MS15-034 vulnerability: MS Patch

https://technet.microsoft.com/library/security/MS15-034

https://support.microsoft.com/en-us/kb/3042553

Microsoft Security Bulletin MS15-034 – Critical// // // // // // //

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests. For more information about the vulnerability, see the Vulnerability Information section.

MICROSOFT WINDOWS SERVER 2012 TIPS

August 16th, 2012 by jasonLeave a reply »

One of the benefits of working for Dell Compellent is having the privilege to collaborate with some very smart people who are subject matter experts in areas of technology I don’t get as much time to spend time on as I’d like to.  I get to share information with team members about vSphere, as well as Exchange, SQL, *nix, Oracle, and you might have guessed it… Microsoft Windows (including Hyper-V).  One of my colleagues has been working with Windows Server 2012 lately and he drew up a quick guide on some of the findings he had made.  Not only was he gracious enough to share it with his teammates, he was more than happy to share with the community when asked.  When I say community, of course I’m referring to readers of this blog.  So without further to do, here are some Windows Server 2012 (and perhaps even Windows 8) tips to get you started.

Navigating the New Server 2012 GUI

The look and feel of the Server 2012 GUI is quite different than Server 2008. While most of the familiar options and features are still available, the process of getting to them is quite different, and in some cases, more difficult.

Snagit Capture

1)      The “Start” button no longer exists in Server 2012.  To expose Start, jiggle your mouse in the lower left corner of the desktop and the Start option will appear as shown above.  This is a bit cumbersome in RDP sessions and takes some getting used to.

Snagit Capture

2)      The Start Menu presents applications and other options as tiles.

3)      To access Lock and Sign out, click on the User in the upper right for a drop-down menu.

Snagit Capture

4)      To access All Applications, right-click on any tile under Start, and then an options bar will appear at the bottom of the screen.  On this options bar, click on All Apps in the lower right.

Snagit Capture

5)      Under All Apps, you can find all the rest of the familiar (but now more difficult to find) options such as Command Prompt and Run.  To make these more easily accessible, pin them to the taskbar.

Snagit Capture

6)      Another hidden menu exits off the right side of the desktop.  To access it, move your mouse to the far right or lower-right corner of the screen and hold it there for a couple seconds.   Again, this is cumbersome in RDP sessions and takes some getting used to.

7)      As you can see above, the Restart and Shut down options are now buried a few layers deep so accessing them is a bit tedious.   Some customization suggestions below will help alleviate this.

Snagit Capture

8)      To stop the Server Manager window from automatically starting every time you log on, edit the Server Manager Properties and check the box Do not start Server Manager automatically at logon.

Customizations to Facilitate Better User Experience with Server 2012

You may find yourself a little frustrated with the changes introduced with the Server 2012 GUI because many apps/options/tools have been relocated and are therefore more difficult (and more time consuming) to find.

Below are some quick and simple customization changes to “restore” some of the of the Server 2008 look/feel/agility to the 2012 GUI.

1)      The first step is to install the Desktop Experience as found under Features.  Once installed, then the (My) Computer icon can be added back to the desktop.

Snagit Capture

a)      Launch Server Manager from the taskbar.

Snagit Capture

b)      Click on Add roles and features to launch the Add Roles and Features Wizard.  UnderFeatures, check the box for Desktop Experience and then complete the wizard (requires a reboot).

Snagit Capture

c)       After rebooting, from the Desktop, right click and choose Personalize, Change Desktop Icons, and add the desired icons such as Computer and Control Panel.

d)      Right click on the Desktop again, and under View, set icon size to Small, and set Auto Arrange and Sort By options according to your preference.

Snagit Capture

2)      Customize the taskbar by pinning shortcuts for I.E., Run, Command Prompt, and other frequently used apps (as found under Start and All Apps) that you want to be quickly accessible.  For directions on how to access the Start and All Apps menus, see Page 2.

3)      Right click on the taskbar, select Properties, and select Use Small taskbar buttons, and under the Toolbars tab, add the Desktop toolbar.

