Hardening guide for Hyper-V on Windows 2008 R2 server core platform

OS installation phase

  1. Boot the server using Windows 2008 R2 bootable DVD.
  2. Specify the product ID -> click Next.
  3. From the installation option, choose “Windows Server 2008 R2 (Server Core Installation)” -> click Next.
  4. Accept the license agreement -> click Next.
  5. Choose “Custom (Advanced)” installation type -> specify the hard drive to install the operating system -> click Next.
  6. Allow the installation phase to continue and restart the server automatically.
  7. To login to the server for the first time, press CTRL+ALT+DELETE
  8. Choose “Administrator” account -> click OK to replace the account password -> specify complex password and confirm it -> press Enter -> Press OK.
  9. From the command prompt window, run the command bellow:
    sconfig.cmd
  10. Press “2” to replace the computer name -> specify new computer name -> click “Yes” to restart the server.
  11. To login to the server, press CTRL+ALT+DELETE -> specify the “Administrator” account credentials.
  12. From the command prompt window, run the command bellow:
    sconfig.cmd
  13. Press “1” to join the server to the domain -> press “D” to join to domain -> specify the domain name -> click “Yes” to restart the server.
  14. To login to the server, press CTRL+ALT+DELETE -> supply credentials of Domain admin account.
  15. From the command prompt window, run the command bellow:
    sconfig.cmd
  16. Press “5” to configure “Windows Update Settings” -> select “A” for automatic -> click OK.
  17. Press “6” to download and install Windows Updates -> choose “A” to search for all updates -> Choose “A” to download and install all updates -> click “Yes” to restart the server.
  18. To login to the server, press CTRL+ALT+DELETE -> supply credentials of Domain admin account.
  19. From the command prompt window, run the command bellow:
    sconfig.cmd
  20. In-case you need to use RDP to access and manage the server, press “7” to enable “Remote Desktop” -> choose “E” to enable -> choose either “1” or “2” according to your client settings -> Press OK.
  21. Press “8” to configure “Network settings” -> select the network adapter by its Index number -> press “1” to configure the IP settings -> choose “S” for static IP address -> specify the IP address, subnet mask and default gateway -> press “2” to configure the DNS servers -> click OK -> press “4” to return to the main menu.
  22. Press “9” to configure “Date and Time” -> choose the correct “date/time” and “time zone” -> click OK
  23. Press “11” to restart the server to make sure all settings take effect -> click “Yes” to restart the server.
  24. To login to the server, press CTRL+ALT+DELETE -> supply credentials of Domain admin account.
  25. To install the Hyper-V role, run the command bellow:
    start /w ocsetup Microsoft-Hyper-V
  26. Click “Yes” to allow the server to restart.
  27. To login to the server, press CTRL+ALT+DELETE -> supply credentials of Domain admin account.
  28. To check that the installation completed, run the command:
    oclist | find /i "Microsoft-Hyper-V"
  29. Run the commands bellow to enable remote management of the Hyper-V:
    netsh advfirewall firewall set rule group="Remote Service Management" new enable=yes

    netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes

  30. In case you install antivirus for Server Core, add the following to the antivirus exclusions:
    • Virtual machine configuration files directory. By default, it is C:\ProgramData\Microsoft\Windows\Hyper-V.
    • Virtual machine virtual hard disk files directory. By default, it is C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks.
    • Snapshot files directory. By default, it is %systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots.
    • Vmms.exe
    • Vmwp.exe

Manage Hyper-V VMs from Windows 7

  1. Login to a Windows 7 client using administrative account.
  2. Download and install the Remove Server Administration (RSAT) tools for Windows 7 from:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
  3. Open Control Panel and click Programs.
  4. Click Turn Window features on or off.
  5. Under Remote Server Administration Tools Role -> Administration Tools check Hyper-V Tools.
  6. Launch to tools by either typing Hyper-V Manager at the Start menu or go to Start ->Administrative Tools ->Hyper-V Manager.

Virtual Machine Servicing Tool 3.0

    Virtual Machine Servicing Tool 3.0 helps to update offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches.
    Download link:
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23300

Using Authorization Manager for Hyper-V Security

    Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.
    Link for more information:
    http://technet.microsoft.com/en-us/library/cc726036.aspx

2 Responses to “Hardening guide for Hyper-V on Windows 2008 R2 server core platform”

Leave a Reply

Search This Blog
Labels
NetworkedBlogs