switchport Security

70-648, NAP, DHCP, IPNG, IPv4, IPV6, DNS, Global Names, WDS, Server Core, WAS, Server Manager, OCSP, WBAdmin, Group Policy, BitLocker, Active Directory, switch module, route module, firewall module, auto secure, network, router ospf, authentication, drupal.org

Monday, December 24, 2007

Server Management in Windows.Server.2008 ServerCore - Part 2

Disk Management for ServerCore Installation

If you're interested in the security of your server, whether it be a plain server role or a RODC, installing BitLocker helps out a lot.

Yes, we do have syskey but having the whole drive encrypted brings it to a whole new level.

What's in here?
-Summary on BitLocker Requirements
-Diskpart Basics


-Jaeson

Note: Syskey is on by default protecting your authentication database in the file system and no lame story of someone putting a server offline and stealing the database files should make you gullible.


BitLocker requirements
  1. Properly formatted drive (see my previous side note post)
  2. Add BitLocker as a feature

As it turns out, my assumptions of how BitLocker should be installed on a Windows 2008 system is the same for Vista. Too bad I didn't partition my full install of Windows 2008 properly for BitLocker.

Adding the BitLocker feature: start /w ocsetup BitLocker

Note: My machine doesn't a TPM chip but that isn't much of a problem as you can always go around that obstacle. But doing it in ServerCore seems very much of a problem that we'll try to solve.


DiskPart Basics

How do you exactly use Diskpart?

Easy!

Type diskpart in the command-line, hoping you have admin privileges

Exhibit 1
C:\>diskpart

Microsoft DiskPart version 6.0.6001
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: MISNET-DC-W2K8

DISKPART>


How to get help? Easier.

Exhibit 2

Microsoft DiskPart version 6.0.6001
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: MISNET-DC-W2K8

DISKPART> help | ?

That means type "help" or the "?" symbol.

Note: Don't get any ideas that this tool will help you after you install ServerCore. Diskpart-ing must be done before installation of the OS choosing the "Repair Now" option.

Tip: Want to add on disk space on your system drive?

DISKPART> extend size=[whatever value your system allows you to reclaim]

Well, on Windows Vista and Server 2008, extending your volume is possible - this assumes that you didn't setup all of the diskspace for your primary partition and reserved some for another partition that you eventually want to edit out of your system or you just want to reclaim space.
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)