Network Access Protection

Windows 2008 Server has Network Access Protection which is also known as NAP or NPS. This tool serves an administrative purpose to help organizations compare the security level in a computer on the network to the Server 2008’s policies. This comparison helps to determine if the computer is safe enough to join and use the Server. This is another way to help find if the computer’s ‘health’ is adequate as far as policy and the NAP can also analyze both the anti-virus program and if the firewall is installed. In an upcoming series, Windows 2008 Server will be reviewed.

Information on NAP from TechNet

Microsoft’s Deployment Guide


View Open Files on Server 2008

Before rebooting a server, you should see who has open files so you won’t corrupt data or knock a user offline.

Server 2008 has moved where you can view these.

To see the open files, right click on computer.   Select Manage.  Click Roles – File Services – Share and storage management.  Choose Action and then manage open files.


How to increase Active Directory Speed

Active Directory is one of the mostly widely used models to push policies and to secure your enterprise.

Many IT personnel complain of degrading performance after a period of time.   Although Windows tries to keep Active Directory defragged, the Active Directory database can begin to grow even when you delete users and adjust it.  More on this later….

  • Memory (Always use 64bit Windows – Migrate to Server 2008 R2)  – use 8gb or more when possible
  • Memory Speed – Look for HyperX and other high quality memory
  • Motherboard Choice – FSB, Chipset,  ports, controllers  (Motherboard selection should come after CPU)
  • Processor – select multi-core/multi-CPU
  • Power –  We live in a ‘Green’ world but don’t rob your system of power
  • Hard Disks – Use SATA 6.0 for small / medium enterprises and SCSI for large enterprises
    -Put your OS on one drive, active directory on a second drive
  • Defrag Active Directory (2008)
So how do you defrag Active Directory?


Slow Network?

Do you have a computer that responds slow on the network or hesitates?  Follow these steps and you will see a significant difference. (Because we have not shown how to disable advanced settings in your network card, simply go to your device manager and double click on your network card – disable TCP offload and any advanced settings such as proxy and other settings that may make the card hesitate)

  1. Remove any add-ins on your Browsers that you don’t need
  2. Remove Toolbars
  3. Adjust your MTU Settings
  4. Adjust your Network Speed
  5. Disable LLMNR
  6. Disable all advanced settings on your card
Advanced settings example

Two-step authentication verifies user logins for your computer

PhoneFactor offers a two-step authentication when logging on to your computer.  This helps to verifiy user logins for a workstation or server.

How does it work?

Enter your username and password into your computer.   PhoneFactor then calls you.  Press the # or enter a PIN number or PhoneFactor can send you a text message containing a one-time passcode where you reply with your password or PIN.

A third factor of authentication allows you to speak a short passphrase into your phone during the authentication process.

PhoneFactor is free.  Other packages are available for medium and large organizations.

Want to control who gets on your network?

Want to control who gets on your network?  Callout DLL can still be downloaded from Microsoft and now with Windows Server 2008 you can control with an Allow/Deny.

With portable computing (netbooks, laptops, droids, blackberries, iPads, iPods, iPhones and other portable devices) many users will discover how to get on your network.  Callout DLL for Windows Server 2003 and Windows Server 2008 allows your IT department to control who gets on your network.

Stretching Your Budget

Many IT departments have the luxury of buying expensive servers.  15 years ago we decided to build our own.  Much like Google builds their own servers.   Recent additions and replacements in our server farm include AMD’s hexacore processor with 16 GB of RAM and 3 Tb of hard drive space.  At only $1300 per server, you just can’t go wrong.  Looking at an equivalent server from vendors, the same specs would run around $5000+.

While Open Source offers many fantastic programs that are out there, we license Windows Server software along with some Open Source software to meet needs without sacrificing quality.

Password complexity in Windows Server 2008 is grayed out

I do not recommend this but I have seen a non-critical server where simplex passwords could be used (internal network/non-critical or non-sensitive data) – Resetting password complexity in Windows Server 2008 (R2).

If you need to disable password complexity in Windows Server 2008 and it is grayed out under the group policies -

  • Open the group policy management console and edit the GPO on domain level, if you haven’t created one you can use the one that is listed by default.
  • Find password complexity in the policies and change
  • Open a command prompt as an administrator
  • Type gpupdate /force and hit enter