We put Microsoft Netmon and PowerShell v2 on those that don't have v2 natively and have a GPO to enable remoting. Netmon updates with SCCM/Windows Update and the remoting provides access. We actively hunt down people who put PDF readers on servers and yell at them as it's just one more darn thing that simply doesn't need to be there.
Steven Peck http://www.blkmtn.org On Fri, Dec 9, 2011 at 8:35 AM, David Lum <[email protected]> wrote: > Any app that gets updated regularly for security updates (a PDF reader, > etc) I wouldn’t have on my template – have a GPO or something push them > once the server is built and online. The less places you have to keep > something up to date the better.**** > > ** ** > > Dave**** > > ** ** > > *From:* John Cook [mailto:[email protected]] > *Sent:* Friday, December 09, 2011 7:49 AM > > *To:* NT System Admin Issues > *Subject:* RE: things to include in a vm server template?**** > > ** ** > > I don’t install anything that isn’t absolutely necessary so I don’t have > any PDF reader or other third party apps in my template (I don’t put a PDF > reader on any server for that matter but that’s a personal preference just > like not browsing the web with a server). I also don’t disable IPV6, it > breaks a lot of things and it can easily be turned off after the fact if > there is an issue with it. I go very basic, all Windows updates and AV and > I convert it to a VM occasionally to run updates and return it to template > state.**** > > ** ** > > *John W. Cook***** > > *System Administrator***** > > *Partnership For Strong Families* > > *5950 NW 1st Place* > > *Gainesville, Fl 32607* > > *Office (352) 244-1610***** > > *Cell (352) 215-6944***** > > *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4***** > > ** ** > > *From:* Jonathan [mailto:[email protected]] > *Sent:* Friday, December 09, 2011 10:43 AM > *To:* NT System Admin Issues > *Subject:* Re: things to include in a vm server template?**** > > ** ** > > Like I said, I was torn about Adobe Reader, but you're saying PrimoPDF is > an issue as well? Why? What vulnerability/ies does PrimoPDF expose to your > environment?**** > > ** ** > > Jonathan**** > > On Thu, Dec 8, 2011 at 6:35 PM, Sam Cayze <[email protected]> wrote:**** > > My list:**** > > Common scripts folder I use a lot**** > > A LogOff icon in the QuickLaunch. **** > > Bginfo (Altough I have a GPO doing this now).**** > > A DR Tools Folder. (Random tools I have found myself using when doing > test DR Restores. Great if you restored but are stuck in safe mode or > something)**** > > **** > > Everything else is run off a network share so I only have to update one > location**** > > **** > > **** > > Oh, and seriously get those PDF tools OFF your servers.**** > > **** > > Sam**** > > **** > > **** > > *From:* Jonathan [mailto:[email protected]] > *Sent:* Thursday, December 08, 2011 4:45 PM**** > > > *To:* NT System Admin Issues**** > > *Subject:* things to include in a vm server template?**** > > **** > > Hi everyone!**** > > **** > > It has been a while....I've been quite busy and haven't had much time to > do anything here other than occasionally lurk....**** > > **** > > I'm in the midst of building some Server 2008 R2 and Windows 7 templates > for my new vSphere 5 environment. I'm close to being done, but am thinking > about tools i should include over and above the stock OS install. I'm > interested to hear what you guys install when you build servers...**** > > **** > > For instance, perhaps things like:**** > > **** > > primopdf**** > > msinfo**** > > a telnet client, such as putty**** > > adobe reader (I'm torn on this one because of how many security concerns > there are with Adobe Reader, historically, but it sure would be handy to be > able to view a PDF on the fly)**** > > Portscanner, such as SuperScan or AngryIP**** > > **** > > I'm curious to hear about your add-ons and tweaks. I've already got the > builds pretty well tweaked for performance, but if you have any specific > tweaks that have been helpful, I'd love to hear those too. I used this as a > sort of base guide:**** > > **** > > > http://www.jasonsamuel.com/2010/05/07/how-to-build-a-vmware-vsphere-vm-template-for-windows-server-2008-r2/ > **** > > **** > > I made a few of my own modifications, but didn't stray too far from this > one. A lot of the tweaks and settings already in this made sense to me.*** > * > > **** > > Thanks,**** > > -- > Jonathan, A+, MCSA, MCSE**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > > > **** > > ** ** > > -- > Jonathan, A+, MCSA, MCSE**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > ------------------------------ > > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or > attached to or with this Notice is intended only for the person or entity > to which it is addressed and may contain Protected Health Information > (PHI), confidential and/or privileged material. Any review, transmission, > dissemination, or other use of, and taking any action in reliance upon this > information by persons or entities other than the intended recipient > without the express written consent of the sender are prohibited. This > information may be protected by the Health Insurance Portability and > Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. > Improper or unauthorized use or disclosure of this information could result > in civil and/or criminal penalties. > Consider the environment. Please don't print this e-mail unless you really > need to. > > **** > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should > not read, distribute, copy or alter this email. Any views or opinions > expressed in this email are those of the author and do not represent those > of the company. Warning: Although precautions have been taken to make sure > no viruses are present in this email, the company cannot accept > responsibility for any loss or damage that arise from the use of this email > or attachments.**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
