Last Week! Get an iPad (32G), Galaxy Tab A, or $250 Off with Online Training! Dont Miss Out!

Cyber Defense Initiative® 2012

Washington, DC | Fri, Dec 7 - Sun, Dec 16, 2012
This event is over,
but there are more training opportunities.

SEC505: Securing Windows and Resisting Malware

Sun, December 9 - Fri, December 14, 2012

If you think you know Windows, take this Windows security class - your review of your own skills and understanding will be challenged, for the better!

Matthew Stoeckle, Nebraska Public Power District

You have the best instructors available. Other training never comes close and is a waste of money.

Steve Sauro, McDermott Will and Emery

In April of 2014, Microsoft will stop releasing any new security patches for Windows XP. Like it or not, migrating off Windows XP is no longer optional, the clock is counting down. The Securing Windows and Resisting Malware course is fully updated for Windows Server 2012, Windows 8, Server 2008-R2, and Windows 7.

This course is about the most important things to do to secure Windows and how to minimize the impact on users of these changes. You'll see the instructor demo the important steps live, and, if you bring a laptop, you can follow along too. The manuals are filled with screenshots and step-by-step exercises, so you can do the steps alongside the instructor in seminar or later on your own time if you prefer.

We've all got anti-virus scanners, but what else needs to be done to combat malware and intruders using Advanced Persistent Threat (APT) techniques? Today's weapon of choice for hackers is stealthy malware with remote control channels, preferably with autonomous worm capabilities, installed through client-side exploits. While other courses focus on detection or remediation, the goal of this course is to prevent the infection in the first place (after all, first things first).

Especially in Server 2012 and beyond, PowerShell dominates Windows scripting and automation. It seems everything can be managed through PowerShell now. And if there's a needed skill that will most benefit the career of a Windows specialist, it's being able to write PowerShell scripts because most of your competition will lack scripting skills, so it's a great way to make your resume stand out. This course devotes an entire day to PowerShell scripting, but you don't need any prior scripting experience.

This course will also prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exam to help prove your security skills and Windows expertise.


Operating System and Applications Hardening day:

  • Start with Malware-Resistant software
  • Painless (or Less Painful) Patch Management
  • How Your Anti-Virus scanners can fail you
  • Windows OS and Applications Hardening tools
  • The Group Policy Management Console (GPMC)
  • INF and XML Security templates
  • How to manage Group Policy
  • WMI filtering and GPO preferences
  • Custom ADM/ADMX templates
  • AppLocker whitelisting
  • Hardening Adobe Reader
  • Hardening Internet Explorer
  • Hardening Google Chrome
  • Hardening Microsoft Office
  • Virtual Desktop Infrastructure (pros and cons)

Dynamic Access Control & Restricting Admin Compromise day:

  • Server 2012 Dynamic Access Control (DAC)
  • DAC conditional expressions
  • DAC and complying with regulations
  • Automatic File Classification Infrastructure
  • Users in the local administrators group
  • Secretly limiting the power of administrative users
  • Limiting privileges, logon rights and permissions
  • User Account Control
  • Kerberos Armoring and eliminating NTLM
  • Delegating IT power more safely
  • Active Directory permissions and auditing

PKI, BitLocker and Secure Boot day:

  • Why must I have A PKI?
  • Examples: Smart Cards, VPNs, Wireless, SSL, S/MIME, etc.
  • How to install the Windows PKI
  • Root vs. Subordinate certification authorities
  • Should you be your own root CA?
  • How to manage your PKI
  • Group policy deployment of certificates
  • How to revoke certificates
  • Automatic private key backup
  • Deploying Smart Cards
  • Best practices for private keys
  • BitLocker drive encryption
  • Windows 8 secure boot
  • TPM and USB BitLocker options
  • BitLocker emergency recovery

Dangerous Protocols, IPSec, Windows Firewall, and Wireless day:

