Windows Server vNext - TLS improvements, make TLS 1.2 the minimum standard for different areas.
Hi Server Team, it is great to see that Server vNext has enabled only TLS 1.2 and TLS 1.3 left experimental state in Internet Options (Windows System / IE) However the remark from AriaUpdated Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community does not yet match completely / consistently in Server vNext (not even speaking about productive release as 1607 and later) I would like to plea for following changes: 1. Server vNext should enable TLS 1.2 for PowerShell 5.1. Currently it is not enabled by default an so blocking access to repositories as github, PSget, nuGet etc 2. Upgrading WSUS to Server 2022 should enable TLS for WSUS by default (I know there are no GUI or wizard changes) 3. Server vNext should enable TLS 1.2 for SQL and .net by default 4. Server vNext should use TLS 1.2 for SChannel. Every supported OS (including domain controllers) support this. You should consider to disable TLS 1.0 / 1.1 for each of these Mary Hoffman Currently I am deploying actively these changes in mixed custmer enviroments using script / GPOs ranging from Server 2008-2019, SQL 2012-2019, Exchange 2013-2019, and do not face issues that cannot mitigated. However I would expect the standards to be higher with Server 2022 in compliance with what Aria stated. Thanks for your feedback
Preview Build 17639 "DSC-Service" Feature: required DLL missing from WinSxS
Short Version: Build 17639, both the LTSC and Semi-Annual versions, is missing the following DLL in the WinSxS folder: Microsoft.Powershell.DesiredStateConfiguration.Service.resources.dll It is normally located here: C:\Windows\WinSxS\msil_microsoft.powershel..r.managed.resources_31bf3856ad364e35_10.0.14393.0_en-us_a944edf580471efa Long Version: I'm testing build 17639 of Windows Server to try out the new SQL Server support for the local pull server feature of DSC. I was trying to use the xDscWebService resource within the xPSDesiredStateConfiguration module (version 8.1.0.0), which is the "usual" way of installing a pull server, but I manually ran "Add-WindowsFeature Dsc-Service" before running the script with the xDscWebService configuration. Mostly, I did this just to check out the files, compare versions, etc. But once I ran the script, it failed with an error: PowerShell DSC resource MSFT_xDSCWebService failed to execute Set-TargetResource functionality with error message: ERROR: C:\Windows\System32\WindowsPowerShell\v1.0\modules\PSDesiredStateConfiguration\PullServer\en\Microsoft.Powershell.DesiredStateConfiguration.Service.Resources.dll does not exist This DLL is copied from WinSxS into the path in the error above when you install the Dsc-Service feature. I then compared this to a GA version of Server 2016 (non-Core but I don't think it matters), and that file does exist in WinSxS: I did check the build 17639 system and that DLL is nowhere to be found in WinSxS, or anywhere else, on that server. I created the "en" directory as described in the error, copied the DLL over from the build 14393 server shown in the picture above into that "en" directory, and the resource was then able to create the pull server successfully. Additionally, it actually functions and writes to SQL Server as promised; bonus! This post may be light on the info, sorry, but really it's just one bug report: that DLL is missing from WinSxS and is therefore not added during the installation of the Dsc-Service feature.Preview Build 17639: "DSC-Service" feature missing a DLL in WinSxS
Short Version: Build 17639, both the LTSC and Semi-Annual versions, is missing the following DLL in the WinSxS folder: Microsoft.Powershell.DesiredStateConfiguration.Service.resources.dll It is normally located here: C:\Windows\WinSxS\msil_microsoft.powershel..r.managed.resources_31bf3856ad364e35_10.0.14393.0_en-us_a944edf580471efa Long Version: I'm testing build 17639 of Windows Server to try out the new SQL Server support for the local pull server feature of DSC. I was trying to use the xDscWebService resource within the xPSDesiredStateConfiguration module (version 8.1.0.0), which is the "usual" way of installing a pull server, but I manually ran "Add-WindowsFeature Dsc-Service" before running the script with the xDscWebService configuration. Mostly, I did this just to check out the files, compare versions, etc. But once I ran the script, it failed with an error: PowerShell DSC resource MSFT_xDSCWebService failed to execute Set-TargetResource functionality with error message: ERROR: C:\Windows\System32\WindowsPowerShell\v1.0\modules\PSDesiredStateConfiguration\PullServer\en\Microsoft.Powershell.DesiredStateConfiguration.Service.Resources.dll does not exist This DLL is copied from WinSxS into the path in the error above when you install the Dsc-Service feature. I then compared this to a GA version of Server 2016 (non-Core but I don't think it matters), and that file does exist in WinSxS: I did check the build 17639 system and that DLL is nowhere to be found in WinSxS, or anywhere else, on that server. I created the "en" directory as described in the error, copied the DLL over from the build 14393 server shown in the picture above into that "en" directory, and the resource was then able to create the pull server successfully. Additionally, it actually functions and writes to SQL Server as promised; bonus! This post may be light on the info, sorry, but really it's just one bug report: that DLL is missing from WinSxS and is therefore not added during the installation of the Dsc-Service feature. Edit: Sorry, had the wrong PowerShell window capture in there...