4)      If you desire to add the Background Info (BGI) utility to your Windows 2012 server desktop, then complete the following steps:

Snagit Capture

  • From your network share or software repository containing BGInfo, copy the folder BGInfo toC:BGInfo.  Edit the BGInfo.bgi config file to customize (if desired) the BGInfo settings.  (this is the latest 64-bit version of BGInfo)

Snagit Capture

  • To automatically refresh BGInfo each time you log on to the server, add a reg key (string value) called BGInfo with value ofC:BGInfoLaunchBGI.batto:HKLMSoftwareMicrosoftWindowsCurrentVersionRun

Snagit Capture

  • If using mRemote, change the Display Wallpaper setting to Yes under the configuration settings for your server (the default setting is No).  Otherwise the BGInfo screen will not be passed to your display.

5)      To work around the cumbersome process of having to navigate to log-off, shutdown, or reboot commands under the hidden menus, place shortcuts to these operations on the Server 2012 desktop.  To make this process quick and easy, pre-defined shortcuts can be saved on a network share and copied down to each server installation.

 Snagit Capture

 

  • From the network share, copy the desktop shortcuts to LibrariesDocumentsPublic Documents on your 2012 server.

Snagit Capture

  • Once copied, open the Desktop_Icons folder, and copy and paste the icons found there to the public desktop (a hidden folder) which can be accessed at C:Userspublicdesktop (manually type this path in Windows Explorer as shown above to get to it).
  • Add or create other shortcuts as desired here so they will show on the public desktop.
  • By placing them on the public desktop, they will be there for all users, and will be preserved even when the server is sysprepped.

Snagit Capture

6)      When finished, your desktop will look similar to the above screen capture:

  • (My) Computer and Control Panel icons added to the desktop
  • Shutdown, Logoff, and Restart icons (which are shortcuts to the shutdown command) added to the desktop.  This is much quicker than having to access these options from the hidden menus on the left or right sides of the desktop, and it skips having to provide a reason for shutting down.
  • Shortcut to launch Disk Manager added to the desktop (add other shortcuts as desired)
  • Shortcuts to I.E., Run, and Command Prompt added to the taskbar
  • Desktop toolbar added to the taskbar
  • Background Info (BGInfo) provides for a blue background with the server name and other essential server specs on the desktop.  This will automatically refresh at each logon due to adding LaunchBGI.bat to Run in the system registry, and it can be refreshed manually at any time by clicking on the LaunchBGI icon on the public desktop.

Sysprep Suggestions

1)      When building a new gold image of a Windows 2012 server, include the above customizations before running Sysprep to allow cloned copies to boot with these modifications in place.  Most of the changes will be preserved in the sysprep image saving configuration time.

2)      Other suggested modifications you may want to consider making to a Windows 2012 image before sysprepping it to use as a gold image it include:

  1. Enable RDP
  2. Install Adobe Reader
  3. Using Roles and Features, install .Net 3.5 (set the path to <driveletter or UNC path>sourcessxs when prompted); Failover Clustering, MPIO, and Hyper-V
  4. Disable the firewall
  5. Disable I.E. security
  6. Disable User Account Control security (set to never notify)
  7. Fully patch the server
  8. If a physical server, run the applicable driver and firmware management/update utility to apply the latest drivers and firmware.
  9. Set the time zone to Central
  10. Install JRE (version of your choice, both the 32bit and 64bit versions)
  11. Other apps and features as desired

Sysprep Reposted from Microsoft

Sysprep Command-Line Options

7 out of 12 rated this helpful Rate this topic

Updated: October 20, 2013

Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2

Run Sysprep to prepare a Windows installation to be captured. This topic describes the command-line syntax for the Windows® 8 version of the System Preparation (Sysprep) tool.

If you intend to create an image of an installation for deployment to a different computer, you must run the Sysprep command together with the /generalize option, even if the other computer has the same hardware configuration. The Sysprep /generalize command removes unique information from your Windows installation so that you can safely reuse that image on a different computer. The next time that you boot the Windows image, the specialize configuration pass runs.

The following command-line options are available for Sysprep:

Sysprep.exe [/oobe | /audit]

[/generalize]

[/mode:vm]

[/reboot | /shutdown | /quit]

[/quiet]

[/unattend:<answerfile>]

The following table lists Sysprep command-line options:

Option Description
/audit Restarts the computer into audit mode. Audit mode enables you to add additional drivers or applications to Windows. You can also test an installation of Windows before you send the installation to an end user. For example:

Sysprep /audit

If you specify an answer file, the audit mode of Windows Setup runs the auditSystem and auditUser configuration passes.