  • Dangerous protocols: SSL, RDP, SMB, DNS
  • Isn't IPSec just for VPNs? No!
  • IPSec for TCP port permissions
  • How to create IPSec policies
  • Group Policy Management of IPSec
  • DNSSEC and DNS dynamic updates
  • Windows Firewall with advanced security
  • Configuring RADIUS Policies (NPS)
  • Wi-Fi Protected Access (WPA)
  • EAP vs. PEAP
  • Secure access to wireless networks
  • Secure access to Ethernet networks
  • Smart cards for wireless and Ethernet
  • Best practices for wireless and Ethernet

Securing IIS Web Servers day:

  • IIS server hardening
  • Configuring SSL and TLS
  • Centralized certificates and SNI
  • Securing WebDAV
  • Authentication options
  • Smart cards for web applications
  • Proper NTFS permissions and auditing
  • What are application pools?
  • Securing XML config files
  • Secure remote administration
  • Restricting webmasters
  • FTP Over SSL (FTPS)

PowerShell Scripting day:

  • What is PowerShell?
  • Running CmdLets and scripts
  • Writing your own functions
  • Writing your own scripts
  • Flow control within scripts
  • Managing the event logs
  • Managing Active Directory
  • Windows Management Instrumentation (WMI)
  • Accessing COM Objects
  • Security and execution policy

You are encouraged to bring a virtual machine running Windows Server 2012 Standard or Datacenter Edition configured as a domain controller, but this is not a requirement for attendance since the instructor will demo everything discussed on-screen. You can get a free evaluation version of Server 2012 from Microsoft's web site (just do a search on " Server 2012 evaluation trial"). You can use Hyper-V, VMware, VirtualBox, or any other virtual machine software you wish.

This is a fun course and a real eye-opener even for Windows administrators with years of experience. Whether you're taking SEC505 live or in OnDemand, get the PowerShell scripts now for the course from (go to the Downloads link). There is no prior registration required, and all scripts are in the public domain.


Course Syllabus

Jason Fossen
Sun Dec 9th, 2012
9:00 AM - 5:00 PM


The best analogy for modern network penetration is biological warfare. A vulnerable client is exploited through weak software and social engineering to install the hacker's malware. The malware opens an SSL command-and-control channel back to the attacker. This channel is used to control the initial "Typhoid Mary" computer to infect other vulnerable systems and to exfiltrate valuable data (or to destroy it). When you add stealth, self-updating features, worm-like mobility, and corporate/government sponsorship to the malware, you've got an Advanced Persistent Threat (APT) situation. You're in trouble.

We don't just want to detect hackers and malware; we want to try to prevent the case-zero compromise to begin with. Prevention comes first, and then detection and remediation come afterwards. An ounce of prevention is worth a pound of cure. Today's course is on prevention through Windows operating system and applications hardening. The aim is to try to deny hackers and malware that initial foothold inside the network, because once they're in, they're hard to clean out.

We start by choosing malware-resistant software and Windows operating systems, then we regularly update that software, limit what software users can run, and then configure that software so that its exploitable features are disabled or at least restricted to work-only purposes. Nothing is guaranteed, of course, but what if you could reduce your malware infection rate by more than half? What if your next penetration test wasn't just an exercise in embarrassment?

The trick is hardening Windows in a way that is cost-effective, scalable, and with minimal user impact. In this course we'll look at tools like Group Policy, security templates, WSUS, and SCWCMD.EXE to hopefully make it easier. In today's course and during the week, we'll see how to implement many of the SANS Critical Controls.

CPE/CMU Credits: 6

Who Should Attend
  • Windows security engineers and system administrators
  • Those who need to reduce malware and APT infections
  • Anyone who wants to implement the SANS Critical Security Controls
  • Those who must enforce security policies on Windows hosts


Malware-resistant software

  • What increases exploitability?
  • Cloud vendor relations
  • Metro apps and WinRT API
  • UEFI firmware vulnerabilities

Updating vulnerable software

  • WSUS shortcomings
  • WSUS third-party enhancements
  • Patching off-site tablets and laptops
  • Identifying rogue devices (BYOD Hell)
  • Windows App Store (Metro)

OS Hardening with security templates

  • INF vs. XML security templates
  • How to edit and apply templates
  • Security configuration and analysis
  • Security configuration wizard
  • Auditing with templates

