Archive for the ‘Admin Tools and Tips’ Category

The Top 10 Open Source Tools for Windows

There are several amazing tools from Microsoft available at your disposal if you’re interested in improving your server-side experience. But sometimes, it pays to go straight to the source, or the open source, in this case. You will find plenty of open source tools that exceed the capabilities of what Microsoft offers to support Windows SharePoint, SQL, Server, and Exchange. The best part? They can all be accessed for free. So, without further ado, let’s check out the ten best open source tools for your Windows OS-based systems below:

MailArchiva

http://www.linuxlinks.com/portal/content/reviews/Web/DataWarehouse/Screenshot-MailArchiva.png
The MailArchiva server is used for email archiving, compliance server, and email discovery. This open source tool lets you archive any mails passing through popular mail servers. This means auditors and employees will find it easy to scour through millions of emails. Available in ISP, cloud, and on premise options, MailArchiva’s updated interface is eye-catching.

AMANDA

This is the most popular Open Source Backup and Archiving software in the world. AMANDA (Advanced Maryland Automatic Network Disk Archiver) lets System Admins set up a single backup server to support Windows servers and desktops over the network to a wide range of media, such as disks, optical media, or tape drives. This tool makes use of native archival tools to back up a wide range of servers and workstations running different versions of Microsoft Windows OS.

WireShark

A Windows-based network protocol analyzer, WireShark presents interesting opportunities for developers and enthusiasts. WireShark allows you to control traffic flow and deal with irregular HTTP requests. The returned data set might appear complex at the start, but filters can be enabled to show you only what you require. You receive detailed data on the target port, the source port, and the source and target ports. You can even check the packet data and gain information about the physical network controller in charge of processing. WebShark allows you to understand how content used on different applications and websites is transmitted via open channels with no authentication. You can even use those channels to your advantage. WireShark allows you to ensure the correct applications gain access to the correct resources. The software does not occupy a lot of space, nor does it consume a lot of resources. It runs smoothly in the background alongside other processes.

Process Hacker

This feature-packed tool allows you to monitor and hack ongoing computer processes. The interface is clean and well-designed and offers a wealth of information on any process, including what memory it consumes. These details can be copied and edited. It exceeds regular Windows functions by allowing you to locate and kill hidden processes. Though available only on 32-bit systems, it helps uncover spyware, viruses, and undocumented Windows processes.

UltraDefrag

https://upload.wikimedia.org/wikipedia/commons/0/09/Ultradefrag.png
This is a Windows open source tool that can defrag paging files, system files, and registry hives. This tool is updated regularly to make sure it performs at peak condition. This tool is supported by any operating system after Windows NT 4.0, including the newest Windows 10. UltraDefrag is a must-have tool for any Windows environment.
BlackBox
If you are on the lookout for a quick, lightweight X Window manager, without library dependencies, BlackBox is your answer. This tool, built using C++, contains original code. Lots of screen estate means you’re able to add many devices and tools from other environments. BlackBox has no flashy features – it manages Windows. It’s that simple! Still, the flexible nature of this tool allows you to expand the default functionality via numerous third-party tools. You will not find a taskbar in Blackbox; instead, you can clean up the desktop using multiple desktops and Windows shading.

Exchange Server RBAC Manager

The RBAC (Role Based Access Control) permissions model is used by Exchange Server to handle various permissions for Exchange administrative functions. You use RBAC not just for applying a least-privilege approach to Exchange administrative permissions, but also for granting permission to end users to do tasks like managing their personal distribution groups. This tool overcomes the lack of a GUI tool, so you can work with the new role-based administration in Exchange. Regardless of your knowledge on PowerShell, admins can use this open source tool to connect.

OCS Inventory

https://images.g2crowd.com/uploads/attachment/file/33500/OCS_20Inventory_20NG_screenshot3.jpg
Do you wish to locate all the devices connected to your network? Are you having a tough time keeping track of all the hardware and software you’ve got installed on your systems? Then OCS Inventory NG (Next Generation) is the perfect open source tool for you. To operate it, however, you must install the OCS Client Inventory agent in your computers. You can then compile all the data into a repository for easy visualization and search functions.

Core Configurator 2.0 for Server Core

Core Configurator 2.0 is a powerful tool for server administrators, who wish to configure the Windows Server installations quickly. This design of this tool allows for the configuring of important Windows parameters, like update policy, licensing, and networking features, in a single interface. The Core Configurator 2.0 may be used for changing the server roles and features or the firewall rules via the same interface. Advanced users also have the power to adjust the ISCSI settings, so they can easily add or remove system components, including drivers and programs. This tool proves most useful when you’re required to configure numerous servers within a limited period.

AutoSPInstaller for SharePoint

https://zieglers.files.wordpress.com/2013/12/5-autospinstaller-installing-sp-updates.jpg
If you’ve ever used SharePoint, you’re aware of how the naming of the SQL databases is in a total state of disarray after the installation. This results in large GUID database titles that do not remain consistent. This is where AutoSPInstaller comes into the picture. This open source tool uses a combination of scripts to install SharePoint, which ensures the database names stay clear. This tool can also be used for validating any service account and password, creating managed accounts, forming a new server farm or joining an existing farm’s server, applying latest updates, and creating specified web applications.
Open source software for Windows is more effective than you think. This group of tools continues to fuel a boom in the enterprise technology development industry.

 

Author Rahul Sharma

Source:
http://www.computerworlduk.com/galleries/it-vendors/15-essential-open-source-tools-for-windows-admins-3333001/
https://dzone.com/articles/why-tools-wireshark-are
http://www.pcworld.com/article/232472/process_hacker.html
http://blackboxwm.sourceforge.net/AboutBlackbox
https://wiki.zmanda.com/index.php/Main_Page
http://practical365.com/exchange-server/exchange-server-role-based-access-control-in-action/
https://www.c5insight.com/Resources/Blog/tabid/88/entryid/586/using-autospinstaller-to-build-a-three-tier-sharepoint-2013-farm-part-1.aspx

Step-by-Step Guide to Reducing Windows 10 On-Disk Footprint

It is true that Windows 10 has a relatively small footprint when compared to the older versions of Windows. Even so, if what you have is a Windows laptop or tablet with a low amount of storage, even a small amount of savings matters.

Consider the fact that a fresh install for Windows 10 takes up storage space of about 15 GB. Most of this 15 GB is composed of reserved and system files, whereas a space of 1 GB is taken up by the default games and apps that come pre-shipped with Windows 10. While that may not seem like a lot, when using a low-end laptop with 32 GB or 64 GB memory, this represents a significant amount of storage space for the OS.

Windows 10’s footprint can be reduced by various means, including disabling hibernation, uninstalling the default apps and adjusting the virtual memory settings. All of these settings can be used for the previous versions of Windows, apart from uninstalling the apps that come installed by default with Windows 10.

win10 v

source: http://www.disk-partition.com/windows-10/images/move-free-space-windows-10/extend-partition-grayed-out.gif

How to uninstall the default apps that come with Windows 10

The apps that come installed with Windows 10 do not really take up much space. However, even this storage adds up and causes the Start menu to clutter up. The apps that are not needed can be uninstalled. These are the steps to uninstall the default apps.

  1. Open Settings from the Start Menu
  2. Click on System
  3. Now click on storage and subsequently, select the C drive
  4. Now choose and click the option for Apps and Features
  5. Now click on any app and then click the Uninstall button to have the app uninstalled
  6. Some of the apps, such as Mail and Calendar, Xbox, Groove Music, and Maps cannot be uninstalled from here. These have to be uninstalled using PowerShell commands.

win10 1
source: http://www.nextofwindows.com/wp-content/uploads/2015/05/Settings-default-apps.png

Turn Off Hibernation
What happens during hibernation is that Windows saves the current state of your computer in terms of the executing programs and open documents to the storage drive so that you can resume the work when you switch on the computer. If you do not use hibernation mode, the mode can be disabled and the hiberfil.sys file can be deleted. This can be quite useful because the hiberfil.sys file takes up several gigs of storage space.

  • The first step is to open a command prompt in Administrator Mode by doing a right-click on the Start button in Windows and subsequently choosing the option for the Command prompt.
  • If the User Account Control raises a question on whether the Command prompt should be opened, click Yes.
  • Type in the command powercfg with the specifiers as -h and off.

These steps ensure that the hiberfil.sys file on your computer is deleted. It will also remove your option used to put your system into hibernation. You still have the ability to place your computer in sleep mode, which gives you the ability to save the state of your computer into memory instead of on the hard drive. This maintains your computer in a power-on state but which is, however, low power.

win10 2

source: https://www.groovypost.com/wp-content/uploads/2015/07/sshot-62.png

Change the Size of Virtual Memory

The basic concept of virtual memory is that if your computer has physical memory that is insufficient to execute an operation or run a program, Windows will execute data moves temporarily to a paging file present on the hard disk from RAM memory. These are the necessary steps.

  1. Open the Control Panel by searching for the item on the Start menu
  2. Click on System and Security
  3. Then click on System
  4. Now, click on Advanced System Settings from the left menu
  5. Go into the Advanced tab and click on the button called Settings from within the Performance section
  6. Now, go into the Advanced tab and click on the Change button from within the Virtual memory section
  7. Now, uncheck the box next to the option for “Automatically manage paging file size for all drives”
  8. Select the option for Custom size. Then enter the maximum and initial sizes that you desire to be limits for the file’s growth. Now hit Set, followed by OK to finish.

As an alternative, you may select the option for “no paging file” or instead leave it to the system to manage file size. For reasons related to performance, you should always use a paging file.
These steps can help you free up to a few gigabytes of space on your hard drive by limiting the amount of space that is taken up by Windows on your computer.

win10 3

source: http://cdn.makeuseof.com/wp-content/uploads/2015/01/Virtual-Memory.png
Recovery

Unlike previous versions, Windows 10 does not require or use a recovery image. Simply by eliminating the system’s recovery image, users can get up to 4 GB of storage back. The way Windows 10 is implemented, the OS uses the files present in the system already. To be more specific, the files can be found in the winsxs subfolder inside the Windows folder.
Having said that, there is indeed one more additional component in the form of a compression mechanism known as Compact OS. The way this tool works is that it takes the Windows 10 files and places them into a hidden container where they are actually compressed. This helps to reduce the amount of space required. This method is an exact replacement for WIMBoot, which came in as a part of Windows 8.1. Compact OS is a lot easier to both configure and deploy. This is how to run Compact OS:

  • Given the fact that Compact OS is a command line-based tool, you are required to invoke the Start Menu, do a search for Command Prompt, do a right click and invoke the option for Run as Administrator.
  • Then, type COMPACT.EXE with the CompactOS always option and hit Enter.

This tool will start the operation of the process, which will take between 10 and 20 minutes. What is even better is that we do not even need to restart the computer.

Author: Rahul Sharma

 
Sources:
http://www.laptopmag.com/articles/reclaim-disk-space-windows-10
http://www.windowscentral.com/how-reduce-windows-10-footprint
https://blogs.technet.microsoft.com/mniehaus/2015/09/16/windows-10-reducing-the-disk-footprint/
http://www.cio.com/article/3138833/windows/how-to-reduce-windows-10s-on-disk-footprint.html

 

7 most talked about Hyper-V features in Windows Server 2016

Microsoft has put a lot of effort into reshaping Windows for the modern cloud environment. These changes have affected the Hyper-V hypervisor as well. Launched in 2008, Hyper-V underwent many significant improvements over the years with every new iteration of Windows Server, and now that the 2016 edition has launched, it’s time to take a look at the best additions that are in store for its users.

1. Nested Virtualization

According to Jeffrey Snover, the architect of Windows Server, the aim was to transform Windows into a “cloud OS”. And no cloud innovation is complete without virtualization. However, virtualization is old news. It doesn’t really fit the bill when we’re discussing ‘new’ features. On the other hand, nested virtualization does fit as a new feature!

So what exactly is nested virtualization? Well, for starters, it enables you to run Hyper-V as a child virtual machine (VM). This allows it to function as a host server as well. In the end, you’ll end up with one Hyper-V server running atop another Hyper-V server. Training, testing, development – the application of two layers of virtualization occurring at the same time are endless.

 
Windows 2016 Hyper v Nested virtualization
http://www.altaro.com/hyper-v/wp-content/uploads/2015/12/NestedVirtualzation.png

Nested virtualization will play a major role in test environments. Many organizations struggle to find a way for their workforce to train properly in the latest virtualization technologies. IT professionals can now nest Hyper-V to simulate whole virtualized environments, minus the huge cost of dedicated equipment.

Another essential area where nested virtualization is going to shine is containers. You can think of these containers as a sort of mini virtual machine that focuses only on applications. Rather than virtualize the entire OS, the container offers an isolated environment where the application can easily reside. They do not have to worry about the overhead of a VM.

2. Priority Changes to VM Memory and Virtual Network Adapters

Users have always wanted the choice of adding or removing adapters, and Microsoft seems to finally have listened. Windows Server 2016 Hyper-V no longer has you restarting or switching off Gen 2 VMs to add or remove the adapter. You also get a chance to adjust the memory even when the dynamic memory hasn’t been correctly enabled. This feature is applicable for both Gen 1 as well as Gen 2 VMs.

3. Discrete Device Assignment (DDA)

Windows 2016 Hyper v Storage Server
https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/50/45/StorageServer.png

This new feature available in Hyper-V is great for users who want some of their PC’s Peripheral Component Interconnect (PCI) Express devices to pass directly through to the virtual machine. Since the VM is able to get direct access to the PCI device, performance gets enhanced considerably. The virtualization stack is also bypassed.

4. PowerShell Direct

Windows 2016 Hyper v Powershell
https://i0.wp.com/www.thomasmaurer.ch/wp-content/uploads/2015/11/PowerShell-Direct-Invoke-Command.png

This feature is indispensable for any user who wants to manage a virtual machine running Windows Server 2016 remotely. You need to issue PowerShell commands using the VMBus, but you no longer have to worry about the remote-management settings or the network configuration of the VM or host.

Remote PowerShell is an amazing scripting and automation tool, but it’s often difficult to set up and maintain. Some users feel that the firewall configurations, the domain security policies, and the lack of shared network settings hurt the performance of the Hyper-V and prevent it from communicating with the VMs running on it. PowerShell Direct is the ideal solution for these kinds of problems. It ensures the same automation and scripting experience as remote PowerShell but with the added benefit of a zero configuration experience that is achievable only with VMConnect.

5. Checkpoints for Production VM

This feature was earlier called snapshot, and involves checkpoints in Hyper-V taking a snapshot of the virtual machine’s current state. This is extremely useful when it comes to test or developer restorations. However, earlier snapshots didn’t factor the Volume Shadow Copy Service (VSS) into the equation, and thus fell short of being a great backup utility during production. However, the new checkpoints include VSS, which means they can be run in production. VSS in Windows Server 2016 Hyper-V is useful for creating a data-consistent version of the virtual machine to use in case of backup. There is no longer any need to take a snapshot of the existing VM memory state. Though the production checkpoints are chosen by default, it is possible to change them easily using either PowerShell or Hyper-V manager.

6. Shielded Virtual Machines and Virtual TPM

Windows 2016 Hyper v VM
https://4sysops.com/wp-content/uploads/2015/11/Trusted-Platform-Module-in-Device-Manager-on-a-Windows-10-VM.png

The virtual Trusted Platform Module (TPM) enables you to encrypt your virtual machine using the BitLocker technology from Microsoft Corp. Think of it as encrypting the physical drive of your personal computer using physical TPM – the basic principle behind the two is the same! On the other hand, shielded virtual machines run in fabrics and remain encrypted through BitLocker. In this case, a virtual TPM is necessary. The VM shares the ability of the TPM to stop any malicious access to your machine.

7. Host Resources Protection

Virtual machines are often quite unreliable and don’t play well with others. However, this feature prevents the VM from using anything other than the resources that have been allotted to it. VMs are monitored for additional activity and if any VM is detected, it is going to be penalized by being assigned fewer resources, so as not to affect the performance of the other VMs.

This is a good thing as infected virtual machines often run at 100 percent CPU load without warning, and cause problems in the neighboring virtual machines or even the Hyper-V host. You will have to keep in mind that this feature needs to be applied to the host rather than on the individual VMs. Moreover, the default setting disables it. You can enable host resource protection on the host with the help of the Windows PowerShell Set-VMProcessor command.

These are the seven most crucial new features that you’ll find in Hyper-V for Windows Server 2016. They improve your performance and make the whole system efficient.

Author: Rahul Sharma

Sources:
http://www.infoworld.com/article/3108385/windows-server/the-top-7-new-hyper-v-features-in-windows-server-2016.html
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/checkpoints
https://blogs.technet.microsoft.com/virtualization/2015/05/14/powershell-direct-running-powershell-inside-a-virtual-machine-from-the-hyper-v-host/
http://www.altaro.com/hyper-v/nested-virtualization-hyper-v-windows-server-2016/
http://www.theregister.co.uk/2016/01/29/whats_new_in_hyperv_in_windows_server_2016/
https://mikebarratt.net/2016/10/19/host-resource-protection/

10 Windows Group Policy Settings – Must Get Them Right

If you are responsible for ensuring Windows 10 security in your organization, here are some of the lesser-known group security policy settings you need to be aware of. Ensure you get them right, always.
https://assets.wired.com/photos/w_1423/wp-content/uploads/2015/08/windows10-microsoft-story.jpg

1. Use Kerberos and NTLMv2 instead of NTLMv1 and LM protocols

Kerberos and NTLMv2 authentication protocols are much more secure than the legacy NTLMv1 and LM (LAN Manager) authentication protocols. Keep your Windows patched up, and use the latest protocols to stay safe.
ntml keberos
http://support.risualblogs.com/blog/files/2015/03/032615_1128_NTLMvsKerbe1.png

2. Change the Admin Account Name

Guess what’s the default name for the administrator account for Windows 10? Yes – Admin. So, when you’re making attempts to prevent communication of other users’ account names, why let yours be such a publically known fact. Change the administrator account name, and you’ll be leaps ahead of amateur hackers who bank on being able to access machines with the basic default security settings.

3. Guest Account – Strict NO

A guest account is a pretty spacious crack in the security wall of your Windows 10 system because it enables violators to identify and access a whole lot of information you’d otherwise not want to go out. The best solution – don’t enable guest accounts (which don’t require a password). By default, the guest account is turned off, which is a sigh of relief.

4. Leverage Fine-Grained Password Policies

On Windows, anything less than 12 characters is a risky password, that’s what the world has agreed to over the years. For elevated user accounts, make it at least 15 characters. With a 15 character password, you can be as much as totally sure that the password won’t be hacked through bots.
However, with group policy settings, the minimum password length you can enforce is only 14 characters. Here, Fine-Grained Password Policies come to the fore. From Windows Server 2012 onwards, the Fine-Grained Password settings are accessible via GUI, and hence, more conveniently usable.
Fine-Grained Password policies can be used to specify more than one password policy in a single domain. Different users on a domain can be governed by different account lockout and password lockout policies. Make it a point to apply the strictest settings to privileged accounts. Consider applying special password policies for accounts that have passwords in sync with other sources of data.
container
http://cdn.techgenix.com/media/upls/image001_467.png

5. Password Expiration

The job of anybody on an organizational system and data security team is to strike a balance between security best practices and user experience with access and passwords. If you are able to implement the ‘minimum 15 character password’ rule, you can consider extending the default password expiration duration from the default 42 days. Something around 90 days is a safe option for 15 character passwords. Anything lower, and you need to go strict on the password expiration; we suggest you keep it set to default 42 for 13 and 14 character password setting.

6. Don’t store LM password hash strings on disk

Did you know – LM password hash strings are stored on the disk. Also, hackers can access these strings, and construct the plaintext passwords from them. Imagine the kind of security threat this can translate into for your Windows 10. As a safeguard, disable the storage of LM password hashes on the disk.

7. Use Event Logs for Immediate Recognition of Security Breaches

It’s surprising how even seasoned Windows system administrators forget or ignore using this super beneficial option. Not only do event logs enable swift identification of security breaches, but they also help you to channel your actions towards resolving the root cause of the violation. Microsoft Security Compliance Manager recommends a set of settings relevant for event logs to help you keep your Windows OS setup safe. Also, make it a point to use audit subcategories, and not the legacy category settings.

8. Wi-Fi Settings You Need to be Careful With

Windows 10 pulls off some surprises in terms of Wi-Fi settings. Go to Settings > Network & Internet > Manage Wi-Fi Settings. Here, we recommend that you switch off access to public hotspots since they are a known method used by hackers to attack Windows systems. Also, keep network sharing disabled, so that there are no inadvertent events such as a user sharing network access with social media friends.

9. User Account Control

User Account Control is among the most noteworthy protection tools in Windows, especially for users with web access. However, it’s commonplace for users to turn off the UAC, mostly because of the compatibility problem messages that they keep on being pestered with. Whereas Windows 10 eliminates these compatibility issues, you can also consciously use Microsoft’s free application compatibility utility to overcome compatibility issues. By default, User Account Control is enabled in Windows 10; make sure you don’t turn it off. Without UAC, you’re as good as using a primitive operating system.

10. Restrict Sharing of Account Information with Apps

Windows 10 gives you a pretty useful setting that you can use to restrict users from allowing applications to access their account details such as user name and profile picture. Some applications can even access domain information, which makes them a headache for Windows 10 security teams. Go to Computer Configuration. In the Administrative Templates option, you will see System > User Profiles. This is where you can restrict the sharing of account details with applications, keeping firmer control over what’s communicated to external apps.

A bonus tip – Remember the days when anybody could query the Security Identifiers for important users, groups, and security objects to unveil a lot of important information about Windows? Well, Windows 10 comes with SID enumeration turned off by default. Also, anonymous access to an ‘everyone’ group is, by default, disabled. It’s a conscious step from Microsoft to foil hacking attempts made by hackers who know of this known issue with legacy systems. So, if you plan to play around with this setting, do so after acknowledging the risks.

Author: Rahul Sharma

http://download.cnet.com/blog/download-blog/a-guide-to-windows-10-security-settings/
https://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx
https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM
https://support.microsoft.com/en-us/instantanswers/1ad94232-180e-42c3-9a43-70ba9a4ac5ca/where-is-action-center-in-windows-10

10 indispensable PowerShell security scripts for Windows administrators

Out of numerous Windows admin tools, PowerShell is one of the most valuable tools. It offers scripting language flexibility and command line speed, making it incredibly effective to automate important security chores. Using PowerShell, Windows administrators gain the ability to automate various tasks, like managing users, deploying patches, and rotating logs. Using PowerShell isn’t difficult, once you get the hang of it. In fact, you can use it for both security-based jobs and certain Windows administration tasks. Do you want to monitor attack activities or need to manage your certificates? PowerShell has you covered.
Due to the versatility of PowerShell, it’s not unusual for someone to create a PowerShell module or script that focuses on security. Windows admins enjoy access to a wide range of scripts from the community, capable of handling security tasks of varying magnitudes. This covers everything from network forensics to penetration testing, certificate management to event logging. Below we’ll take a look at how the endless potential of PowerShell security scripts proves indispensable to Windows admins, and discuss the 10 best ones among them.

 

1. List $Profile

The actual user connected to the machine is dubbed “user.” On the other hand, “host” is used for the host application that connects to the PowerShell engine. Thus, a single host can have different profiles, and each one of them has an associated file stored in a specific location. For easy maintenance and security, a single file can be used for managing multiple profiles. All the user needs to do is add conditions to this file to prevent a non-supported command from being executed by the “host.” There are lots of people who’d be more comfortable separating the profiles into individual files. This would free them from the burden of having to maintain a PS1 that is extremely complex.

 

2. Add-PSSnapIn

Windows PowerShell security script allows for the creation of custom profiles. These profiles support snap-ins and modules. Though this slows down the start-up time of the PowerShell console, it bodes well for the security of your system.
PowerShell profiles assist with system administration, but being just a PS1 file, it remains exposed to the risk of malicious code. Even when the default location is in a user’s directory and the file remains protected from access by all users, it can be changed to execute commands without your knowledge. To prevent this from happening, you can do two things – either you can make use of NTFS permissions to set limits on modifying permissions for these files, especially for the admin account or you can sign the file digitally and then configure PowerShell in a way that it employs a more restrictive strategy for execution. The recent PowerShell versions add an extra layer of security by helping users set up their choice of strategic security.

 

3. Get-ExecutionPolicy

Suppose you are working on a server that is entirely unknown to you. In this case, you first need to know what sort of execution policy is currently being used before you try to run some script. Finding out this information is easy when you use the command Get-ExecutionPolicy.

 

4. Get-EventLog

powershell 1
http://windowsitpro.com/site-files/windowsitpro.com/files/archive/windowsitpro.com/content/content/99879/figure1.jpg
PowerShell may actually be used to parse the event logs present in your system. Though there are several ways to go about this process, the best one for this particular command is just to offer the –Log switch accompanied by the log file name. For example, you can use commands like Get–EventLog –Log “Application” to view the Application log. You then need to filter the output and understand whether your system is safe or not.

 

5. Get-Service

Foreachservice
https://redmondmag.com/articles/2016/01/22/~/media/ECG/redmondmag/Images/2016/01/ForEachService_Fig1.ashx
When you give this command, it offers up a list of every service that is currently installed on your system. If you think that a particular service is worth checking out for security, then it’s possible to append the “–Name” switch as well as the service name. You’re allowed to use wildcards. Once you’re done, you’ll be shown the state of the service by Windows.

 

6. Get-Process

getprocess
https://i-technet.sec.s-msft.com/dynimg/IC308319.jpg
Unlike the Get-Service command in PowerShell, which displays a list of the different system services at your discretion, Get-Process command, if used capably, can display a whole list of each and every process that the system currently runs.

 

7. Stop-Process

It is not uncommon for a particular process to lag or freeze up from time to time. This is often a nuisance and causes a lot of problems. To prevent this, use the Get-Process command so that you have the process ID or name of the program that didn’t respond. You can then terminate this problematic process using the Stop-Process command. A process can be terminated based on its process ID or name. However, you should understand that the process ID changes from one session to another.

 

8. Digital Signature

The TimeStampServer command helps you verify whether a particular PowerShell script was signed at a certain time. The majority of certificates remain valid for a period of one year. Once the date of expiration comes closer, the usage of this parameter doesn’t allow the code itself to expire. You are then able to use it as long as it hasn’t been modified. If a modification has been conducted, then you’ll have to sign it again using a valid certificate.

 

9. Set-Execution Policy

set execution policy
http://2.bp.blogspot.com/-DvqcAZzw_RM/T3GzmL_CRXI/AAAAAAAAAG4/b89yOhFrUIg/s1600/2.jpg
You are capable of creating and executing PowerShell scripts as you want. However, Microsoft no longer supports scripting by default. This has been done to prevent any malicious code from getting executed in a PowerShell setting. This command can then be used to control the security level of the PowerShell scripts. There are four different layers of security, ranging from Unrestricted to Restricted, Remote Signed to All Signed. This kind of flexibility is much-need in a PowerShell security script, and you can set them with the help of the Set-Execution Policy command along with the policy name.

 

10. Set-AuthenticodeSignature

While trying to configure a group policy object, you must sign your profile with this particular certificate. Otherwise, the security of your Windows system will be seriously undermined.
In a PowerShell environment, it is extremely important for Windows admins to secure their system via scripts, but you shouldn’t let that turn into a restriction. Thus, prior to deploying your policy, you must have a test plan in place that will ensure no problem from the signed scripts. The PowerShell security scripts listed above are indispensable since they’ll keep the system well-protected and efficient.

 

Author: Rahul Sharma

 

 

Source:
http://www.infoworld.com/article/3148664/security/10-essential-powershell-security-scripts-for-windows-administrators.html
https://www.simple-talk.com/sysadmin/powershell/powershell-day-to-day-sysadmin-tasks-securing-scripts/
http://www.techrepublic.com/blog/10-things/10-powershell-commands-every-windows-admin-should-know/
https://technet.microsoft.com/en-us/library/ee176961.aspx


FileCloud - The fastest growing enterprise file sharing and sync solution!


What’s new with Microsoft Windows Server 2016?

windows-server-2016

Developed and launched by Microsoft under the Windows NT family of OS, Windows Server 2016 works best with Windows 10 version and above. New and upgraded version of the previous Server 2012, the 2016 version has introduced many innovations and changes that only add on to the functionality of your system. Let us discuss some of the major changes in the Windows Server 2016.

Nano Server

Nano server is an installation option offered by Windows Server 2016 allows you to use the full serve GUI (graphic user interface). The Nano Server even offers a disk footprint of about 400 to 500 MB that saves a lot on disk space (a 92% reduction in the installation footprint when compared to previous versions.). You also get an extensive range of web hosting services that help you manage the workload faster. All your Nano Server workload such as Hyper-V, IIS, failover clustering etc. now run as separate containers similar to that of the Docker method discussed later.

Hyper-V

The Hyper-V feature earlier was just confined to adding virtual hardware and adjusting the RAM to a virtual system. However, the new and improved Hyper-V server offered by the SERVER 2016 has some additional features such as compatible and connected stand-by option, discreet device assignment and intelligent encryption support that offer a more comprehensive and robust support program. The Hyper-V also provides some solid host resource protection for the OS where you can add “hot add” virtual hardware, i.e. the VMs can be configured while they’re running online. Add an extra NIC or network interface card for adding an extra virtual network on your virtual computer and you’re set.

Windows Defender

The new and upgraded Windows Server 2016 features a built in anti-malware that is enabled by default unlike the previous versions where the user had to install and configure the program manually. This creates a powerful pre-installed defence system in your network that looks out for any kind of suspicious malware or threat. The Windows Defender feature of the Windows Server 2016 version is better equipped in dealing with malicious threats and viruses than any of its predecessors. This defender can run without the support of the GUI, you can even install it using the Wizard setup file.

Data Deduplication 

Sick of cleaning your hard drive getting rid of the duplicate files and other junk?! Well, the Data Deduplication feature of the Windows Server 2016 helps you with that. Using the Data Deduplication service you can control the creation of duplicate blocks thereby increasing your device’s overall storage capacity. With this feature you can also compress files faster reducing the storage capacity utilization by a 2:1 ratio. Other than that you can also boost the download speed, reduce bandwidth usage and even ensure faster data transfer if you combine the data deduplication service with Branch Cache.

Storage Services

The major storage based facilities provided by the upgraded version of the Windows Server are Central Storage QoS policies (quality of service), Storage Replicas, and Storage Space Direct features. The Storage Space Direct program introduced by Windows Server 2016 allows you to clean up the system better, removing all the unnecessary files and extend your disk space. The Storage Replica on the other hand allows a more synchronous and block-level replication of data between servers. Although it cannot multitask, the program only replicates snippets of information that can be altered with during the transfer. And the QoS helps you formulate the storage management policies better.

ADFS v4

The Active Directory Federation System ensures better security of your Windows Server 2016 by adopting a claims (token) based system for scrutinizing the identity of any device. You can now configure ADFS settings to include users who aren’t using this program as well. For instance, non-AD directories such as the X.500 complaint and Lightweight Directory Access Protocol (LDAP) from the SQL database can be authenticated by a simple ADFS configuration. This OpenID connection enables you to expand your network and allow a greater influx of information from various sources.

Containers

Containers are pretty common in the LINUX/UNIX interface and now, Microsoft is planning on using this technology. Currently the Windows team is working on the Docker development of their new Server 2016 and have introduced quite efficient Docker based containers in the system. Containers basically help you manage your work load better- you can now isolate your projects and reduce their dependence by storing them in separate compartments. There are two kinds of containers namely, windows server container and Hyper-V containers. While the Windows Server container is for smaller security or storage issues of minor projects, the Hyper-V program enables high end compartmentalization that is better suited for major projects.

iSCSI Target Server

The iSCSI Target Server is another Server 2016 program that uses the Internet SCSI standard for blocking storage facilities to other servers or apps that are sharing the same network connection with you. This update has only enhanced the functionality of the earlier 2012 version- you now get a consistent continuous storage that was earlier only available to high tech SAN devices. Thanks to iSCSI feature you can now deploy as many diskless devices as you want! This target server also offers high end continuous support in testing stage of apps that are yet to be launched in the SAN devices.

Windows PowerShell Direct 5.0

While in the earlier versions you had the Hyper-V perform the general Windows PowerShell services and administers the VMs, now you get to communicate directly with the hosts without having to bother with any of the extra coding and data transfer. You can just create and invoke a new VM name parameter to run the operation. PowerShell also doesn’t require any networking or firewall configurations. The Windows PowerShell 5.0 also includes a lot of additional security benefits that would only enhance the overall functionality of your device.

The bottom line

Windows Server 2016 is a smartly engineered program that offers the best visuals, computing facilities and security

Author: Rahul Sharma

Lesser Known Optimization Tweaks for Windows Server 2008

2008 logo windows server 2008

Windows Server 2008 has a faithful niche of users who will never trade it for anything else and these fans would argue that Windows Server 2008 is the most flexible, customizable and upgradable server OS. So if you are one of the many faithful followers of Windows Server 2008, here are some hacks, tweaks and tricks.

  1. Adjusting Server Response

Server does not usually run any form of applications from its console. Hence it is possible best to modulate all server properties and functions in a way which gives priority to all the background applications.

  1. Reset the power plan

If you plan to provide a heavy load on your server on a regular basis, then it is possibly wise to go for a new power plan which allows heavy load bearing. Although many “experts” may try to dissuade you since the Windows Server 2008 power plan is pretty balanced in itself, we have had our best engineers and experts test the theory out.

Even the best balanced power plan needs timely upgrades. You need to make sure that your power plan matches all kinds of workload changes.

  • The Folder Explorer Options found of a smart man’s server settings
  • Check: always show menus
  • Uncheck: hide Protected OS files
  • Uncheck: hide extensions for known file types
  • Uncheck: use sharing wizard
  • Uncheck: show preview handlers
  • Uncheck: hide empty drives

Here are some configurations known to increase throughput and performance.

  1. Host configuration for remote desktop sessions

Either go to the Start-Admin Tools-Remote Desktop Services Menu or simply run tsconfig from command prompt. This will give you instant access to all the remote desktop connections to your server. You can reset color depth, printer, drive and com port redirections via the RDP client setting.
<olstart=”4″>

  • Turn on your SuperFetch option

You need to turn the SuperFetch option of your Windows Server on since it is disabled in Windows Server 8 by default. Turning it on makes the OS faster and responsive to changes by tracking its own behavior patterns.

Simply follow these steps to turn your SuperFetch on

  • After creating a fresh new DWORD “EnablePrefetched” assign it a value of 3.
  • After creating another new DWORD “Enable SuperFetch” assign it a value of 3 as well.
  1. Disable your Internet Explorer enhanced security configuration

Turning your Internet Explorer enhanced security configuration off helps in making necessary changes to the Windows Server 8 OS. Internet Explorer and Windows Server 8 are very tightly coupled together and downloading other necessary software like Chrome, Firefox and drivers become really easy when you turn it off.

Simply go to the Server Manager Console – Configure Internet Explores Enhanced security Configurations – off.

  • Optimize the internet options

These following internet options are recommended by our experts for an enhanced performance.

  • Configure the first-time run options in IE.
  • Set a particular home page (can be blank or other)
  • Disable the Advanced – Enable Page Transitions option.
  • Disable the Advanced – Show friendly HTTP error messages option.
  • Disable the Advanced – Reuse Windows for launching shortcuts options.
  • Disabling the Shutdown Event Tracker

The task of tracking the purpose of all the system reboots and shutdown processes becomes superfluous while working on Windows Server 2008. So you can get rid of another unnecessary accessory which deters the shutdown process.

Start – Run – gpedit.msc

This directs you to the Group Policy editor where you expand the option of Admin Templates on your left panel. Click on System. On the right double click on the Display Shutdown Event Tracker to disable the same.

  1. Optimum configuration for remote desktop sessions host

Go to a command prompt and run tsconfig. You may as well search for the same in the Start –Admin tools – remote desktop services menu. Here you can re-configure all the remote desktop options. The settings help you to reset the color depth, drive, printer and com port settings on the remote desktop connected to your server.

Some tools could help optimize Windows Server 2008 performance

  1. The secrets of Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer is one of the many verified tools which enhance the performance of Windows Server 8. Multiple trials and studies have shown that including the Microsoft Baseline Security Analyzer to your server improves functionality of the same. It also helps in identifying multiple misconfigurations in server security settings. The latest version of the Microsoft Baseline Security Analyzer is the MBSA 2.1 which has been optimized for functioning with Windows Server 8.

Besides the few steps mentioned here you can employ a NTFS file system and refrain from running any 16-bit applications on your system to preserve the fast response rate of your Windows Server. A 64-bit Windows system does not naturally support a 16-bit application and thus does not provide the best possible performance.

At the same time you can employ at least one Server Monitoring System which will allow you to measure the output of your server’s performance. There are multiple monitoring systems which give you a real-time evaluation of your server’s volume of business, workload, CPU usage and storage utilization. There are special systems which are solely dedicated to read the performance of your server under heavy usage and the sudden spikes of activity.

Author: Rahul Sharma

10 Minor Tweaks To Enhance Windows Server Performance

After months of usage and tons of data being stored on your servers, you begin notice a slow rot in performance. Here are 10 Windows server tips that would help you improve your Windows server performance.

  1. Use an Exclusive Pagefile Drive

This is one tweak that will give you that the largest increase in server performance. A “Pagefile” is a system file that is automatically created as a form of virtual memory. Since Windows makes frequent use of this file, it is highly recommended that you place it on a dedicated drive, as opposed to a dedicated volume. Doing this makes sure that your server no longer has to wait for other applications to finish using your sever hard drive, before being able to read the pagefile data.

  1. Find and Plug Memory Leaks

Memory leaks are mostly caused by badly written or poorly tested products. By default, applications are required to send memory back to the operating system once it’s done using it. But applications that suffer from memory leak may sometime retain the memory even after it’s done using it. So logically, the app will request more memory from your OS the next time it runs, rather than using the memory it has already occupied. In the long run, this significantly reduces the amount of memory that Windows can afford to expend. As you access the leaking application(s) the long term effects of memory leakage could eventually cripple performance.

  1. Use NTFS

The New Technology File System (NTFS) might be the default file system for all servers, but offers support for FAT and FAT-32 file systems as well. Even Microsoft Certified Solutions Expert (MCSE) Certification training books always recommend using the NTFS file system for the simple reason that it is the most secure file system out there. Another critical reason for preference for NTFS systems that rarely gets mentioned is that itis a transaction-based system, which means that it enjoys improvements in speed and security, compared to FAT-file systems.

  1. Avoid 16-bit Apps

It’s obvious that a 64-bit Windows OS cannot execute 16-bit applications so avoiding 16-bit applications on a 64-bit operating systems is typically a non-issue. However, 32-bit Windows operating systems can run 16-bit app, but at the cost of efficiency, because Windows uses independent multitasking models for 16, 32, and 64-bit applications, it’s pretty safe to say that running 16-bit apps will reduce server performance.

  1. Defragment your Hard disk

Just like the hard drive in a personal computer, modern server hard drives can read data at high speeds when reading sequential data, but they are also prone to lag and reduced performance when they need to read data from random locations. Routinely defragging your disk drive will ensure that your data blocks are stored sequentially rather than at random locations, improving overall file-reading efficiently.

  1. Uninstall Rarely-accessed Utilities

Every server comes with a myriad of logging, monitoring and debugging utilities, half of which you would have never accessed. Disk space on servers is sensitive and limited, and having apps or utilities that you almost-never use just wastes your server’s resources. Remove any files and system utilities that you don’t access, and you’re bound to notice improvement in performance.

  1. Disable Rarely-used Services

As a service routine, you should go through your server’s ‘Service Control Manager,’ and disable the services that you don’t use, or don’t work well with your server. Doing this will not only increase your server’s performance, but will also enhance security as your systems will be running on a reduced number of services. This means that the smaller digital footprint will reduce the overall vulnerability of your Windows sever.

  1. Don’t forget to Log off

This is, by far, one of the simplest way to ensure that your Windows server constantly operates at optimal performance. You can save tons of memory and CPU resources by simply logging off from your server, when it’s not in use. Logging off has two benefits – it enhances security, while improving performance. Logging off from your server when your console is inactive works as an added layer of server security.

  1. Adjust Server Response

Servers and desktops share a lot of the basic fundamentals of storage and execution; in fact one of the few differences is that server applications aren’t executed from the server console. In such a case, optimizing your sever to prioritize background apps will most-likely improve overall performance.

  1. Hard Disk Compression

It might seem that there’s no longer a need to compress hard disks because of the introduction of the cloud. But recent findings have proven that hard disk compression could enhance performance. You already know that your hard drives is the slowest component in your server system, and that compressing your hard disk will not only reduce the burden or server resources, but will also reduce the amount of time your server takes to read files from the hard disk. However, hard disk compression isn’t going to work in every situation, and usually makes sense in cases where you’re running a disk-based app that depends on numerous individual files.

These tips are some Windows server-optimization best practices and might not make a significant difference on their own, but can considerably improve server performance when used collectively.

Author: Rahul Sharma

A Guide to Improve Windows File Server Performance

windows server 2012

A few modifications in the configuration of Windows Server 2012 can definitely speed up the file servers. Here are some tips:

The Windows Server 2012 and 2012 R2 both have a feature called SMB direct. This enables the use of network adaptors which have RDMA or Remote Direct Memory Access ability. The use of RDMA adaptors decreases the energy consumption by the CPU and helps the servers function at their full speed with minimum latency. The main features of the SMB direct include the following-

  • Very low CPU utilization: uses less number of CPU cycles while transferring data using the network.
  • Very low latency:  provides rapid responses to network requests.
  • High throughput:  makes sure that the network adaptors work in full coordination to transfer large amounts of data at uniform high speed without any lapses.

In spite of the presence of RDMA in the network adaptors, your file server can be overpowered by the sheer workload. So here are a few tips which will help you achieve windows server optimization with minimum efforts.

1) Switch to a high performance power plan

A consistently high workload on the server makes it quite slow. You should immediately consider switching to a high performance power plan if you want a smooth operating experience. A high performance power plan will ensure that your CPU is clocked at the highest speed irrespective of the load and it will prevent unnecessary parking of processor codes.

When the CPU is clocked at 100 percent all the time it improves the disk input and output at times of heavy load. Always be careful about your power plan as power settings have the proclivity to reset themselves after windows hotfixes are performed. So make sure you are on a Group Policy or a similar local machine policy.

How to set the power plan to a group policy?

  1. Log into your system server as a local admin.
  2. Go to the start screen and type
  3. Open a Microsoft Management Console from the results of the search.
  4. Go to the File menu and select the Add/Remove Snap-in option.
  5. Under the Available Snap-ins option, go to the Group Policy Object Editor and click on Add. Click on OK
  6. Go to the left panel and expand the Local Computer Policy and select Power Management from the available options.
  7. Double click on the Specify an Active Power Plan option in the central pane.
  8. Select Enabled and then Ok.