/generalize Prepares the Windows installation to be imaged. Sysprep removes all unique system information from the Windows installation. Sysprep resets the security ID (SID), clears any system restore points, and deletes event logs. For example:

Sysprep /generalize /shutdown

The next time that the computer starts, the specialize configuration pass runs. The configuration pass creates a new security ID (SID).

/oobe Restarts the computer into OOBE mode. For example:

Sysprep /generalize /shutdown /oobe

OOBE enables end users to customize their Windows operating system, create user accounts, name the computer, and perform other tasks. Sysprep processes any settings in the oobeSystem configuration pass in an answer file before OOBE starts.

/mode:vm New for Windows® 8. Generalizes a Virtual Hard Disk (VHD) so that you can deploy the VHD as a VHD on the same Virtual Machine (VM) or hypervisor. After the VM restarts, the VM can boot to OOBE. For example:

Sysprep /generalize /oobe /mode:vm

The only additional switches that apply to VM mode are /reboot, /shutdown, and /quit.You must deploy the VHD on a Virtual Machine (VM) or hypervisor with the same hardware profile. For example, if you created VHD in Microsoft Hyper-V, you can only deploy your VHD to Microsoft Hyper-V VMs with a matching hardware profile. Deploying the VHD to a different VM with a different hardware profile might cause unexpected issues.

ImportantImportant
You can only run VM mode from inside a VM..
/reboot Restarts the computer. You can use this option to audit the computer and to verify that the first-run experience operates correctly.
/shutdown Shuts down the computer after the Sysprep command finishes running.
/quiet Runs the Sysprep tool without displaying on-screen confirmation messages. You can use this option if you automate the Sysprep tool.
/quit Closes the Sysprep tool without rebooting or shutting down the computer after Sysprep runs the specified commands.
/unattend:<answerfile> Applies settings in an answer file to Windows during an unattended installation, where <answerfile> specifies the path and file name of the answer file to use. For example:

Sysprep /audit /reboot /unattend:F:Unattend.xml

where F is the drive letter of the portable storage device on which the answer file (Unattend.xml) is located.

ImportantImportant
You must use the Sysprep /generalize command to generalize a complete Windows installation before you can use the installation for deployment to a new computer, whether you use imaging, hard disk duplication, or another method. Moving or copying a Windows image to a different computer without running the Sysprep /generalize command is not supported.

specialize

1 out of 1 rated this helpful Rate this topic

Updated: October 20, 2013

Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2

During the specialize configuration pass of Windows® Setup, computer-specific information for the image is applied. For example, you can configure network settings, international settings, and domain information.

The specialize configuration pass is used together with the generalize configuration pass. The generalize pass is used to create a Windows reference image that can be used throughout an organization. From this basic Windows reference image, you can add additional customizations that apply to different divisions in an organization or to different installations of Windows. Any method of moving or copying a Windows image to a new computer must be prepared with the sysprep /generalize command. For more information, see Sysprep (System Preparation) Overview and Sysprep Command-Line Options.

The following diagram illustrates how the specialize configuration pass is used to apply these specific customizations.

specialize configuration passFor example, during the specialize configuration pass, you can specify different home pages in Internet Explorer® for different departments or branches in your business. This setting will then override the default home page.

A Microsoft MVP’s 5 steps for passing certification exams

Source:
Pluralsight blog

A Microsoft MVP’s 5 steps for passing certification exams
By J. Peter Bruzzese
pass
So I was at TechEd 2013 in New Orleans last week and decided to take a Microsoft exam (because apparently I didn’t have enough to do with speaking at the event, writing up my weekly column for InfoWorld, attending sessions from the Exchange team and others, waiting in line for three hours for my $99 Surface RT and engaging in the largest meet-and-greet session of my year).

I took the 70-341 Exchange 2013 Core Solutions exam and passed, and TrainSignal said, “Hey, it sure would be great if you could tell our readers how you did it!”

Basically, when in doubt, always choose C.  I’m kidding (although I’m sure there is some truth to that).  Let me tell you honestly how I make the magic happen with passing Microsoft exams.

