The testing that I have been doing of the SSLF baseline for XP workstations has been a fun challenge.
-Creating a new DC in a virtual environment
It seems as though even in a virtual environment, Microsoft still has to be a pain to work with at times. I know that this is a surprise. On Tuesday, I had successfully crashed my virtual DC (with some strange mutations visible in the RSOP prior to crash), which was followed by the fact that even after promoting my member server to a DC, I was still not able re-join my test workstation to the domain. Although it should have been a simple issue of moving the workstation into a workgroup and then back to the domain, it wasn't! The steps I had to take to re-create my virtual network are:
1) Create another virtual machine and install Server 2K3.
2) Remove all roles from original member server
3) Remove member server from domain (workstation already moved back to workgroup)
4) Run 'DCPROMO' on new server, setting up AD and DNS (a new subnet range had to used)
5) Move member server into new domain (Step 4 was done twice, with a new domain name used the second time. While I tried to keep the original domain name, this was unsuccessful. The MS an WS could ping, but not join to the domain.)
6) Establish roles on MS
7) Move workstation to new domain
It has been some time since I have done any major network admin. However, becuase I had to do some strange additional steps, I wonder if:
a) VMWare maintains a permenant routing table for bridged virtual networks?
b) even without doing any transfers, using images, shouldn't I have been able to just add at least the workstation ot the new domian through the progression: old domain->workstation->new domain?
In any event, it was right back to the SSLF adventure after this point.
Showing posts with label XP. Show all posts
Showing posts with label XP. Show all posts
Thursday, April 23, 2009
Tuesday, April 21, 2009
Side Project - SSLF Baseline
Has anyone ever really tested how the SSLF baseline for windows workstations affects different software products and comm pipes used on the network? I have had so many experiences with the SSLF "breaking" this or that client/server application, and yet the documentation available is minimal. Anyone can find what each setting means and does. The problem is that most commercial software is not well documented at the lower layers
So one of my side projects is to test the SSLF baseline in a virtual environment and to see how each setting affects whatever product I am using at that time. I think that this is going to turn into a long-term project as there is a large number of security applications that I want to test against this baseline.
So one of my side projects is to test the SSLF baseline in a virtual environment and to see how each setting affects whatever product I am using at that time. I think that this is going to turn into a long-term project as there is a large number of security applications that I want to test against this baseline.
Subscribe to:
Posts (Atom)