The Domain Name System (DNS) is a distributed naming system for devices connected to a network or the Internet. Its main job is to translate the domain names into IPs, to allow us to access a remote website without having to know a set of numbers.

From Wikipedia:

    The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their supported domains, and may delegate authority over sub-domains to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid the need for a single central database.

The funny part about the DNS is that works in the same way in your local network, so when you access a local PC with its name (example: pc02.thesolving.local) there’s a domain name server translating it in a local network IP address.

The DNS can store different types of records. Three are the most important ones:

  • A: translate a domain name in one or more IP addresses (32-bit)
  • CNAME: translate a domain name (alias) in another domain name
  • MX: translate a domain name in one or more IP addresses (only for emails)

The domain names tree composes the Domain Name Space. Every domain can have subdomains and it’s possible to segment this tree in zones of a single domain name or multiple domain names.

The domain hierarchy is quite simple, the more a label is on the right and higher its level is.

For example, in explanation.example.org we have:

  • A top-level domain: org
  • A second level domain: example
  • A third level domain: explanation

It’s possible to add other levels of segmentation, up to 127 levels. The total lenght of a domain name may not exceed the length of 253 characters while each label can’t contain more than 63 characters.

A domain name resolver, the client side of the DNS, determines the domain name server responsible for a domain name by a sequence of queries. It starts with the top-level domain and go on with lower level domains.

The domain name system heavely relies on caching to avoid bottleneck and performance issues.

How to deploy a Registry Key via Group Policy

System administrators often need to deploy one or more Registry Keys in business environment. Customized software or hardware need particolar configurations and companies usually have solutions tailored to their needs.

Whatever the reason is, a Group Policy is the best way to deploy a Registry Key in an Active Domain Directory Services.

The configuration is quite simple and quick.
(more…)

How to share printers via Group Policy (GPO)

One great advantage of using Active Directory Domain Services is the possibility to share a printer in just a few clicks with a group of computers or users.

Since Windows Server 2012 isn’t even necessary to create a Group Policy Object (GPO), Windows will do the job for us speeding up the process.

We are going to show how you can share an existing (installed) printer to an AD Group of Computers.
(more…)

How to force proxy settings via Group Policy on Windows Server 2012

Proxy servers may be useful in business environments to restrict websites, analyze Internet traffic or for caching purposes. There are several proxy servers available on the market but we won’t talk about them.

Instead, we’re going to see how to force proxy settings via Group Policy (GPO) on Windows Server 2012 // R2. The Policy will only affect Internet Explorer, but we’ve already seen how to restrict applications and the same applies to browsers.
(more…)