1. Lab work
You need to play with this stuff, folks. Watching video training is a great substitute if you cannot set up your own lab, but the best prep is when you can personally work with the solution you are testing on. And it isn’t enough to work with it in a job environment alone. That’s assuming the questions port directly to real-world scenarios, and they don’t always. Sometimes the questions are little obscure points or aspects of the solution you never, ever use in a production environment (and maybe nobody else does either).  So the personal lab work is key.

2. TechNet
Everything you need to know is already mapped out in TechNet. In fact, when an exam question creator is looking for something cool to put in a test question, they troll TechNet articles on the subject seeking the obscure. You can do the same to prepare for those types of questions. In addition, TechNet is an organized way to study by subject and see the PowerShell command stuff along with the topics (which is becoming more necessary for modern exams).

3. Testing software
Personally I like to use both Transcender and MeasureUp for my test prep.  Yep, both of them. Transcender has long explanations that teach and review material as you read why an answer is right or wrong, plus it has a cool flash-card-like tool. MeasureUp has shorter questions and explanations, but I feel like it mimics the exam better and gives me that visual correspondence to the real thing, plus it offers a cram PDF to download that is great for review.

4. Confidence metrics
During the test, I like to keep track of how many questions I think I answered correctly. When I press “Finish,” I like to know (to a degree) if I passed or failed based on those numbers.  I find that I’m usually wrong in my favor (meaning the ones I thought I had wrong I may have guessed right on).

5. Review sites
I look for folks who have already taken the test and are willing to offer helpful advice within the parameters of the disclosure they agreed upon when taking the exam.  Braindumps and such are discouraged big time, and they can actually get your certification revoked, so stay away from those.  But if you can find folks who can give you some helpful feedback, that is great.

I’ll let you in on a little secret: Even with all this prep, I fail exams at times. It happens, especially when there is no testing software available for it (as was the case with the one I took).

The biggest reason for a failure though is lack of preparation. When I first started taking tests, I was so prepared there was no question that I was ready. But after 30, 40, 50 tests, there are now times when I just don’t prepare enough or feel more confident than I should, and I end up seeing a red bar at the end rather than a green one.  It hurts, and it’s an expensive lesson. But I schedule the retake immediately (sometimes the very next day) and jump right back after it.

Hopefully these tips can help you to prepare for your next certification exam challenge. If you have additional tips to add, please convey them in the comments section below.

Happy testing!

Want more advice on how to pass your cert exams? Sign up for TrainSignal emails and get access to The Ultimate Guide to Preparing for IT Certification Exams.

About the Author
J. Peter Bruzzese

J. Peter Bruzzese (Exchange MVP, Triple-MCSE, MCT, MCITP: Enterprise Messaging 2007/2010) is an author with over a dozen titles sold internationally. He has written hundreds of articles, speaks at a variety of technical conferences held by Microsoft, 1105 Media, WindowsITPro and others and is the Enterprise Windows columnist for 3+ years for InfoWorld. Most notably, J. P. B. is a member of the Train Signal family and is our very own Exchange instructor.
©2015 Pluralsight

SQL Server 2014 Hits General Availability Repost

SQL Server 2014 Hits General Availability

The latest release of Microsoft’s database product, SQL Server 2014, became generally available on Tuesday, two weeks after being released to manufacturers.

In Microsoft parlance, general availability indicates a product can be purchased and used in a commercial setting. The SQL Server 2014 editions are described at this Microsoft “Buy” page.

Licensing details for SQL Server 2014 can be found in Microsoft’s “Licensing Datasheet” publication (PDF), but it’s an abbreviated description of the terms. Microsoft’s more detailed April “Product Use Rights” document for SQL Server 2014 can be found at this link.

SQL Server 2014 is now available for download as a 180-day free trial version through Microsoft’s TechNet Evaluation Center here.

Also reaching general availability on Tuesday is the SQL Server Backup to Microsoft Azure Tool, which lets organizations with older versions of SQL Server tap the Microsoft Azure service for backup purposes. That tool might be available at this link, but at press time an Oct. 25-dated version was the only download option. The Microsoft spokesperson explained that Microsoft is “working to get the [general availability] bits officially uploaded by end of this week.”

