Anyone knows that losing a password is a horrible feeling. Even more so when it is for a VPS.

Bạn đang xem: Windows server 2008 r2 kms activation

In this tutorial đoạn phim, I step you through the process of recovering the local administrator password on a Server 2008 R2 system (Note: This is an old video – this sản phẩm does work with newer versions of Windows Server). A process that can be completed in under a minute, saving you both time & money.

Disclaimer: I need to point out that Passware does not sponsor mein any way. However, this document does contain some affiliate link.

PassWare WinKey Business:Product Page

Are you protected?

‘Hmilimet, this is all well and good,’ you might say, ‘But how vày I prevent someone from breaking into lớn my servers?’

Over adecade ago,the answer was always, ensure that your servers are physically secure. Now with out-of-band management options and virtualization, that attachồng platsize has grown significantly.

Physical Access

First, let’s cover the physical aspects. Here are some common questions khổng lồ ask yourself.

Is your serverin a locked room?

I have sầu seen a lot of servers left out in the middle of an office setting, under someone’s desk, or tucked next khổng lồ the cubicle plant. A dedicated space provides not only adequate cooling & power but also the necessary security. Hollywood often paints thispicture thatdata is stolen through the firewall by some teenager wanting to lớn play Global Thermonuclear War. Often overlooked is the disgruntled employee, or some guy claiming lớn be from your I.T. department. So server rooms are essential.

Who can access the serverroom?

A VPS roomis onlysecure as its weakest point.There are a lot of VPS rooms out there that have been left unlocked. I have sầu met them.

An unlocked server room cannot be controlled. So you need khổng lồ find a way lớn control access.Traditional key locks are okay. But it doesn’t take much to lớn get these duplicated at your local hardware store. Nor does it give sầu you any form of reporting as khổng lồ who is using those keys.

Key thẻ systems arebetter asthey are generally not easy lớn duplicate. Often the readers can report baông xã whose card has been used & on what time of day. But cards can be lost or stolen.

Biometrics is a better option as fingerprints cannot be forged (well except in spy movies). I wouldhope that fingers and thumbs are not misplaced or stolen.

Like any security mechanism, a multi-tiered approach can definitely help.

How is the server room constructed?

Biometrics might control your door access. But if your hệ thống room is constructed out of drywall, windows, or has a conventional drop ceiling or crawlspace with the rest of the office, that door access control might turn into an effortless obstacle.

Piggybacking might also be an issue. This is where someone without accessfollows someone with accesstothe VPS room. At this point, locked racksare the best option. Locked racks can also work in a shared office space where a dedicated room is not possible. A locked rack is a great deterrent.

Xem thêm: Cách Chuyển Chữ Thường Thành Chữ Hoa Trong Excel, Đơn Giản Nhất

Are the servers locked?

A lockable bezel is another excellent option. The plastic bezels seem lượt thích they could be broken. A server with a metal front plate is a bonus. But we need lớn see what that bezel prevents access lớn.

A decade ago, it was quite commonplace khổng lồ see an opening on a VPS for a tape slot. That is nice và convenient, but it doesn’t lend itself to security. Many data breaches occur due to lớn lost backup tapes.

Hopefully, your server’s front panel covers everything, including the power button, optical drive, and USB ports. In my video, I was using a CD to lớn boot inkhổng lồ WinKey. But they also have a USB stick option. So, if I can force your server lớn restart and get a USB key plugged in,your hệ thống is hacked.

That brings us to the rear of the server—lots of USB ports bachồng there. And pulling the power cord will force a reboot. The only real option at this point is a lockable back door on a raông chồng.

Is their local console access?

If you have a KVM switch that requires password entry then that is just one more deterrent. Restricting access khổng lồ the video & USB ports on the bachồng of the hệ thống is a must though as technically a hacker could bypass your KVM.

Out of Bvà Access

Out of bvà management has become quite prevalent as it has matured. Products such as HP. iLO (Integrated Lights Out) & Dell RAC (Remote Access Controller) allows administrators to lớn have remote access to lớn a server as if they were sitting right next to the console.

Administrators can power onthe hệ thống, or, hard boot them. Administrators can even mount virtual CDs/DVDs và remote boot the servers from an ISO image.This creates a whole new challenge as it extends the physical attaông chồng surface out onkhổng lồ the network.

This opens a whole new phối of questions.

Are you using complex passwords?

Hopefully, there is a policy already in your network for privileged accounts. You need to make your out-of-band access accounts contain as many characters as possible. Likely, you will only need to use these tools when troubleshooting an unresponsive server or to lớn perform the remote deployment. So a password with 13+ characters shouldn’t be too cumbersome. Also, you need to lớn make sure youareusing a combination of uppers, lowers, numbers, và special characters.

Is access restricted?

Sometimes a hệ thống comes with a shared out-of-b& management port with a buy-up option lớn a dedicated port. I would always recommend getting a dedicated port. This makes it easier to then plug that port inlớn its dedicated management network or VLAN. From there, you can then control access onto that management network with access control lists.

Protecting Virtual Servers

Another extension of the physical attaông chồng plane is virtualization. With more & more servers being virtualized, this problem is only becoming more of a challenge.

The big question here is:

Who has access lớn your Hypervisor?

If a user has access to your Hypervisor, then they can power cycle servers, mount CDs, và more. When granting someone access to lớn your virtual infrastructure, practice the rule of least privilege. Only give sầu them the absolute minimum permissions required to lớn perform their job. As mentioned already, complex passwords are essential here once again. An expiration và lockout policy help too.

I hope this article has beenof great help to lớn you. These are the more common areas lớn lockdown.As many of you know, the realm of I.T. security is boundless. As always, I would love sầu to hear your feedbaông xã. Especially on measures, you have taken yourself lớn secure your servers.