Hardening with Group Policy

  • Group Policy Objects (GPOs)
  • Third-Party GPO enhancements
  • Pushing out PowerShell scripts
  • GPO remote command execution
  • GPO troubleshooting tools
  • Custom ADM/ADMX templates

Enforcing Critical Controls

  • Whitelisting with AppLocker
  • Hardening Internet Explorer
  • Hardening Google Chrome
  • Hardening Adobe Reader
  • Hardening Microsoft Office
  • Virtual Desktop Infrastructure (pros and cons)

Jason Fossen
Mon Dec 10th, 2012
9:00 AM - 5:00 PM


Windows Server 2012 introduced a major new security enhancement called Dynamic Access Control (DAC). If you have millions of files spread across multiple servers, how can you manage access to and auditing of these ever-changing files? How can we avoid relying on NTFS permissions and auditing alone?

DAC allows you to mark files as "Trade Secret", "PII", or as any other classification tag you need, then apply restrictions and auditing based on these hidden file tags. But it's not done with AD group memberships and NTFS alone, DAC is not an NTFS management system, there's much more. With your own custom user and computer attributes defined in Active Directory, you can implement a Data Loss Prevention (DLP) solution based on "claims" associated with your users and their various devices. You can also perform auditing this way to help comply with regulations in your industry.

Dynamic Access Control works best with Server 2012 and Windows 8, but Windows 8 is not required. There is a gentle deployment pathway as you migrate off Windows XP. You do not have to deploy Windows 8 to benefit from DAC today.

Today's course also includes more recommendations for thwarting malware and APT adversaries. Hackers and malware love it when users are members of the local Administrators group on their computers. It makes it easier for the computer to get compromised. We will talk about what's so dangerous about the Administrators group and how to either get users out of that group or to secretly curtail the power of that group.

User Account Control (UAC) helps in this regard, but there's much more to UAC than just the annoying pop-up dialog boxes (in fact, those pop-ups can be turned off). We'll also talk about the dangers of NTLM, how to get rid of it, and use Kerberos only. But even Kerberos is vulnerable to attack, so there is a new enhancement in Server 2012 called "Kerberos armoring" to deal with the problem.

Network administrators are also prime targets for hackers. The Domain Admins group is just too attractive. In today's course we'll talk about how to delegate authority safely in order to limit the scope of harm from a compromise. Using Active Directory permissions we can delegate authority to various IT groups and contractors without giving the farm away.

CPE/CMU Credits: 6

Who Should Attend
  • Windows security engineers and system administrators
  • Those who need Dynamic Access Control (DAC)
  • Those who need to reduce malware and APT infections
  • Anyone who wants to implement the SANS Critical Security Controls
  • Those who must enforce security policies on Windows hosts

Dynamic Access Control (DAC)

  • Claims-based access control and auditing
  • DAC does not require Windows 8
  • DAC conditional expressions
  • DAC and complying with regulations
  • Automatic file classification infrastructure
  • User and device identity restrictions
  • Auditing without managing SACLs
  • Central access policy deployment

Compromise of administrative powers

  • Hackers and malware LOVE administrative users
  • Partially limiting pass-the-hash attacks
  • How to get users out of the administrators group
  • Secretly limiting the power of administrative users
  • Limiting privileges, logon rights and permissions
  • User Account Control (making it less annoying)
  • Kerberos armoring and eliminating NTLM
  • Picture password on touch tablets
  • Windows Credential Manager vs. KeePass
  • Managed service accounts
  • Scheduling tasks with admin privileges

Active Directory permissions and delegation

  • Delegating authority at the OU level
  • OU as administrative firewall
  • Domains are not security boundaries
  • Active Directory permissions
  • Active Directory auditing
  • Logging attribute content changes

Jason Fossen
Tue Dec 11th, 2012
9:00 AM - 5:00 PM


Public Key Infrastructure (PKI) is not an optional security infrastructure anymore. Windows Server includes a complete built-in PKI for managing certificates and making their use transparent to users. With Windows Certificate Services you can be your own private Certification Authority (CA) and generate as many certificates as you want at no extra charge.