Licensing Changes
The new licensing changes in SQL Server 2014 will affect organizations mostly in terms of their Software Assurance (SA) coverage. Those details are best described so far by Rob Horwitz in “Licensing Changes for SQL Server 2014,” a publication that’s freely available for an unspecified period of time. Horwitz is co-founder of Directions on Microsoft, a Kirkland, Wash.-based independent consultancy focused on Microsoft technologies.

SQL Server 2014 has the same editions and pricing as SQL Server 2012, according to Horwitz. He cited a few instances where organizations may face SA costs associated with the new SQL Server 2014 licensing.

For instance, Microsoft once allowed an exemption for instances of SQL Server that were used for passive failovers. Now, a passive failover machine “explicitly requires SA” coverage, according to the Directions on Microsoft publication. Organizations also likely face this circumstance if using older versions of SQL Server.

“However, dropping SA not only precludes the ability to use or claim passive failover rights for deployments of SQL Server 2012 or 2014 but it likely does the same even for deployments of older versions,” Horwitz wrote. And that restriction may also pertain to organizations exercising SQL Server downgrade rights, he added.

The one solace in this licensing change is that the AlwaysOn Availability Groups technology used for high availability in SQL Server 2014 doesn’t use passive servers, “therefore, the passive failover exemption does not apply,” he explained.

Editions of SQL Server 2014
Organizations wanting some of SQL Server 2014’s new and improved technologies, such as its in-memory online transaction processing and high-availability features, can only get them by buying the SQL Server 2014 Enterprise edition, Horwitz noted. Microsoft also offers a Business Intelligence edition and a Standard edition of SQL Server 2014. The Enterprise edition is licensed by counting cores. The Business Intelligence edition is licensed by Server and Client Access Licenses (CALs). The Standard edition can be either licensed either via Server plus CALs or per core.

The Standard edition of SQL Server 2014 has access to 128 GB of physical memory, which is double what was available under SQL Server 2012 licensing, but its buffer pool is limited to “four times the RAM available to SQL Server,” per Horwitz. The Enterprise edition, on the other hand, supports 2 terabytes of RAM or more, and “up to 32 times the RAM managed by SQL Server.”

Microsoft is working to appease its customers, somewhat, by expanding the memory support in the Standard edition, according to Horwitz. The previous memory limitation had caused “significant consternation in the SQL Server community,” he wrote.

Microsoft added “a waiver for batch jobs” with regard to requiring CALs with the Business Intelligence edition of SQL Server 2014. It corrects a licensing issue where all clients feeding data to the Business Intelligence edition might have required having CALs.

“By correcting a serious deficiency in SQL Server BI edition’s original licensing model, the CAL waiver could make BI edition more attractive to customers as a departmental BI solution,” Horwitz explained.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Microsoft Pushes Next Windows Server, System Center Releases to 2016

Source: Redmond Channel Partner Online

Microsoft Pushes Next Windows Server, System Center Releases to 2016

The next releases of Microsoft’s Windows Server and System Center products will not appear until 2016, Microsoft said on Friday.

The announcement represents a departure from Microsoft’s general pattern of releasing its Windows client and Windows Server products in close proximity to one another. The Windows 10 client product is expected to arrive in the latter half of this year.

While the next System Center suite of products is now expected to get released in 2016, Microsoft seems to be making an exception with the System Center Configuration Manager (SCCM) component. The next SCCM product will ship a bit earlier to coincide with the release the Windows 10 product, according to Microsoft’s announcement. That means the next SCCM product will be available late this year.

Back in September, Microsoft had indicated that the next SCCM release would deliver “full support for client deployment, upgrade, and management of Windows 10.” Microsoft is also planning to extend those same Windows 10 deployment, upgrade and management capabilities to System Center 2012 R2 and System Center 2012 Service Pack 1 SCCM editions.

On the other hand, SCCM used with System Center 2007 versions R2, R3 and Service Pack 2 will just have the ability to manage Windows 10. Those 2007 SCCM versions won’t have deployment and upgrade capabilities for Windows 10, according to that September announcement.

Microsoft also plans to update its Microsoft Deployment Toolkit with support for Windows 10. The Microsoft Deployment Toolkit is a free set of tools that can be used for packaging desktop and server deployments.

