Category Archives: STIG

Building My Capture and Deployment Server – Part VII – Setting up Microsoft Deployment Toolkit 2012

This is the seventh part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In Part III, I configured Network Address Translation. In Part IV, I setup Active Directory and DNS. In Part V I configured DHCP. In Part VI I configured Windows Deployment Services. In this part, I will install the Microsoft Deployment Toolkit 2012 Update 1.

Installing Microsoft Deployment Toolkit 2012 Update 1

The Microsoft Deployment Toolkit 2012 Update 1 is the final piece that needs to be installed in order to begin image creation. This is the tool where we will add Operating System images, drivers, patches, and create task sequences.

Read the rest of this entry

Advertisements

Building My Capture and Deployment Server – Part VI – Setting up Windows Deployment Services

This is the sixth part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In Part III, I configured Network Address Translation. In Part IV, I setup Active Directory and DNS. In Part V I configured DHCP. In this part, I will configure Windows Deployment Services.

Configuring Windows Deployment Services

In order to deploy images over the network, we will install Windows Deployment Services. This is a very nice tool to assist in enterprise deployments. It can be configured for multicasting to enable multiple clients to download images at the same time while using less bandwidth that point to point transfers. It also enables deployment over less reliable links making the deployment more resilient.

Read the rest of this entry

Building My Capture and Deployment Server – Part V: Setting up DHCP

This is the fifth part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In Part III, I configured Network Address Translation. In Part IV, I setup Active Directory and DNS. In this part, I will configure DHCP as one of the prerequisites for Windows Deployment Services.

Configuring DHCP

In order for machines to PXE boot they need to get an IP address, and to do that they need DHCP. The DHCP server will also have a DHCP server option set by the Windows Deployment Services configuration wizard to allow those machines to find the deployment server.

Read the rest of this entry

Building My Capture and Deployment Server – Part IV: Setting up Active Directory

This is the fourth part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In Part III, I configured Network Address Translation. In this part, I will configure Active Directory as one of the prerequisites for Windows Deployment Services.

Configure Active Directory

Since i will want to use Windows Deployment Services (WDS) to deploy images to virtual machines, I will have to install the prerequisites. There are three requirements for WDS; Active Directory, DNS, and DHCP. Luckily Active Directory also requires DNS, so we will kill two birds with one stone here.

Read the rest of this entry

Building My Capture and Deployment Server – Part III – Setting up Network Address Translation

This is the third part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In Part II, I installed Windows Server 2008 R2 x64 SP1 Enterprise Edition and did initial configurations. In this part I will configure Network Address Translation to allow the virtual machines in the development network access to the internet for patching.

Configure Network Address Translation

Since I want to keep my development network separate from my home network, I will use this server as a router/NAT to enable machines in the development network out to the internet to check for updates. In order for Network Address Translation to work, you must use the Intel E1000 NICs instead of the VMXNET3 NICs. See here for details.

Read the rest of this entry

Building My Capture and Deployment Server – Part II: Windows Server 2008 R2 install and configuration

This is the second part of my series on building my capture and deployment server. In Part I, I defined the virtual machine settings I used. In this part I will go through the install of Windows Server 2008 R2 x64 SP1 Enterprise Edition and the initial configuration.

Installing Windows Server 2008 R2 x64 SP1 Enterprise Edition

The install is a standard Windows Server 2008 R2 x64 Enterprise Edition full installation. I chose the Enterprise Edition so I would have all the roles if I needed them. In a production environment you should choose the appropriate edition to cut down on licensing cost.

Read the rest of this entry

Building My Capture and Deployment Server – Part I: Virtual Machine Settings

This is the first part of my series on building my capture and deployment server. In this post I will cover the settings I used for my virtual machines.

DEV-DC-01

DEV-DC-01 is going to be the first virtual machine in my Development environment. This virtual machine will act as the deployment and image capture server to build the first STIGed image.

Read the rest of this entry

A little bit about me

For the past 12 years, I have primarily worked in the IT field for the Department of Defense. I’ve done helpdesk, helpdesk supervisor, data warehouse developer, data analyst/report developer, and systems administration. I started this blog to document and share what I have learned about different topics in the IT field. Hopefully some of what I have learned I can pass on to others and likewise get useful feedback or alternative ways to proceed in different areas of interest to me.

Some of my areas of interest that I will no doubt be going into here are system imaging and deployment, STIGing and installing applications on STIGed servers, ITIL, data warehousing, SQL Server Integration Services, and whatever else tickles my fancy.

Due to some of my recent work, and the lack of useful resources on the internet, I’m going to be building a STIGed lab environment for testing and to work out what modifications are required to get different applications to run in a least privilege setting. One such setting is FIPS. FIPS is a U.S. government security standard that, when enabled, prevents some applications from working correctly, one of them being SharePoint. By finding these different incompatibilities and documenting them, it will both make my life easier at work as well as increase my knowledge. It will also provide a resource for others in the same situation to get their applications installed and documented.

For the record however, I am by no means a security expert nor have I ever worked in the security field. My posts come without warranty and I am in no way responsible if you bring down your network. Always test in a lab environment first. 🙂