Digital certificates play an essential role in Windows security: IPSec, EFS, secure e-mail, SSL/TLS, Kerberos authentication with smart cards, smart card authentication to IIS and VPN servers, script signing, etc. They all use digital certificates. Everything needed to roll out a smart card solution, for example, is included with Windows except for the cards and readers themselves, and generic cards are available in bulk for cheap.

You also have to encrypt your laptops and portable drives to stay in compliance, but why spend a fortune on third-party products when BitLocker is built into Windows already? BitLocker is manageable through Group Policy and from the command line. BitLocker has automatic encryption key archival features for recovery, requires little or no user training, and can be used to encrypt portable USB drives. If you have a TPM chip in your motherboard, it can help BitLocker to detect rootkits, but note that a TPM chip is definitely not required to use BitLocker.

With UEFI firmware and Windows 8, you can also use Secure Boot to help fight off bootkits and other malware too.

Planning a PKI or data encryption project isn't easy, and mistakes and redeployments can be costly, so this course, in part, is designed to assist in the planning process to help avoid these mistakes. If you're not encrypting tablets, laptops and portable drives now, you will be soon.

CPE/CMU Credits: 6

Who Should Attend
  • Anyone who needs a whole drive encryption solution
  • Anyone who needs to encrypt data on portable drives
  • Anyone deploying a Windows smart card solution
  • Anyone who needs digital certificates on Windows hosts
  • Anyone widely deploying SSL or S/MIME certificates
  • Anyone deploying or managing a PKI with Windows


Why must I have a PKI?

  • Not optional anymore; You don't have a choice.
  • Windows security designed for PKI
  • Examples: Smart cards, IPSec, WPA wireless, SSL, S/MIME, etc.
  • Biometrics and PKI were made for each other.

How to install the Windows PKI

  • Root vs. Subordinate certification authorities
  • Should you be your own root CA?
  • Custom certificate templates
  • Controlling certificate enrollment

How to manage your PKI

  • Group policy deployment of certificates
  • Group policy PKI settings
  • How to revoke certificates
  • Automatic private key backup
  • Delegation of authority

Deploying Smart Cards

  • Everything you need is built-in
  • Smart card enrollment station
  • Group Policy deployment

BitLocker drive encryption

  • Secure Boot (Windows 8)
  • TPM and USB options
  • Emergency recovery
  • Group Policy management
  • Best practices for BitLocker

Jason Fossen
Wed Dec 12th, 2012
9:00 AM - 5:00 PM


Are you using Remote Desktop Protocol (RDP), DNS name resolution, or the File and Print Sharing (SMB) protocol? You shouldn't really trust them, they are hacker favorites. Do you have an 802.11 wireless network with just a pre-shared key? There's much more to wireless and Ethernet security than just key length. Today's course is on securing wireless and wired network access, hardening vulnerable protocols and ports, and using the Windows Firewall with IPSec.

You don't need third-party host firewalls anymore; the built-in Windows Firewall can be managed through Group Policy and is deeply integrated with IPSec.

IPSec is not just for VPNs. IPSec can authenticate users in Active Directory to implement share permissions for TCP and UDP ports based on the user's global group memberships. IPSec can also encrypt packet payloads to keep data secure. Imagine configuring the Windows Firewall on your servers and tablets to only permit access to RPC or SMB ports if 1) the client has a local IP address, 2) the client is authenticated by IPSec to be a member of the domain, and 3) the packets are all encrypted with AES. This is not only possible, but is actually relatively easy to deploy with Group Policy. We will see exactly how to do this in seminar.

But if the firewall allows the use of RDP, DNS and SMB, then the firewall by itself can't secure these dangerous protocols, they have to be hardened with DNSSEC, SMBv3 encryption, IPSec, and SSL. Many applications rely on SSL, but this ancient protocol is no silver bullet, it's better to upgrade to a recent version of TLS. And as more of our servers are moved out to the cloud, we will rely on SSL, RDP and IPSec even more.