Of course, Microsoft also has its Intune mobile device management service, and it also will be updated to support Windows 10.

Microsoft said back in September that it was delaying the preview release of its next-generation SCCM solution until sometime in the first half of 2015. Microsoft’s early System Center preview releases have tended to be fragmentary and they have lacked a lot of capabilities. The company originally had released “early pre-release builds” of its next-generation System Center and Windows Server products back in October.

Additional preview releases of Microsoft’s next-generation Windows Server and System Center products will roll out throughout this year, according to Microsoft’s announcement. The next preview release is planned for this spring, so that might be when the next SCCM preview will be available. Microsoft will be kicking off its big Ignite show in May, which combines multiple Microsoft IT pro events into one, so an SCCM preview possibly might be available around that time frame.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

MICROSOFT’S FREE SECURITY TOOLS – SUMMARY (2012 repost)

October 4, 2012 – Tim Rains – Director, Cybersecurity & Cloud Strategy

In July, we kicked off a blog series focused on “Microsoft’s Free Security Tools.”  The series highlights free security tools that Microsoft provides to help make IT professionals’ and developers’ lives easier.  A good tool can save a lot of work and time for those people responsible for developing and managing software. In the series we discuss many of the benefits each tool can provide and include step by step guidance on how to use each.  Below is a summary of the tools covered in the series and a brief overview of each.

Anti-Cross Site Scripting Library

The Microsoft Anti-Cross Site Scripting Library V4.2.1 (AntiXSS V4.2.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique — sometimes referred to as the principle of inclusions — to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.

Learn more  |  Download Tool

Attack Surface Analyzer

Attack Surface Analyzer can help software developers and Independent Software Vendors (ISVs) understand the changes in Windows systems’ attack surface resulting from the installation of the applications they develop.  It can also help IT professionals, who are responsible for managing the deployment of applications or the security of desktops and servers, understand how the attack surface of Windows systems change as a result of installing software on the systems they manage.

Learn more  |  Download Tool

banned.h

The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.

Learn more  |  Download Tool

BinScope Binary Analyzer

The BinScope Binary Analyzer tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying / managing. Auditing the software deployed in an environment and determining if it is making use of security mitigations can help risk managers make more meaningful assessments.

Learn more  |  Download Tool

Enhanced Mitigation Experience Toolkit (EMET)

EMET it is a free toolkit that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by allowing developers to enable some of the latest mitigation technologies already built into Windows.  The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.

Learn more  |  Download Tool

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.

Learn more  |  Download Tool

Microsoft Safety Scanner

The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy to use and packaged with the latest signatures, updated multiple times daily.  The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly.

Learn more  |  Download Tool

Microsoft Security Compliance Manager

Microsoft’s Security Compliance Manager (SCM) enables organizations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications.   It makes it easier for organizations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure.  With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organization and export them to a number of formats for use in different scenarios.

Learn more  |  Download Tool

Portqry

Portqry is a TCP/IP connectivity test tool, port scanner, and local port monitor.  Portqry is designed to help IT Professionals troubleshoot networking issues as well as verify network security related configurations.  Portqry is a great lightweight port scanner regardless of what version of Windows you are running.

Learn more  |  Download Tool

Threat Modeling Tool

The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle.  To help make threat modeling a little easier, Microsoft offers a free SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.

Learn more  |  Download Tool

URLScan Security Tool

URLScan is a security tool that restricts the types of HTTP requests that IIS will process. URLScan scans incoming URL requests and associated data. It uses a series of rules to determine whether the information in each request is potentially dangerous, or contains information not normally expected.  To help you diagnose any potential problems and any attempts to upset your server, URLScan can also log requests—including the offending request data. By blocking specific HTTP requests, the URLScan security tool helps to prevent potentially harmful requests from reaching applications on the server.analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.

Learn more  |  Download Tool

Windows Defender Offline

Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC.  Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.

Learn more  |  Download Tool

Please check back regularly as we continue our series focused on Microsoft’s Free Security Tools.

Tim Rains

Director

Trustworthy Computing

About the Author

Tim Rains

Director, Cybersecurity & Cloud Strategy

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »