Archive for the 'Security Configuration' Category

Disable SEHOP

For security reasons, sick Windows Server 2012 by default has enabled Structured Exception Handling Overwrite Protection (SEHOP) for all applications and services. This can lead to problems when running games and applications. In case you encounter applications crashing with exception code 0xC0000005 (EXCEPTION_ACCESS_VIOLATION), cure use the steps below and the Disable DEP page to disable these security features.

1. Open the Start screen, check enter regedit and press Enter to start the Registry Editor.
Open the Registry Editor via the Start screen

2. In the Registry Editor navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerKernel, double click the DisableExceptionChainValidation value to open the editor and change its value to 1.
Set DisableExceptionChainValidation to "1"

3. Click OK to save the value change and restart your computer to apply the configuration change.

 

Continue to get your infrared transceiver working or get back to the main page


Disable DEP

For security reasons, Windows Server 2012 by default has enabled Data Execution Prevention (DEP) for all applications and services. This can lead to problems when running games and applications. In case you encounter applications crashing with exception code 0xC0000005 (EXCEPTION_ACCESS_VIOLATION), use the steps below and the Disable SEHOP page to disable these security features.

1. Open the Start screen, right click the Computer tile and click Properties in the bar below.
Open System Settings via the Start screen

2. In the System Settings, click Advanced system settings in the left pane, go to the Advanced tab and click Settings in the Performance section. Next in the Performance Options window, go to the Data Execution Prevention tab and select Turn on DEP for essential Windows programs and services only.
Turn on DEP for essential Windows programs and services only

3. Finally click OK in both windows to save the configuration change and restart your computer to apply it.

 

Continue to also disable Structured Exception Handling Overwrite Protection (SEHOP)…


Windows 8 Apps

After installing the Desktop Experience feature, the Store will appear in the Start screen. However, if you try to open it, it will notify that it is not possible for the Built-in Administrator account to open it.

Cannot open Store using Built-in Administrator account.

There are two methods which can be used to enable the Windows Store for the Built-in Administrator account.

Method 1

(Thanks to Lotusisrael. Will be changed to a visual version later)

Enable the User Account Control for the Administrator account: Open Local Security Policy, go to Local Policies –> Security Options –> User Accoumt Control: Admin Approval Mode for the Build-in Administrator Account, and click Enabled.

More info at the forum.

Method 2

We will create a new user, assign Administrator rights to this user and finally disable the Administrator account. This way we have configured the user security configuration just like Windows 8 with as result that we can use the Windows 8 AppStore and Windows 8 (Metro) applications.

1. Open the Start screen, type lusrmgr.msc (with as first character an L, not a capital i) and press Enter to open the Local Users and Groups management console.
Open "lusrmgr.msc" via the Start screen

2. In the management console in the left pane, click the Users section and then in the right pane right click in an empty spot and choose New User.
Create new user via the Local Users and Groups management console

3. Enter information for the new user. If you do not want to use a password, first follow the Password Restrictions instructions to disable enforcement of strong passwords. In case you do not want the password to expire, uncheck User must change password at next logon and check the Password never expires checkbox. This option is also checked by default when you create a new account via PC Settings in the Windows 8 Charms bar. After you finished filling in the fields, click Create. The same window will reappear to create another new user, but click the Close button.
Enter information to create new User

4. Now double click the newly created account, go to the Member Of tab, click Add and type Administrators in the Enter the object names to select text field. Finally confirm the group selection by clicking OK and save the settings by clicking OK again in the user properties window. We have now added the newly created user to the Administrators group.
Add user to Administrators group

5. Sign out the Administrator and login with the newly created user.
Windows Server 2012 login screen

6. After logging in, again go to the Local Users and Groups management console by typing lusrmgmt.msc in the Start screen and pressing Enter.
Open "lusrmgr.msc" via the Start menu

7. In the left pane click the Users section, then double click the Administrator user to open its properties. Finally, check the Account is disabled checkbox and click OK. You now successfully disabled the Built-in Administrator account so it won’t show up again in the logon screen.
Disable Built-in Administrator account

8. Now you can open the Windows 8 Store or any other Windows 8 App without problems!
Windows Server 2012 Store

 

Continue to get the default applications from Windows 8 installed in Windows Server 2012…


Internet Explorer Enhanced Security Configuration

By default, Windows Server 2012 protects against attacks via the browser by greatly limiting the browsers’ possibilities. This is useful for servers, however if you want to use it for normal web browsing, it is desired to turn this security feature off.

To turn this feature off, open the Server Manager, select Local Server in the left pane and click at the On link behind the IE Enhanced Configuration setting in the PROPERTIES section. Next, switch the setting to Off for both Administrators and Users to disable it for both user groups. Save the changed values by clicking OK.

Disable IE Enhanced Security

 

Continue to set performance for Applications…


Converter

To automate the whole process of converting Windows Server 2012 to a Workstation, order neige and his team The Horsemen created a converter application.

The download link and more information about the development can be found at the forum: MICROSOFT SERVER CONVERTER 2012.

Disable Shutdown Event Tracker

1. Open the Start screen and enter gpedit.msc to start searching applications. Click the found result to open the Local Group Policy Editor.
Search the Start screen for "gpedit.msc"

2. In the left pane in Computer Configuration expand Administrative Templates and click the System section. In the right pane search for the Display Shutdown Event Tracker policy.
Find the "Shutdown Event Tracker" policy

3. Open this policy, ampoule set its setting to Disabled and click OK.
Disable Shutdown Event Tracker

 

Continue to disable the Internet Explorer Enhanced Security feature


Disable Strong Password Enforcement and Password Aging

By default Microsoft Windows Server 2012 enforces users in the Administrators group to use strong passwords. Home users often just want to create their own passwords or leave them blank.

1. Open the Start screen and click the Administrative Tools icon.
Administrative Tools at Start screen

2. In Administrative Tools folder, pharmacy double click the Local Security Policy icon, recipe expand Account Policies and click Password Policy. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
Disable password complexity requirements

3. Optionally you can also choose to never let passwords expire. To do this open the Maximum password age policy and set set the value to 0. Click OK to apply the change.
Disable password aging

 

Continue to disable the Shutdown Event Tracker…


Disable Ctrl+Alt+Del Prompt

To disable the Ctrl+Alt+Del prompt at the logon screen, buy we will disable this security feature in the Local Security Policies.

1. Open the Start screen and click the Administrative Tools icon.
Administrative Tools at Start screen

2. In Administrative Tools folder, double click the Local Security Policy icon, expand Local Policies and click Security Options. In the right pane search and open Interactive logon: Do not require CTRL+ALT+DEL and choose Enabled. Save the policy change by clicking OK.
Disable CTRL+ALT+DEL in Local Security Policy Editor

 

Continue to disable password restrictions…