Posted on 2 Comments

How to configure UrlScan in IIS7.5 and IIS8

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsory to install URLscan.

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

Click on Install. You are shown a review of components you selected to install. Click on I accept.

The components are installed and will show you a Finish screen. Click on Finish.

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

The installation is very quick. Once it finishes,click on “Finish”.

Now open IIS Manager. Click on ISAPI filters.

If everything went well, we should see a filter already set like below.

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

Now let’s again try to banner grab using Idserve.  Restart the web server.

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

Posted on Leave a comment

Installing a web server in Windows 2012 with WebPI

We can easily install a web server in Windows Server 2012 using Microsoft Web Platform Installer. The Microsoft Web Platform Installer (Web PI) is a simple tool that installs the latest components of the Microsoft Web Platform including IIS, PHP, MYSQL and many others. It can be downloaded for free from here. In this tut we will install IIS, PHP and MYSQL using this tool.

Download and install Web Platform installer 4.6. Click on it.

Select the components you want to install. I have selected IIS, PHP and MYSQL.

After selecting the applications you want to install, click on “Install”. If you have selected MYSQL, it will prompt for a password to be set for MYSQL. Enter the password and click on “Continue”.

It will display a summary of components which will be installed. Click on “I Accept”.

After system finishes installing all the components, click on “Finish”. After the installation is finished, open your browser and see whether IIS8 installation has been successful. If the display shows the version of IIS displayed as below, then our web server installation has been  successful.

Now let’s test our php. Go to the root directory which is “%systemroot%/inetpub/root” in IIS and create a php file with the following script and save it as version.php ( in fact any name but with php extension. )

Now go to address “http://localhost/version.php” from the browser.

If it displays the version of the php installed, then our php installation has been successful. Hope this was helpful.

Posted on Leave a comment

Server GUI to Minimal Server interface in Windows 2012

Windows Server 2012 introduced a new configuration option called Minimal Server Interface. Minimal Server Interface is in simple words compromise between Server GUI Full Installation and Server Core installation. Minimal Server Interface installation reduces footprint of the server to some extent thus decreasing security hazards. In the same time it increases deployment scenarios. Let’s see how to convert Server GUI to Minimal Server Interface in Windows server 2012. If you want to convert Server GUI full  installation to Server Core installation, read here.

Following tools are installed in Minimal Server Interface.

  • Server Manager
  • MMC
  • Some Control Panel Applets

The items which are not installed during Minimal Server Interface are

  • Start Screen
  • Desktop
  • Windows Explorer
  • Internet Explorer

Login as Administrator. Open  “Powershell”. Type the command

“Uninstall-WindowsFeature Server-Gui-Shell -remove” and Press “Enter”.

After collecting some data, the system will start removing the Server-Gui-Shell.

After the removal of Server-gui-shell is finished, the system will ask us to restart the system.

Restart the system by typing “shutdown -r -t 0″. The system will reboot to Minimal server Interface which will look like below.

Posted on Leave a comment

Installing a domain controller in Windows Server 2012

Hi Friends, Today we will see how to install and promote a domain controller in Windows server 2012. It has seen a change while installing a domain controller. The “dcpromo.exe” present in previous versions has been deprecated. We need to install domain controller from Server Manager only. Before we start installing the domain controller let’s change our server’s name to ‘Server‘ and IP address to “10.10.10.1″.

Now let’s go to Server Manager and start adding Active Directory Domain Services” role from Add Roles and Features. Click on “Add Roles and Features”.

Before we begin, we are presented with basic information on IP addresses, Windows updates and configuring strong passwords. Click “Next”.

Then we are prompted for the type of installation. Select Role Based or Feature based installation” and click Next”.

Then we are prompted to select the destination server. Select the server we just named and click “Next”.

Then we are asked to select the roles we want to install. Select Active Directory Domain Services and click “Next”.

Then we get a pop-up to add features that are required for Active Directory domain services. These features are automatically selected. Click on Add Features”.

We can see that Group Policy Management which is required for Active Directory Domain services has been automatically selected.

Then we are given a brief description about Active Directory domain services and some basic things to note. Click Next”.

Then we are shown the roles that will be installed on the server as a confirmation. Click on Install”.

Then the installation starts.

As the installation is finished, we get a message ‘Configuration required. Installation succeeded on server’. Click on Close”.

We have successfully installed Active Directory Domain Services on our server. Now we need to promote the domain controller. In the previous versions of Windows server, it is here we used dcpromo.exe. In our Server Manager, we have a notification flag with a yellow triangle with an exclamation mark inside it. Click on it.

Click on ‘Promote this server as domain controller’.

We are prompted to choose the configuration of our domain controller. Choose Add a new forest and specify the root domain name as shunya.com. Click on Next”.

We are asked to choose the domain controller options. Set the forest functional level and domain functional level as Windows Server 2012. Select DNS server. Since this is the root domain in the forest it is automatically Read only domain controller. Enter the DSRM password and click on Next”.

Then DNS options screen appears. Click on Next”.

Look at the NETBIOS name which is automatically assigned. It is shunya.

The location where the AD DS database, log files and SYSVOL are shown. We can specify different locations if we choose to be. Click on Next”.

Then we see a review of our selections. Click on Next”.

Then we see a Windows PowerShell script for AD DS deployment.

Then we get a prerequisites check window. Click on Install”.

After all the prerequisites are validated successfully, the server is successfully configured as a domain controller and the system is restarted.

After the system restarts, we are asked to login into the shunya domain.

Posted on 2 Comments

Server GUI to Server Core switching in Windows 2012

Microsoft has always been recommending the Server Core Installation for its servers over the full server installation. As is well known, Server Core Installation which is the minimal install of the server version reduces the space for attack vector by hackers. It also reduces the usage of resources. But the Server Core Installation makes administration intimidating as it requires the administrators to be a PowerShell expert.
With Windows Server 2012, Microsoft has introduced a new feature that would allow switching from Server GUI to Server Core Installation and vice versa. This enables administrators to install and configure the server in GUI and then switch to Server Core installation. Although there are many ways to switch from Server GUI to Server Core installation, the easiest way to perform this switching is by simple PowerShell commands. I am gonna show you how. For this, I have installed Windows Server 2012 standard GUI installation in Vmware workstation.

Then open PowerShell and type the command

Remove-windowsfeature Server-gui-shell,Server-gui-mgmt-infra” and hit Enter.

The process of disabling the GUI starts and the display is as same as below.

After a short time, the process is completed and it prompts you for a restart.

Restart the machine by typing “shutdown –R –T 0″ and hit ENTER.

After the reboot, the system asks for administrator password on entering which it switches to Server Core Installation.

To enable back the GUI, enter into PowerShell by typing command “powershell.exe” in the cmd and hit ENTER. In PowerShell, type the same command as above replacing Remove with Install and hit ENTER.

Install-windowsfeature server-gui-shell,server-gui-mgmt-infra”

After completing the process, the system prompts for a reboot. Reboot the system by typing command “shutdown –r  –t 0″ and hit ENTER.

The system successfully  switches over to Standard GUI installation.

Note:

Although the Server Core Installation is the preferred deployment, it does not support all roles. The roles supported by the server core installation are,

  • Active Directory Domain Services
  • Active Directory Certificate Services
  • DHCP server.
  • DNS server.
  • AD LDS
  • Hyper-V
  • Streaming Media services
  • Print and Document Services
  • Web server
  • Windows update server
  • Active Directory Rights Management Server
  • Routing and Remote Access Server.