This is how you can activate the Group Policy on an existing file server on your system. So when the policy refreshes next this High Performance power plan will be automatically applied to the file server.

2) Disable the DOS 8.3 short file names

Did you know that your windows server carries around the dead weight of DOS 8.3 short file names? This is basically a way to enhance compatibility to older models of Windows Servers.

It is highly unlikely that you will need an 8.3 short file name for a server today. So why not disable this feature and give some extra speed to your windows server? Removal of these 8.3 names will not cause any glitch in the functioning of the file servers. And in any case the following methods give you a glimpse at the possible problems which may arise due to the removal of a DOS 8.3 short file name from the server system.

Experience shows that removing these 8.3 names can make directory indexing at least 10 times faster and the creation of files up to 60 times quicker. Disabling these 8.3 file names is a cakewalk for anyone who uses a windows server. Let us present you with a walkthrough to first check the status of the 8.3 file names and then disable the same.

How to check the status of the DOS 8.3 file names?

  1. Go to start screen and open a command prompt. You can also use the PowerShell icon on the taskbar on your desktop.
  2. Inside the window type the following: fsutil 8dot3name query d: and click ENTER. To look through other volumes you can replace d: with other volume names like c: or e:

The results obtained will be your volume state which shows whether the 8.3 name creation is active or inactive. It will also display the registry state of the files. For example, the image below shows that the creation options are disabled for both d: and g: volumes. The configuration of individual volumes is controlled by the registry state which will give you complete control over the 8.3 name creation settings of each and every volume in your system.

http://www.biztechmagazine.com/sites/default/files/BT38_OM_TIPs_Azure_Smith_Figure2.jpeg

How to disable the 8.3 name creation of the files?

  1. Disabling the 8.3 name creation is pretty easy. You can simply type out fsutil 8dot3name set d: 1 and press ENTER.
  2. To remove the DOS 8.3 names of the already existing files you can type fsutil 8.3 name strip /s /v d: and press ENTER. The /s switch is mentioned to pull files with 8.3 names whose removal can cause problems in file server function. The /v switch is dedicated to perform verbose output.

You should definitely select proper hardware to meet the daily necessary workload. You need to calculate the average load, peak load, growth plans and capacity for windows server optimization. For achieving the best possible speed you should reconsider your hardware options as well. The lack of updated hardware can cause a bottleneck of file load and this will prevent any kind of software fine tuning.

Author: Rahul Sharma

FileCloud SSO Demystified

Single Sign On or SSO is the solution that gives one-click access to all of the applications with one password. According to Wikipedia, SSO is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords.

The convenience of having a single username and password across multiple applications cannot be underestimated. Users can use one username and password across all applications. Users do not have to remember different login credentials for different sites. Users log in into one application and can have their login credentials preserved and carried over to all applications. Administrators do not have to worry about managing different set of passwords for different applications thereby reducing time, cost, and potential risks in password maintenance. Those are just few of the advantages of SSO.

FileCloud supports SSO across a range of authentication sources such as Active Directory, Active Directory Federation Services (ADFS), any SAML 2.0 protocol supported on premise identity provider, or Cloud based identity providers such as OKTA, onelogin, Centrify and much more.

NTLM SSO

NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity and confidentiality to users. The objective is to use web browser such as Internet Explorer or Google Chrome to auto login to FileCloud website using windows Active Directory Authentication. Therefore, when a user browses to http://myfileclouddomain.com the user is seamlessly logged in to FileCloud using AD credentials without asking the user to enter username and password.


NTML Authentication

In Filecloud, Active Directory authentication must be set up and NTLM SSO can be configured as follows https://www.getfilecloud.com/supportdocs/display/cloud/NTLM+Single+Sign+On+Support

ADFS SSO

Active Directory Federation Services (ADFS) is a software component that runs on windows servers to provide users with single sign-on access to applications across organizational boundaries. ADFS integrates with Active Directory Domain Services, using it as an identity provider. The objective is to have FileCloud users authenticate against ADFS, on successful authentication response from ADFS the users are logged into FileCloud.

ADFS Authentication

FileCloud integrated seamlessly with ADFS server using the federation metadata. FileCloud server acts as a Service Provider (SP) and ADFS acts as an Identity Provider (IdP). Login requests from the client web browser will be redirected to ADFS server. ADFS server authenticates the user using the ADFS datastore that can be a SQL database, AD Server or LDAP etc and returns the authentication token to successfully log in into FileCloud.

Following link https://www.getfilecloud.com/supportdocs/display/cloud/ADFS+Single+Sign+On+Support explains the step by step details on setting up ADFS and integrating with FileCloud.

 

SAML SSO

Security Assertion Markup Language (SAML) is an XML based open standard data format for exchanging authentication and authorization data between parties. As with ADFS, FileCloud acts as a Service Provider (SP) and the customer must run the Identity Provider (Idp) server.

FileCloud SAML

The following process explains how the user logs into a hosted FileCloud application through customer-operated SAML based SSO service.

  1. User attempts to reach the hosted FileCloud application through the URL.
  2. FileCloud generates a SAML authentication request. The SAML request is embedded into the URL for the customer’s SSO Service.
  3. FileCloud sends a redirect to the user’s browser. The redirect URL includes the SAML authentication request and is submitted to customer’s SSO Service.
  4. The Customer’s SSO Service authenticates the user based on valid login credentials.
  5. Customer generates a valid SAML response and returns the information to the User’s browser
  6. The customer SAML response is redirected to FileCloud.
  7. FileCloud authentication module verifies the SAML response.
  8. If the User is successfully authenticated, the user will be successfully logged into FileCloud.

Customers can run their own Identity Provider or can use one of the cloud based Identity Providers such as OKTA, One-login, Centrify etc. FileCloud can seamlessly integrate with any IdP as long as the IdP supports SAML 2.0 protocol.

The link https://www.getfilecloud.com/supportdocs/display/cloud/SAML+Single+Sign+On+Support explains the steps involved in integrating any Identity Provider with FileCloud.

In conclusion, Single Sign On (SSO) provides the convenience of a one-click login into multiple applications and websites. FileCloud supports different SSO mechanisms and will seamlessly integrate with a number of SSO Identity providers and existing SSO infrastructure.