Windows 2008 Server has Network Access Protection which is also known as NAP or NPS. This tool serves an administrative purpose to help organizations compare the security level in a computer on the network to the Server 2008’s policies. This comparison helps to determine if the computer is safe enough to join and use the Server. This is another way to help find if the computer’s ‘health’ is adequate as far as policy and the NAP can also analyze both the anti-virus program and if the firewall is installed. In an upcoming series, Windows 2008 Server will be reviewed.
Active Directory is one of the mostly widely used models to push policies and to secure your enterprise.
Many IT personnel complain of degrading performance after a period of time. Although Windows tries to keep Active Directory defragged, the Active Directory database can begin to grow even when you delete users and adjust it. More on this later….
Memory (Always use 64bit Windows – Migrate to Server 2008 R2) – use 8gb or more when possible
Memory Speed – Look for HyperX and other high quality memory
Motherboard Choice – FSB, Chipset, ports, controllers (Motherboard selection should come after CPU)
Processor – select multi-core/multi-CPU
Power – We live in a ‘Green’ world but don’t rob your system of power
Hard Disks – Use SATA 6.0 for small / medium enterprises and SCSI for large enterprises
-Put your OS on one drive, active directory on a second drive
Do you have a computer that responds slow on the network or hesitates? Follow these steps and you will see a significant difference. (Because we have not shown how to disable advanced settings in your network card, simply go to your device manager and double click on your network card – disable TCP offload and any advanced settings such as proxy and other settings that may make the card hesitate)
Remove any add-ins on your Browsers that you don’t need
PhoneFactor offers a two-step authentication when logging on to your computer. This helps to verifiy user logins for a workstation or server.
How does it work?
Enter your username and password into your computer. PhoneFactor then calls you. Press the # or enter a PIN number or PhoneFactor can send you a text message containing a one-time passcode where you reply with your password or PIN.
A third factor of authentication allows you to speak a short passphrase into your phone during the authentication process.
PhoneFactor is free. Other packages are available for medium and large organizations.
Want to control who gets on your network? Callout DLL can still be downloaded from Microsoft and now with Windows Server 2008 you can control with an Allow/Deny.
With portable computing (netbooks, laptops, droids, blackberries, iPads, iPods, iPhones and other portable devices) many users will discover how to get on your network. Callout DLL for Windows Server 2003 and Windows Server 2008 allows your IT department to control who gets on your network.
Many IT departments have the luxury of buying expensive servers. 15 years ago we decided to build our own. Much like Google builds their own servers. Recent additions and replacements in our server farm include AMD’s hexacore processor with 16 GB of RAM and 3 Tb of hard drive space. At only $1300 per server, you just can’t go wrong. Looking at an equivalent server from vendors, the same specs would run around $5000+.
While Open Source offers many fantastic programs that are out there, we license Windows Server software along with some Open Source software to meet needs without sacrificing quality.
I do not recommend this but I have seen a non-critical server where simplex passwords could be used (internal network/non-critical or non-sensitive data) – Resetting password complexity in Windows Server 2008 (R2).
If you need to disable password complexity in Windows Server 2008 and it is grayed out under the group policies -
Open the group policy management console and edit the GPO on domain level, if you haven’t created one you can use the one that is listed by default.
Find password complexity in the policies and change