While going through a vulnerability scan for PCI compliancy, the report noted that IIS 7 on a Small Business Server 2008 was still using SSL v2.0 instead of SSL 3.0 or TLS 1.0. To disable SSL v2.0:

1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to “0″.
7. Click OK. Restart the computer.

IIS negotiates the encryption with the client browser. An attacker could use a tool that tells the server it has only sslv2 (which is weaker) available. If you disable sslv2 it only uses v3 or tls, as requested by browser. A browser only supporting sslv2 would fail.

 This applies to Windows Server 2003, and Windows Server 2008, and both versions of SBS.

http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

I ran into an issue with a Hyper-V server with 6 NIC’s, some of the NIC’s in Network and Sharing center were being categorized as ‘unidentified network’ and giving the public designation. I could change it to private, but every reboot it would revert back. The issue with public network was that network discovery and file sharing was turned off, so even the NIC that was joined to the domain had little connectivity. Below fixed the issue.

You can change the security setting so that the network is not made public in the first place.

To do this on your local server or Vista/Windows 7 desktop , follow these steps:

1. Start –> run –> MMC –> press enter

2. In MMC console , from menu file select Add/Remove Snap-in

3. Select Group Policy Object editor –> Press Add –> select Local computer –> press OK –>press OK

4. Open Computer configration –>Windows Settings –>Security Settings –>select Network list manager policies
on the right Side you will see options for :

double click –>Unidentified networks

  Then you can select the option to consider the Unidentified networks as private and if user can change the
location

To find out what Microsoft/Windows Updates have been installed, open command prompt and type:

wmic qfe list

This will work in Windows Vista, Windows Server 2008 and Windows 7. You can also pipe it a text file if you needed to print it off or document it.