Windows Server includes a built-in RADIUS service that can be used to regulate access to your wireless access points, managed Ethernet switches, and VPN gateways. Everything you need for a WPA2 wireless network solution, including certificate-based PEAP authentication, is built into Windows for free. This week we will see how to set it all up, step-by-step, including the PKI.

CPE/CMU Credits: 6

Who Should Attend
  • Anyone who needs to secure network traffic in Windows LANs
  • Anyone who wants to use IPSec for more than just VPNs
  • Anyone who needs to secure an 802.11 wireless network
  • Anyone who needs to understand Windows RADIUS


Dangerous protocols

  • SSL weaknesses
  • RDP credentials exposure
  • SMBv3 native encryption
  • NetBIOS and LLMNR
  • DNS dynamic updates
  • DNS sinkholes

Windows Firewall and IPSec

  • Group Policy management
  • Metro app and service awareness
  • Location awareness
  • IPSec integration

Why IPSec?

  • IPSec is NOT just for VPNs!
  • More secure than SSL
  • User/computer authentication
  • Transparent to users
  • No user training required
  • NIC hardware acceleration
  • Compatible with NAT

Creating IPSec policies

  • Require vs. prefer encryption
  • Share permissions on TCP ports
  • IDS/IPS compatibility options
  • IPSec-based encrypted VLANs
  • Group Policy management
  • Scripting for stand-alones

Securing Wireless Networks

  • Wi-Fi Protected Access (WPA2)
  • Pre-shared key weaknesses
  • DoS attack vulnerabilities
  • Rogue access point detection
  • BYOD and network bridging
  • Wireless best practices

RADIUS for Wireless and Ethernet

  • Certificate authentication and PKI
  • How to use smart cards
  • EAP vs. PEAP
  • 802.1X for Ethernet switches
  • Account lockout DoS attacks
  • Group Policy configuration of clients

Jason Fossen
Thu Dec 13th, 2012
9:00 AM - 5:00 PM


Of all the servers you manage, your Internet-facing IIS servers are probably the most at risk. IIS is a magnet for hackers, so great care must be taken in planning how to deploy and configure Microsoft's notorious HTTP and FTP server.

In this course, we will talk about how to harden the OS, how to strip IIS down to its essentials to reduce its attack surface, how to enforce authentication and authorization rules, how to implement application-layer HTTP/FTP filtering rules, and in general how to help keep your website from becoming another victim statistic.

During the day, the Code Red worm will be used as an example of an exploit, which could have been easily blocked through proper configuration even if the patch for Code Red had not been applied prior to the attack. IIS security is much more than just setting up a firewall and applying patches; it's about proactively anticipating tomorrow's attacks and being ready for them. Using free Microsoft add-ons, like URL Rewrite, we can do our own application-layer firewalling and satisfy some PCI requirements at the same time.

We will also see how to require SSL/TLS for the greatly improved FTP service and how to configure an FTP server farm to provide secure remote access to internal file servers.

The demand for IIS security personnel is great because IIS is so widely deployed. As more and more of your previously-internal servers are pushed out to cloud providers as VMs, you'll want to know how to harden them, your IaaS cloud provider will not do it all for you. If you're new to IIS, this course will get you up to speed.

CPE/CMU Credits: 6

Who Should Attend
  • Anyone who manages the security of IIS servers
  • IIS webmasters and application developers
  • Anyone who needs an FTP-over-SSL solution
  • Anyone using WebDAV with IIS
  • Anyone who uses the new IIS interface and XML system


Server Hardening

  • Security templates and Group Policy
  • Service packs and hotfixes
  • Website location
  • Dangerous files
  • Dangerous services
  • WebDAV
  • Protocols and bindings
  • TCP/IP parameters
  • IPSec filtering and authentication

XML configuration system

  • The metabase is gone
  • How the XML configuration files work
  • The new GUI management interface

IIS Authentication and Authorization

  • Anonymous, basic, digest, Kerberos, and NTLM authentication
  • Smart Card certificate authentication to IIS
  • IIS/HTTP permissions
  • NTFS permissions and auditing
  • Running scripts and binaries on IIS
  • How to configure SSL/TLS
  • Centralized certificates and SNI

Web-based applications

  • Worker processes
  • Application pools
  • Buffer overflow attacks
  • URL Rewrite Module
  • Request filtering
  • Process isolation techniques

Logging and auditing

  • Event viewer logs
  • IIS logs and accounting
  • Hacking signatures in logs
  • SSL connection logging
  • Securing log files


How to configure FTPS

FTPS clients and issues

Jason Fossen
Fri Dec 14th, 2012
9:00 AM - 5:00 PM


PowerShell is Microsoft's upgrade for the old CMD.EXE shell and a Perl-like scripting language for it too. PowerShell is available as a free download for Windows XP/2003/Vista and is built into Windows 7 and later operating systems by default (get the latest version from In Server 2012 especially, everything is PowerShell, PowerShell, PowerShell...

PowerShell takes the best features of UNIX shells, like ksh and bash, and then blows them out of the water. What's the big deal? PowerShell rides on top of the .NET Framework; hence, the entire .NET class library is available at the command prompt. And, when PowerShell scripts and tools pipe data into other PowerShell scripts and tools, it's not plain text that gets piped, but entire .NET objects, including all their properties and methods.

PowerShell is the future of administrative scripting on Windows. For example, Exchange Server and Operations Manager have graphical management tools, but these tools are really just GUI wrappers for PowerShell commands. There are also PowerShell cmdlets for IIS, Server Manager, AppLocker, Active Directory, Server Core, and more. Microsoft has promised that other products will be PowerShell-ized too, so the long-term trend is clear: almost everything in Windows will eventually be manageable through PowerShell.

What about managing older systems and software? PowerShell can access scriptable COM objects just like VBScript and JavaScript too. This means you can use PowerShell with Windows Management Instrumentation (WMI), Active Directory Services Interface (ADSI), ActiveX Data Objects (ADO), and other COM interfaces. So while VBScript gives you COM, PowerShell gives you both .NET and COM.

And just like the old CMD shell, PowerShell is also designed to run built-in binaries, like WMIC.EXE, NETSH.EXE, SC.EXE, etc., but with a scripting language that's far more flexible than CMD batch scripting. What does the PowerShell scripting language look like? It looks a little bit like Perl or C#, but it's much easier to learn.

During the course we will walk through all the essentials of PowerShell together. The course presumes nothing. You don't have to have any prior scripting experience to attend. And, most importantly, be prepared to have fun - PowerShell is just plain cooooooool...

CPE/CMU Credits: 6

Who Should Attend
  • All Windows administrators who use the command line
  • Windows administrators that want to use scripting
  • Batch file coders looking to upgrade or avoid obsolescence
  • UNIX admins who want to feel more at home on Windows
  • Anyone who writes scripts for Windows - PowerShell is the future!

Overview and security

  • What is PowerShell?
  • Why should I learn it?
  • Why is everything in Windows getting PowerShell-ized?
  • Signing scripts and execution policy

Getting around inside PowerShell

  • Built-in help system
  • Built-in graphical editor
  • Aliases for CMD and bash users
  • Running cmdlets, functions, and scripts Piping objects instead of text Using properties and methods of objects

Example commands

  • Active Directory scripting
  • Searching event logs
  • Parsing nmap XML output

Write your own scripts

  • Writing your own functions
  • Flow control: if-then, do-while, foreach, switch Accessing COM objects like in VBScript How to pipe data in/out of scripts

Windows Management Instrumentation (WMI) What is WMI and why is it so powerful?

  • WMI queries and remote command execution Searching remote event logs faster Inventory installed software Sample scripts to walk through together

Additional Information

Please note that bringing a laptop is optional, but recommended, and it's nice to bring a CD-ROM drive too.

Should I use a Virtual Machine?

Yes, in fact, using a virtual machine is preferred. Windows 8 Pro and Enterprise both include Hyper-V. You can also obtain VMware Player or Oracle VirtualBox for free.

How should my virtual machine be configured?

Please install Windows Server 2012 Standard or Datacenter Edition in your VM.

If you want to have a second VM running Windows 8 or Windows 7, then that is useful too, but certainly not required. The host computer can be anything.

You can download a free trial version of Windows Server from Microsoft (just do an Internet search on " windows server trial eval" ). Remember that Server 2012 is 64-bit only, so your laptop and VM software will need to support 64-bit virtual machines.

Additionally, the Server VM should have a static IP address (perhaps and have the primary DNS server set to this same IP address, i.e., you will be your own DNS server. Afterwards, use the Server Manager tool to install the Active Directory Domain Services role. Along the way, install the DNS service when prompted to do so, and choose any domain name you wish (perhaps "testing.local"), but don't use your organization's real domain name.

Specific instructions for installing Active Directory are below.

What if I do not have a laptop or Windows Server Virtual Machine?

You are very welcome to attend the course if your VM does not meet the above specifications or if you cannot bring a laptop at all. The manuals are filled with screenshots and the instructor will be demonstrating software on a projection screen, so you will not miss out. Typically, 50% of the audience will not have laptops with Windows Server configured as a domain controller, so you will not be alone; however, the course is much more enjoyable and educational if you have Windows Server in a VM with you.

What if I am new to scripting?

You do not need any scripting background whatsoever to attend the course. We will spend the last day going through scripts written in PowerShell together. Half of the other attendees will be new to scripting as well.

How do I configure a static IP address in my Windows Server virtual machine?

Open Control Panel in the virtual machine, not on your host computer > Network and Sharing Center > Change adapter settings > right-click your network interface > Properties > select Internet Protocol Version 4 (TCP/IPv4) > Properties > configure that adapter with a static IP address ( and set both DNS servers for that adapter to be your own IP address (

How do I install Active Directory in my Server 2012 virtual machine?

Open the Server Manager tool in the virtual machine > select your Local Server > Manage menu > Add Roles and Features > Next.

Select "Role-based or feature-based installation" > Next > choose "Select a server from the server pool" and make sure your own local server is highlighted > Next.

Check the box for "Active Directory Domain Services" > click the "Add Features" button.

Check the box for "DNS Server" > click "Add Features" button > Next > Next (there are no extra features to be installed now).

Click Next repeatedly until you can click Install > click the Install button > Close.

Wait a few minutes for Active Directory Domain Services to install. (If you are prompted to provide the path to the installation media, and if you have mounted the DVD or ISO file on drive letter "D:", then click the link at the bottom to provide an alternate path of "d:\sources\sxs".)

Go back to Server Manager, click the triangle notification near the flag at the top to see the progress of the installation of the role. Every minute or so, click the circular double-arrow refresh button and pull down the triangular alert menu again. Eventually, when it finishes, you will see and then click on "Promote this server to a domain controller".

Select "Add a new forest" > enter "testing.local" as the root domain name (or any domain name you wish) > Next.

Select forest and domain functional levels of "Windows Server 2012". Enter a password of "Sans*8" for the DSRM password (or anything you'll remember) > Next.

If you get an error concerning the DNS configuration, ignore it > Next.

Leave the NetBIOS name to the default > Next.

Leave the folder locations to their defaults > Next.

Next > Install. Ignore any error messages concerning DNS, cryptography, or anything else which does not block the installation process. Reboot the server VM after the install is finished.

Log onto your new domain controller with the same password you had before > launch Server Manager (if it does not run automatically) > Tools menu > Active Directory Users and Computers. If this tool launches successfully, you have promoted the server to a domain controller successfully. If the tool does not launch, or if other errors have blocked the installation, please search the Internet with the relevant keywords or error code numbers to find a fix, or, it may be simpler to just reinstall again (after confirming that your networking and DNS settings are correct).

If you have additional questions about the laptop specifications, please contact

  • Windows security engineers and system administrators
  • Anyone who wants to learn PowerShell
  • Anyone who wants to implement the SANS Critical Security Controls
  • Those who must enforce security policies on Windows hosts
  • Anyone who needs a whole drive encryption solution
  • Those deploying or managing a PKI or smart cards
  • IIS administrators and webmasters with servers at risk